working on friend's dell - think it's winxp sp2
not getting through boot; icons never load and get no taskbar
I can open taskmgr using alt-cntl-del and start stuff using "new task" (what fun)

spybot, adaware, and MS antispyware all complain that there is altnet reg key, but after delete/fix it shows up in the next scan again

here is hjt log - any help is appreciated - thnx

Logfile of HijackThis v1.99.1
Scan saved at 12:24:23 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\taskman.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\DOWNLOADS\HijackThis\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: XBTB02741 - {9D3E1F75-D26F-4bf1-B68A-DF80C22A9976} - C:\PROGRA~1\RUNESC~1\RSTOOL~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: RuneScape Toolbar - {E9A345C9-3ABC-47C8-91A0-93C29C622EEB} - C:\Program Files\RuneScape Toolbar\rstoolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Autoer] C:\WINDOWS\system32\Autoer.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Suspicious file
C:\WINDOWS\system32\Autoer.exe
C:\WINDOWS\taskman.exe
Go here and submit them, post back with results
http://www.virustotal.com/flash/index_en.html

Its been a few days, post a fresh hijackthis log

This is a report processed by VirusTotal on 03/09/2006 at 00:21:07 (CET) after scanning the file "Autoer.exe" file.

Antivirus Version Update Result
AntiVir 6.34.0.53 03.08.2006 SPR/Spy.Perflogger.AZ
Avast 4.6.695.0 03.08.2006 Win32:Trojan-gen. {Other}
AVG 718 03.08.2006 no virus found
Avira 6.33.1.53 03.07.2006 SPR/Spy.Perflogger.AZ
BitDefender 7.2 03.08.2006 Trojan.Keylogger.RT.A
CAT-QuickHeal 8.00 03.08.2006 Monitor.Perflogger.az (Not a Virus)
ClamAV devel-20060126 03.07.2006 no virus found
DrWeb 4.33 03.08.2006 BackDoor.Srvlite
eTrust-InoculateIT 23.71.96 03.08.2006 no virus found
eTrust-Vet 12.4.2110 03.08.2006 no virus found
Ewido 3.5 03.08.2006 Not-A-Virus.Monitor.Win32.Perflogger.az
Fortinet 2.71.0.0 03.07.2006 Keylog/Perfect
F-Prot 3.16c 03.08.2006 no virus found
Ikarus 0.2.59.0 03.08.2006 no virus found
Kaspersky 4.0.2.24 03.08.2006 no virus found
McAfee 4713 03.08.2006 potentially unwanted program Keylog-Perfect
NOD32v2 1.1434 03.08.2006 Win32/Spy.PerfKey.N
Norman 5.70.10 03.08.2006 no virus found
Panda 9.0.0.4 03.08.2006 Trj/Keylog.BR
Sophos 4.03.0 03.08.2006 no virus found
Symantec 8.0 03.09.2006 no virus found
TheHacker 5.9.5.109 03.08.2006 Aplicacion/Perflogger.az
UNA 1.83 03.07.2006 Troajn.Spy.Win32.Perflogger
VBA32 3.10.5 03.08.2006 BackDoor.Srvlite

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

This is a report processed by VirusTotal on 03/09/2006 at 00:24:07 (CET) after scanning the file "taskman.exe" file.

Antivirus Version Update Result
AntiVir 6.34.0.53 03.08.2006 no virus found
Avast 4.6.695.0 03.08.2006 no virus found
AVG 718 03.08.2006 no virus found
Avira 6.33.1.53 03.07.2006 no virus found
BitDefender 7.2 03.08.2006 no virus found
CAT-QuickHeal 8.00 03.08.2006 no virus found
ClamAV devel-20060126 03.07.2006 no virus found
DrWeb 4.33 03.08.2006 no virus found
eTrust-InoculateIT 23.71.96 03.08.2006 no virus found
eTrust-Vet 12.4.2110 03.08.2006 no virus found
Ewido 3.5 03.08.2006 no virus found
Fortinet 2.71.0.0 03.07.2006 no virus found
F-Prot 3.16c 03.08.2006 no virus found
Ikarus 0.2.59.0 03.08.2006 no virus found
Kaspersky 4.0.2.24 03.08.2006 no virus found
McAfee 4713 03.08.2006 no virus found
NOD32v2 1.1434 03.08.2006 no virus found
Norman 5.70.10 03.08.2006 no virus found
Panda 9.0.0.4 03.08.2006 no virus found
Sophos 4.03.0 03.08.2006 no virus found
Symantec 8.0 03.09.2006 no virus found
TheHacker 5.9.5.109 03.08.2006 no virus found
UNA 1.83 03.07.2006 no virus found
VBA32 3.10.5 03.08.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Logfile of HijackThis v1.99.1
Scan saved at 6:23:17 PM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOWNLOADS\HijackThis\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Autoer] C:\WINDOWS\system32\Autoer.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)

O4 - HKLM\..\Run: [Autoer] C:\WINDOWS\system32\Autoer.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

It appears youve alreadsy fixed these
O2 - BHO: XBTB02741 - {9D3E1F75-D26F-4bf1-B68A-DF80C22A9976} - C:\PROGRA~1\RUNESC~1\RSTOOL~1.DLL (file missing)
O3 - Toolbar: RuneScape Toolbar - {E9A345C9-3ABC-47C8-91A0-93C29C622EEB} - C:\Program Files\RuneScape Toolbar\rstoolbar.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh hijackthis log please, be sure to mention any current problems.

Since AVG is being used Norton antivirus and script blocking should be uninstalled

Post reports from preferably both of these free online scan
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.

Lonny
here is the latest -
installed kaspersky, couldn't run because it's looking for a key
installed panda - had to uninstall kaspersky then uninstall norton
couldn't uninstall norton
so neither of those ran
did the HJT thing and here is the latest log

Logfile of HijackThis v1.99.1
Scan saved at 5:09:30 PM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
F:\Security\HJT\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi

I did not suggest installing more programs, i suggested getting those online scans, they do install an active x, but theres no chance that would copnflict with the onbourd antivirus

So now you have Panda, remnants of norton and avg
re-install panda, reboot the pc and uninstall it
Norton has special program's to help remove itself, you will need read a bit to find the instructions that cover your version of norton
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

the problem is that the machine in trouble will not complete the boot process;
it stops at the desktop splash, prior to loading the icons. It also won't give me a task bar (so, no start button). I am able to run programs by opening the task manager and using the "new task" button. It will recognize a usb flash drive when plugged in - that's how I get programs to the machine and the HJT logs back to the machine I'm on now. When I try to start IE from the Programs directory, nothing happens, although I can start most other programs that way.
I much appreciate your help in this BTW
Ray

I understand i think, still go throught the above instructions if possible

then with only one (updated) antivirus installed reboot to safe mode and do a full scan
do you have desktop problems in safe mode ?

just this minute got done unistalling norton
want to bring across a new hjt log: booting into safe mode I think the task bar showed for a split sec - now it's gone and won't open - can still alt-cntl-del to get the task manager


Logfile of HijackThis v1.99.1
Scan saved at 10:37:12 PM, on 3/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Security\HJT\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Uninstall either kaspersky or avg
Try Taskmanager new task and type in c:\windows\explorer.exe
What happens ?

Also Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.


CD \
Dir /s/a/b Browseui.dll,Comctl32.dll,Comdlg32.dll,Mlang.dll,Ole32.dll,Oleaut32.dll,Shdocvw.dll,Shell32.dll,Shlwapi.dll,Urlmon.dll,Wininet.dll,Setupapi.dll,explorer.exe > found.txt
Start Notepad found.txt

Run check.bat and post back with the text that will open

unstalled kaspersky (everything should be so easy)
c:\windows\explorer.exe - nothing happens (doesn't show in taskmgr process tab either)
found.txt is empty after running check.bat - I see the black DOS box for a second or two think it says FILE NOT FOUND just before closing, then a blank notepad of found.txt
avg gets errors reading MBR and BOOT SECTOR OF DISK (was going to run fdisk /mbr, but decided to run past you first)
running avg in safe mode now

Try new task c:\found.txt please
You did create check bat on C:\ correct ?

Does attempting to run internet explorer couse any errors ?

also a winpfind log
Download "save" winpfind.zip By OldTimer, from
http://www.bleepingcomputer.com/files/winpfind.php
extract the file inside to the desktop open the winpfind folder run the file
winpfind.exe click scan, post the results.

sorry - was running off flash drive
here is output after running off c:

C:\Documents and Settings\Pete\Local Settings\Temp\pft2DB~tmp\Reader\oleaut32.dll
C:\I386\BROWSEUI.DLL
C:\I386\COMCTL32.DLL
C:\I386\COMDLG32.DLL
C:\I386\MLANG.DLL
C:\I386\OLE32.DLL
C:\I386\OLEAUT32.DLL
C:\I386\SHDOCVW.DLL
C:\I386\SHELL32.DLL
C:\I386\SHLWAPI.DLL
C:\I386\URLMON.DLL
C:\I386\WININET.DLL
C:\I386\SETUPAPI.DLL
C:\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
C:\Program Files\support(2).com\backup(2)\Co\COMCTL32.DLL
C:\Program Files\support(2).com\backup(2)\Co\COMDLG32.DLL
C:\Program Files\support(2).com\backup(2)\OL\OLE32.DLL
C:\Program Files\support(2).com\backup(2)\OL\OLEAUT32.DLL
C:\Program Files\support(2).com\backup(2)\Sh\SHELL32.DLL
C:\Program Files\support(2).com\backup(2)\Sh\SHLWAPI.dll
C:\Program Files\support(2).com\backup(2)\UR\URLMON.DLL
C:\WINDOWS\explorer.exe
C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll
C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\browseui.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\shdocvw.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\shlwapi.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\urlmon.dll
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
C:\WINDOWS\$NtServicePackUninstall$\mlang.dll
C:\WINDOWS\$NtServicePackUninstall$\ole32.dll
C:\WINDOWS\$NtServicePackUninstall$\oleaut32.dll
C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll
C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll
C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
C:\WINDOWS\$NtUninstallKB821557$\shell32.dll
C:\WINDOWS\$NtUninstallKB824146$\ole32.dll
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
C:\WINDOWS\$NtUninstallKB834707$\browseui.dll
C:\WINDOWS\$NtUninstallKB834707$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB834707$\urlmon.dll
C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll
C:\WINDOWS\$NtUninstallKB867282$\browseui.dll
C:\WINDOWS\$NtUninstallKB867282$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB867282$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB867282$\urlmon.dll
C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
C:\WINDOWS\$NtUninstallKB873333$\ole32.dll
C:\WINDOWS\$NtUninstallKB883939$\browseui.dll
C:\WINDOWS\$NtUninstallKB883939$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB883939$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB883939$\urlmon.dll
C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
C:\WINDOWS\$NtUninstallKB890047$\shell32.dll
C:\WINDOWS\$NtUninstallKB890923$\browseui.dll
C:\WINDOWS\$NtUninstallKB890923$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB890923$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB890923$\urlmon.dll
C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
C:\WINDOWS\$NtUninstallKB893086$\shell32.dll
C:\WINDOWS\$NtUninstallKB894391$\ole32.dll
C:\WINDOWS\$NtUninstallKB896688$\browseui.dll
C:\WINDOWS\$NtUninstallKB896688$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB896688$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB896688$\urlmon.dll
C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
C:\WINDOWS\$NtUninstallKB896727$\browseui.dll
C:\WINDOWS\$NtUninstallKB896727$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB896727$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB896727$\urlmon.dll
C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
C:\WINDOWS\$NtUninstallKB900725$\shell32.dll
C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
C:\WINDOWS\$NtUninstallKB905915$\browseui.dll
C:\WINDOWS\$NtUninstallKB905915$\shdocvw.dll
C:\WINDOWS\$NtUninstallKB905915$\shlwapi.dll
C:\WINDOWS\$NtUninstallKB905915$\urlmon.dll
C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
C:\WINDOWS\ServicePackFiles\i386\browseui.dll
C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
C:\WINDOWS\ServicePackFiles\i386\mlang.dll
C:\WINDOWS\ServicePackFiles\i386\ole32.dll
C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
C:\WINDOWS\ServicePackFiles\i386\shell32.dll
C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
C:\WINDOWS\ServicePackFiles\i386\wininet.dll
C:\WINDOWS\ServicePackFiles\i386\setupapi.dll
C:\WINDOWS\ServicePackFiles\i386\explorer.exe
C:\WINDOWS\SYSTEM32\browseui.dll
C:\WINDOWS\SYSTEM32\comctl32.dll
C:\WINDOWS\SYSTEM32\comdlg32.dll
C:\WINDOWS\SYSTEM32\mlang.dll
C:\WINDOWS\SYSTEM32\ole32.dll
C:\WINDOWS\SYSTEM32\oleaut32.dll
C:\WINDOWS\SYSTEM32\shdocvw.dll
C:\WINDOWS\SYSTEM32\shell32.dll
C:\WINDOWS\SYSTEM32\shlwapi.dll
C:\WINDOWS\SYSTEM32\urlmon.dll
C:\WINDOWS\SYSTEM32\wininet.dll
C:\WINDOWS\SYSTEM32\setupapi.dll
C:\WINDOWS\WinSxS\InstallTemp\55227\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


also new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:10:17 AM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Security\HJT\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

You need to follow all instructions Lonny gave to you please.

Later, run Wpfind in safe mode. Also run hijackthis in safe mode and post those logs.


For now, I wonder what is in the C:\program files\internet explorer folder.

Can you have a look please?

Also for now, please run this command: (Start cmd.exe using task manager and then press enter)

sfc /scannow

You may be prompted for your install CD. Do this first and then do the rest. Let us know. We need to be more intense or we'll be here for a month.


Do you know if there were any Windows Updates or Security Patches installed right before this happened?

WinPFind has been running (in Safe Mode) for over 6 hours
is that normal?
if/when it finishes, I'll run HJT
I think they had Windows Auto Update turned on; also auto for MS Antispyware

in safe mode I ran sys file check and got
Windows File Protection could not initiate a scan of protected system files
specific error code is 0x000006ba [The RPC server is not available]

Definitely not. Wpfind is slow but not that slow. Try to end task on it for now and send me a hijackthis log from safe mode please. Then see if you can restart Wpfind and if it will run through any faster.



Can you refresh my menory please? Did you evern run a utility named smitrem on that system?

Thanks.


OK. Wait until you boot to regular winodws mode and do the sfc/ scannow again there. Everything is not availalbe in safe mode.

don't recall smitrem
will start the other stuff now

Ok good. Go ahead with the rest.

I'd like to get a look at one more key too if you can't get wpfind to finish we can see about using autoruns.


Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in your next reply here.

Logfile of HijackThis v1.99.1
Scan saved at 3:32:04 PM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Security\HJT\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101153811\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098223784888
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

just to make sure you know
the PC in trouble boots to the splash screen just before the desktop icons load; sometimes I see the what looks like the taskbar, pops up and disappears after a second and can't be pulled back up
I can start things through task mgr only (although the DOS CMD screen is also an option)

Thanks. Can you try this please?


Run cmd.exe

Then type in this command and press enter:
copy C:\windows\explorer.exe C:\windows\system

Then type in this command and press enter:
Ren C:\windows\system\explorer.exe exp.exe

Then type in this command and press enter:

C:\windows\system\exp.exe

Hopefully you'll get the explorer window. Not the desktop and taskbar though.

I want to check it out.


What this does is it copies explorer.exe to a different folder. Then it renames that copy as exp.exe
Then it tries to run exp.exe

tried all that in safe mode, nothing happens when i try to exec - task mgr performance graph shows a small 1 second spike to about 5 %, and I can see process exp.exe starting and immed ending

here's the autoruns log PART 1
HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AOL Spyware Protection File not found: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

+ AOLDialer AOL Connectivity Service Dialer America Online c:\program files\common files\aol\acs\aoldial.exe

+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgcc.exe

+ AVG7_EMC AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgemc.exe

+ BCMSMMSG Modem Messaging Applet Broadcom Corporation c:\windows\bcmsmmsg.exe

+ diagent Creative Diagnostics Agent Creative Technology Ltd c:\program files\creative\sblive\diagnostics\diagent.exe

+ dla Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswctrl.exe

+ DVDSentry DVDSentry Dell - Advanced Desktop Engineering c:\windows\system32\dsentry.exe

+ DwlClient Support Dell c:\program files\common files\dell\eusw\support.exe

+ DXDllRegExe File not found: dxdllreg.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ HostManager AOLHostManager America Online, Inc. c:\program files\common files\aol\1101153811\ee\aolhostmanager.exe

+ HP Component Manager HP Framework Component Manager Service Hewlett-Packard Company c:\program files\hp\hpcoretech\hpcmpmgr.exe

+ HP Software Update hpwuSchd Hewlett-Packard c:\program files\hp\hp software update\hpwuschd.exe

+ Microsoft Works Update Detection Microsoft® Works Update Detection Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkufind.exe

+ mmtask TODO: <File description> TODO: <Company name> c:\program files\musicmatch\musicmatch jukebox\mmtask.exe

+ MMTray mm_tray Musicmatch, Inc. c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe

+ NeroCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nwiz NVIDIA nView Wizard, Version 52.16 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ StorageGuard Sonic Update Manager Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

+ UserFaultCheck Windows Error Reporting Dump Reporting Tool Microsoft Corporation c:\windows\system32\dumprep.exe

+ ViewMgr ViewMgr Viewpoint Corporation c:\program files\viewpoint\viewpoint manager\viewmgr.exe

+ WD Button Manager WD Button Manager Western Digital Technologies, Inc. c:\windows\system32\wdbtnmgr.exe

+ XeroxScannerDaemon XrxFTPLt MFC Application c:\program files\xerox\nwwia\xrxftplt.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ America Online 9.0 Tray Icon.lnk AOL Tray Icon America Online, Inc. c:\program files\america online 9.0\aoltray.exe

+ Event Planner Reminders Tray Icon.lnk Event Planner Reminder Application Sierra Online c:\sierra\planner\plnrnote.exe

+ HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor (CUE) Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqtra08.exe

+ KODAK Software Updater.lnk File not found: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Documents and Settings\Skuter6768\Start Menu\Programs\Startup

+ Greetings Workshop Reminders.lnk gwremind Microsoft Corporation c:\program files\greetings workshop\gwremind.exe

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ AOL Fast Start America Online America Online, Inc. c:\program files\america online 9.0b\aol.exe

+ Google Desktop Search File not found: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

+ MSMSGS Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

+ SpybotSD TeaTimer System settings protector Safer Networking Limited c:\program files\spybot - search & destroy\teatimer.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Fax ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Fax Provider Microsoft Fax Optional Component Installer Microsoft Corporation c:\windows\system32\setup\fxsocm.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Desktop Explorer NVIDIA Desktop Explorer, Version 52.16 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 52.16 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ KodakShellExtension Shell Extension Resource DLL Eastman Kodak Company c:\program files\common files\kodak\ifscore\kodakshx.dll

A very few others are having the same type of problems as you. For now, please go ahead and see if you can get those other logs. I'll keep thinking and reading. We'll see if we can find anything to help.


If you can manage to get a copy of rootkit revealer and run it in regular windows mode that would be good too.

Download Rootkitreveal
http://www.sysinternals.com/utilities/rootkitrevealer.html


Extract rootkitreveal

Double click on rootkit revealer and press scan. (Start it using cmd.exe)

It will take some time to do a complete scan. When finished press file/save and post the contents of the log please.


*** When you run Rootkit reveal, start it and then leave the computer. Let the scan go. Don't use the computer.

Otherwise we'll get all kinds of junk in the report and a possible crash of the program.

Part 2

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll

+ Pop-Up Stopper &Companion Pop-Up Stopper Companion Panicware, Inc. c:\program files\panicware\pop-up stopper companion\popupus.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ RecordNow! SendToExt Shell Extensions Sonic Solutions c:\program files\sonic\recordnow!\shlext.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions RealNetworks c:\program files\real\realplayer\rpshellext.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll

+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ SST File not found: C:\Program Files\Lycos\sst.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AOL Toolbar Launcher AOL IE Toolbar DLL (UNICODE) America Online, Inc. c:\program files\aol\aol toolbar 2.0\aoltb.dll

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ AOL Search AOL IE Toolbar DLL (UNICODE) America Online, Inc. c:\program files\aol\aol toolbar 2.0\aoltb.dll

+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ AOL Toolbar AOL IE Toolbar DLL (UNICODE) America Online, Inc. c:\program files\aol\aol toolbar 2.0\aoltb.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ ComcastHSI File not found: http://www.comcast.net/

+ Help File not found: http://online.comcast.net/help/

+ Support File not found: http://www.comcastsupport.com/

+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

Task Scheduler

+ {7FBA5B9F-126F-41BD-8C21-DDA6A2769FED}_LISASTOY_Skuter6768.job Microsoft Synchronization Manager Microsoft Corporation c:\windows\system32\mobsync.exe

HKLM\System\CurrentControlSet\Services

+ Alerter Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ AOL ACS AOL Connectivity Service America Online c:\program files\common files\aol\acs\aolacsd.exe

+ AOL TopSpeedMonitor AOL TopSpeed(TM) Monitor America Online, Inc c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgamsvr.exe

+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgupsvc.exe

+ AVGEMS AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg free\avgemc.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Creative Service for CDROM Access Creative Service for CDROM Access Creative Technology Ltd c:\windows\system32\ctsvccda.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe

+ RetroLauncher Launches Retrospect automatically when scripts are waiting to run. Dantz Development Corporation c:\program files\dantz\retrospect\retrorun.exe

+ Retrospect Helper Helps Retrospect with various tasks. Dantz Development Corporation c:\program files\dantz\retrospect\rthlpsvc.exe

+ RetroWDSvc Provide Retrospect interface to Western Digital drives. Dantz Development Corporation c:\program files\dantz\retrospect\wdsvc.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe

part 3

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe

+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe

+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Corporation c:\windows\system32\svchost.exe

+ WANMiniportService Wan Miniport (ATW) Service America Online, Inc. c:\windows\wanmpsvc.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys

+ ADM8511 ADM8511 USB To Fast Ethernet Adapter NDIS 5.0 Miniport Driver ADMtek Incorporated c:\windows\system32\drivers\adm8511.sys

+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys

+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys

+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys

+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys

+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys

+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys

+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys

+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys

+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys

+ Avg7RsXP AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys

+ AvgTdi AVG Network connection watcher GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys

+ BCMModem Modem Device Driver Broadcom Corporation c:\windows\system32\drivers\bcmsm.sys

+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys

+ ctsfm2k SoundFont(R) Manager (WDM) Creative Technology Ltd c:\windows\system32\drivers\ctsfm2k.sys

+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys

+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys

+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys

+ drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys

+ E100B Intel(R) PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys

+ EL90XBC File not found: System32\DRIVERS\el90xbc5.sys

+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys

+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys

+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys

+ gameenum Game Port Enumerator Microsoft Corporation c:\windows\system32\drivers\gameenum.sys

+ GearAspiWDM File not found: system32\drivers\GEARAspiWDM.sys

+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys

+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys

+ HPZid412 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hpzid412.sys

+ HPZipr12 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hpzipr12.sys

+ HPZius12 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hpzius12.sys

+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys

+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys

+ i81x Miniport Driver for Intel Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\i81xnt5.sys

+ iAimFP0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv01nt.sys

+ iAimFP1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv02nt.sys

+ iAimFP2 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv05nt.sys

+ iAimFP3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wsiintxx.sys

+ iAimFP4 Local Flat Panel Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wvchntxx.sys

+ iAimTV0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv01nt.sys

+ iAimTV1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv02nt.sys

+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys

+ iAimTV3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv04nt.sys

+ iAimTV4 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wch7xxnt.sys

+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys

+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys

+ Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys

+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys

+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys

+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys

+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys

+ MODEMCSA Unimodem CSA Filter Microsoft Corporation c:\windows\system32\drivers\modemcsa.sys

+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys

+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys

+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys

+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys

+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys

+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys

+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys

+ omci OMCI Device Driver Dell Computer Corporation c:\windows\system32\drivers\omci.sys

+ ossrv Creative OS Services Driver (WDM) Creative Technology Ltd. c:\windows\system32\drivers\ctoss2k.sys

+ P16X WDM Audio Miniport Creative Technology Ltd. c:\windows\system32\drivers\p16x.sys

+ P3 Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\p3.sys

+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys

+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys

+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys

+ Pcouffin Patin-Couffin low level access layer for CD devices VSO Software c:\windows\system32\drivers\pcouffin.sys

+ PfModNT PCI/ISA Device Info. Service Creative Technology Ltd. c:\windows\system32\pfmodnt.sys

+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys

+ Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys

+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys

+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys

+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys

+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys

+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys

+ ROOTMODEM Legacy Non-Pnp Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\rootmdm.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys

+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys

+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys

+ StillCam Serial Imaging Device Driver Microsoft Corporation c:\windows\system32\drivers\serscan.sys

+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys

+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys

+ symlcbrd c:\windows\system32\drivers\symlcbrd.sys

+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys

+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys

+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys

+ USB_RNDIS Remote NDIS USB Driver Microsoft Corporation c:\windows\system32\drivers\usb8023.sys

+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys

+ UsbCmxp File not found: System32\DRIVERS\sacmxp.sys

+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys

+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys

+ usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys

+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys

+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys

+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys

+ VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys

+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys

+ wanatw Wan Miniport (ATW) America Online, Inc. c:\windows\system32\drivers\wanatw4.sys

+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

part 4

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll

+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll

+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll

+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\scrnsave.scr Default Screen Saver Microsoft Corporation c:\windows\system32\scrnsave.scr

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D8A4594-8F51-4948-9C67-4577A8662C5B}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D8A4594-8F51-4948-9C67-4577A8662C5B}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FF7D95B-28BB-46CD-A704-73DF64AE933D}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FF7D95B-28BB-46CD-A704-73DF64AE933D}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD294AAF-F4B8-43E3-9A25-0E9BE5837C76}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD294AAF-F4B8-43E3-9A25-0E9BE5837C76}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F700A598-1EC6-4260-BB11-4E5A25F62364}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F700A598-1EC6-4260-BB11-4E5A25F62364}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll

+ hpzlnt09 HP c:\windows\system32\hpzlnt09.dll

+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll

+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll

+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll

I asked about playing Sony CDs, and the swore they never played any music CDs on this PC
I guess there are other ways to get rootkits

I need to play taxi for my kid for about 1.5 hrs
pick up when I get back
thnx

Ok. You deserve a break! I see you have read thepost I did when you were in the middle of posting the autoruns..

there's one where she sunchs offline content.

This scheduled task>

+ {7FBA5B9F-126F-41BD-8C21-DDA6A2769FED}_LISASTOY_Skuter6768.job Microsoft Synchronization Manager Microsoft Corporation c:\windows\system32\mobsync.exe


See if she has offline content she is updating when you see her please? If not, delete that scheduled task.

So far no clues from all this information, I'll look forward to seeing if rootkit revealer tells us anything.

After you get back tomorrow,please post the logs I requested and do the sfc /scannow and then restart.

If I don't see anything then we'll go on to some disk maintenance. we'll clean out a lot of folders and I'll also ask you to look for error messages in event viewer. I'll give you those details when the time comes.

If we find no Spyware, then we'll look at the Operating System more closely.

here's the rootkit log - several weeks ago I ran this on my kids PC and don't remember this many entries showing up
trying to run sfc causes msg that WinXP cd is needed; trying to get that tomorrow - I don't know if my Pro version would work on is Home system or if it has to be the exact cd that was used to load (what with all the activation keys, etc)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/22/2004 3:06 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\SYZ_DAT 12/25/2003 10:11 PM 0 bytes Hidden from Windows API.
C:\SYZ_DAT\ali.exe 12/25/2003 10:10 PM 18.50 KB Hidden from Windows API.
C:\SYZ_DAT\cdlock.dll 12/25/2003 10:10 PM 48.00 KB Hidden from Windows API.
C:\SYZ_DAT\cpy.exe 12/25/2003 10:10 PM 28.00 KB Hidden from Windows API.
C:\SYZ_DAT\dirlist 12/25/2003 10:21 PM 366 bytes Hidden from Windows API.
C:\SYZ_DAT\dirlist.bak 3/11/2006 6:36 PM 366 bytes Hidden from Windows API.
C:\SYZ_DAT\EMF_Decrypt.exe 12/25/2003 10:10 PM 108.00 KB Hidden from Windows API.
C:\SYZ_DAT\fldrview.ocx 12/25/2003 10:10 PM 88.50 KB Hidden from Windows API.
C:\SYZ_DAT\install.exe 12/25/2003 10:18 PM 972.00 KB Hidden from Windows API.
C:\SYZ_DAT\magic.exe 12/25/2003 10:10 PM 24.00 KB Hidden from Windows API.
C:\SYZ_DAT\mf.chm 12/25/2003 10:10 PM 29.73 KB Hidden from Windows API.
C:\SYZ_DAT\mf.txx 12/25/2003 10:10 PM 21.47 KB Hidden from Windows API.
C:\SYZ_DAT\mfx 12/25/2003 10:10 PM 48.26 KB Hidden from Windows API.
C:\SYZ_DAT\MFX.CFG 12/25/2003 10:22 PM 102 bytes Hidden from Windows API.
C:\SYZ_DAT\mfx_cfg.org 12/25/2003 10:10 PM 102 bytes Hidden from Windows API.
C:\SYZ_DAT\readme.txt 12/25/2003 10:10 PM 3.27 KB Hidden from Windows API.
C:\SYZ_DAT\systray.exe 12/25/2003 10:10 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\tb.exe 12/25/2003 10:10 PM 24.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 3/11/2006 6:37 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SYSTEM32\DRIVERS\MFX.sys 12/25/2003 10:10 PM 48.26 KB Hidden from Windows API.

Thanks. That rootkit log indicates they have this software installed:
http://www.pc-magic.com/

Do you have some history on this problem? When and how did this start? Did they have Spyware which they tried to remove and then lost Explorer? Or dod they lose Explorer and then start looking for Spyware to explain the problem? Were there ever any errors?


Were you ever able to get wpind to finish?


I'd like to look at your Event logs too.
Can you run
Eventvwr.msc

When Event Viewer opens Right click on Application and click
Save Log file as And give the file a name like apps. Leave the file type alone.
By default it will save as .evt

Find apps.evt and email it to me as an attachment please.

Do the same for system Right click on system and save the log file as sys.evt

I'll load these files into my event viewer and see if there are any clues.

My email is Katie_3232AThotmail.com

Replace the AT with an @ for the email to work please.

Can you also ask them if ths install of Magic Folders or Encrypted Magic Folders is something new or if they had that installed for a while. I am wondering if this program is causing the problem. Ask them if it's ok to uninstall it please.

Read this: (although this guy gives no details.)

http://www.gamersradio.com/index.php?name=PNphpBB2&file=viewtopic&t=992&view=next&sid=eda41bd04126df4a41da8aef04cef182


Did the system come with Service Pack 2 already installed?

The bottom line is that I am not sure if they installed this on purpose or if it wsa installed by some malware to hide its activity.

Even if legit, it may still be the root cause.
I would like to see an uninstall list please.

Open hijackthis and press the config button.

Click the Misc Tools Button.
Press the Open uninstall manager button.

Click the Save List button. This will create a file named uninstall_list.txt Save the file and then open it. Post the contents here please.

I am researching more on this program.

Have a look at this page for more facts:



http://www.pc-magic.com/mfxt.htm

It looks like a legitimate install of the program. But still it could be corrupt.

Once you ask them, then you can decide if you want to try to disable it using Recovery Console as per the directions in the link.


Is Norton totally uninstalled yet?

Have a look at this page for help:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004093015165236&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

I nkow I have given you a lot of information. BUT I need to point out that exactly the same thing happened to some users a while back. It was caused by an Internet Explorer Security patch.



Blank Desktop: Windows 2000



Symptom: You logon to your computer, the taskbar briefly flashes at the bottom of the screen, but then the desktop is blank except for the UNC Charlotte logo.




The the UNC Charlotte logo in this case would be their wallpaper.

They were able to use Task Manager too.

norton is gone (per instructions)
i'm going to ask their son later today if he knows about pc-magic (i'll see him at the local supermarket where he works), etc
i'm also getting the win disks - sfc is asking for them and i don't know if anything other than their copy will cause more probs
just to make sure i don't miss anything, i'm going to run sfc in normal mode,
winpfind in safe mode and probably another hjt - and uninstall the magic stuff.
just read your last post - i think they are set up to receive and install win patches. do we know which one caused the others' probs?

You're doing a great job. It wouldn't matter which patch. The latest is the one we would look at.

These patches often replace major system files. The patch itself as Written by MS might be ok. But if they had a bad download and install, then a major system file might be corrupt. That can happen.


sfc /scannow is good. But I am not sure it would be able to fix that situation.


If would be good to have that uninstall list from hijackthis. It should include the patch information.


Either way if a majoir system file is corrupt or missing, that would do it.


You're right. You need the correct CD. All files are not the same.

here's the hjt uninstall list:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Deskbar
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller
AOL You've Got Pictures Screensaver
AVG Free Edition
BCM V.92 56K Modem
CCHelp
CCScore
Dell Digital Jukebox Driver
Dell ResourceCD
Dell Solution Center
Dell Support
Driver Detective
DS21Patch
DVD X Copy GOLD v2.5.0 (remove only)
DVDSentry
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESSgui
ESSPCD
ESSstore
ESSTUTOR
ESSvpot
Event Planner
Google Desktop Search
Google Toolbar for Internet Explorer
Greetings Workshop
Hallmark Card Studio 3 Deluxe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
hp psc 2400 series
HP Software Update
Imaginext(TM) Pirate Raider
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Kodak EasyShare software
KSU
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Standard
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft Zoo Tycoon
Mike's Monstrous Adventure
Modem Helper
MUSICMATCH® Jukebox
My Way Speedbar (Outlook and Outlook Express)
Notifier
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.1
OTtBP
Panicware Pop-Up Stopper Companion
PC Treasures-Disney/Pixar Active Play A Bug's Life
PCDLNCH
PowerDVD
QuickTime
RealOne Player
Retrospect 6.5
RuneScape Toolbar
Samsung Multimedia Studio 1.0
Samsung Music Studio
Scholastic's I SPY School Days
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy 1.3
Toy Story 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Toolbar
Zoo Vet

Let's get the dates those fixes were installed on their system.


Copy the contents of the code box to notepad.

Name the file fixes.bat

Save as Type: All files

Double click on fixes.bat to run it. It will open a text file named u.txt

Please post the contents of u.txt


cd %windir%
dir /A:D /O:D "$NtUninstall*" >p.txt
Start Notepad p.txt

i wish i could somehow connect the "broken pc" to this one and run it as some kind of virtual machine; i'm getting tired of running my flash drive back an d forth

is this what you are looking for?

Volume in drive C has no label.
Volume Serial Number is 5012-4708

Directory of C:\WINDOWS

12/17/2003 06:30 PM <DIR> $NtUninstallKB810217$
01/13/2004 01:45 PM <DIR> $NtUninstallKB817778$
01/13/2004 01:44 PM <DIR> $NtUninstallKB820291$
01/13/2004 01:43 PM <DIR> $NtUninstallKB821253$
12/17/2003 06:29 PM <DIR> $NtUninstallKB821557$
01/13/2004 01:42 PM <DIR> $NtUninstallKB822603$
12/17/2003 06:29 PM <DIR> $NtUninstallKB823182$
12/17/2003 06:30 PM <DIR> $NtUninstallKB823559$
12/17/2003 06:29 PM <DIR> $NtUninstallKB824105$
12/17/2003 06:29 PM <DIR> $NtUninstallKB824141$
12/17/2003 06:29 PM <DIR> $NtUninstallKB824146$
12/17/2003 06:29 PM <DIR> $NtUninstallKB825119$
02/15/2004 02:55 PM <DIR> $NtUninstallKB828028$
12/17/2003 06:29 PM <DIR> $NtUninstallKB828035$
08/17/2004 07:44 PM <DIR> $NtUninstallKB828741$
10/20/2004 02:47 PM <DIR> $NtUninstallKB834707$
08/17/2004 07:59 PM <DIR> $NtUninstallKB835732$
08/17/2004 07:25 PM <DIR> $NtUninstallKB837001$
08/17/2004 06:20 PM <DIR> $NtUninstallKB839643-DirectX9$
08/17/2004 06:24 PM <DIR> $NtUninstallKB839645$
08/17/2004 06:16 PM <DIR> $NtUninstallKB840315$
08/17/2004 06:21 PM <DIR> $NtUninstallKB840374$
08/17/2004 06:20 PM <DIR> $NtUninstallKB841873$
08/17/2004 06:17 PM <DIR> $NtUninstallKB842773$
02/15/2005 03:01 AM <DIR> $NtUninstallKB867282$
02/15/2005 03:01 AM <DIR> $NtUninstallKB873333$
12/16/2004 03:00 AM <DIR> $NtUninstallKB873339$
06/16/2005 02:01 AM <DIR> $NtUninstallKB883939$
02/15/2005 03:02 AM <DIR> $NtUninstallKB885250$
12/16/2004 03:00 AM <DIR> $NtUninstallKB885835$
12/16/2004 03:00 AM <DIR> $NtUninstallKB885836$
10/20/2004 02:46 PM <DIR> $NtUninstallKB885884$
12/16/2004 03:00 AM <DIR> $NtUninstallKB886185$
02/15/2005 03:02 AM <DIR> $NtUninstallKB887472$
02/24/2005 03:00 AM <DIR> $NtUninstallKB887742$
02/15/2005 03:02 AM <DIR> $NtUninstallKB888113$
02/15/2005 03:01 AM <DIR> $NtUninstallKB888302$
06/16/2005 02:00 AM <DIR> $NtUninstallKB890046$
02/15/2005 03:01 AM <DIR> $NtUninstallKB890047$
01/12/2005 08:19 AM <DIR> $NtUninstallKB890175$
04/16/2005 02:01 AM <DIR> $NtUninstallKB890859$
04/16/2005 02:01 AM <DIR> $NtUninstallKB890923$
02/15/2005 03:02 AM <DIR> $NtUninstallKB891781$
04/16/2005 02:02 AM <DIR> $NtUninstallKB893066$
04/16/2005 02:01 AM <DIR> $NtUninstallKB893086$
08/10/2005 02:02 AM <DIR> $NtUninstallKB893756$
08/10/2005 02:00 AM <DIR> $NtUninstallKB894391$
06/16/2005 02:01 AM <DIR> $NtUninstallKB896358$
06/16/2005 02:01 AM <DIR> $NtUninstallKB896422$
08/10/2005 02:01 AM <DIR> $NtUninstallKB896423$
11/09/2005 09:31 AM <DIR> $NtUninstallKB896424$
06/16/2005 02:00 AM <DIR> $NtUninstallKB896428$
10/13/2005 02:01 AM <DIR> $NtUninstallKB896688$
08/10/2005 02:01 AM <DIR> $NtUninstallKB896727$
06/16/2005 02:01 AM <DIR> $NtUninstallKB898458$
07/01/2005 02:00 AM <DIR> $NtUninstallKB898461$
08/10/2005 02:02 AM <DIR> $NtUninstallKB899587$
08/10/2005 02:01 AM <DIR> $NtUninstallKB899588$
08/10/2005 02:02 AM <DIR> $NtUninstallKB899591$
10/13/2005 02:01 AM <DIR> $NtUninstallKB900725$
10/13/2005 02:01 AM <DIR> $NtUninstallKB901017$
07/14/2005 02:01 AM <DIR> $NtUninstallKB901214$
10/13/2005 02:01 AM <DIR> $NtUninstallKB902400$
07/14/2005 02:00 AM <DIR> $NtUninstallKB903235$
10/13/2005 02:00 AM <DIR> $NtUninstallKB904706$
10/13/2005 02:01 AM <DIR> $NtUninstallKB905414$
10/13/2005 02:00 AM <DIR> $NtUninstallKB905749$
12/18/2005 03:01 AM <DIR> $NtUninstallKB905915$
01/12/2006 03:01 AM <DIR> $NtUninstallKB908519$
12/18/2005 03:01 AM <DIR> $NtUninstallKB910437$
02/18/2006 03:03 AM <DIR> $NtUninstallKB911564$
02/18/2006 03:02 AM <DIR> $NtUninstallKB911565$
02/18/2006 03:03 AM <DIR> $NtUninstallKB911927$
01/07/2006 03:01 AM <DIR> $NtUninstallKB912919$
02/18/2006 03:02 AM <DIR> $NtUninstallKB913446$
01/13/2004 01:48 PM <DIR> $NtUninstallQ322011$
01/13/2004 01:50 PM <DIR> $NtUninstallQ327979$
12/17/2003 06:30 PM <DIR> $NtUninstallQ328310$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329048$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329115$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329170$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329390$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329441$
12/17/2003 06:30 PM <DIR> $NtUninstallQ329834$
12/17/2003 06:30 PM <DIR> $NtUninstallQ810565$
12/17/2003 06:30 PM <DIR> $NtUninstallQ810577$
12/17/2003 06:30 PM <DIR> $NtUninstallQ810833$
12/17/2003 06:30 PM <DIR> $NtUninstallQ811493$
12/17/2003 06:30 PM <DIR> $NtUninstallQ814033$
01/13/2004 01:46 PM <DIR> $NtUninstallQ814995$
12/17/2003 06:30 PM <DIR> $NtUninstallQ815021$
12/17/2003 06:30 PM <DIR> $NtUninstallQ817287$
12/17/2003 06:30 PM <DIR> $NtUninstallQ817606$
12/17/2003 06:30 PM <DIR> $NtUninstallQ828026$
0 File(s) 0 bytes
94 Dir(s) 57,398,046,720 bytes free

That sure is. How long has this been going on? They installed several updates on Feb 18th. LKet;s see what the files were.

Copy the contents of the code box to notepad.
Name the file look.bat
Save as Type: All files
Double click on look.bat to run it.

This will open a file named F.txt

Please post the contents of F.txt


Dir /a /s %windir%\$NtUninstallKB911564$ >F.txt
Dir /a /s %windir%\$NtUninstallKB911565$ >>F.txt
Dir /a /s %windir%\ $NtUninstallKB911927$ >>F.txt
Dir /a /s %windir%\$NtUninstallKB913446$ >>F.txt
Start Notepad F.txt

I added a space and so need to ask you to try again. Shortly I am going to sign off. I am tired and making stupid typos. Apologies.


Create a new batch and see if this is shorter. It should be.


Dir /a /s %windir%\$NtUninstallKB911564$ >F.txt
Dir /a /s %windir%\$NtUninstallKB911565$ >>F.txt
Dir /a /s %windir%\$NtUninstallKB911927$ >>F.txt
Dir /a /s %windir%\$NtUninstallKB913446$ >>F.txt
Start Notepad F.txt

Please post the contents of f.txt

Volume in drive C has no label.
Volume Serial Number is 5012-4708

Directory of C:\WINDOWS\$NtUninstallKB911564$

02/18/2006 03:03 AM <DIR> .
02/18/2006 03:03 AM <DIR> ..
08/04/2004 02:56 AM 364,544 npdsplay.dll
02/18/2006 03:03 AM <DIR> spuninst
1 File(s) 364,544 bytes

Directory of C:\WINDOWS\$NtUninstallKB911564$\spuninst

02/18/2006 03:03 AM <DIR> .
02/18/2006 03:03 AM <DIR> ..
06/28/2005 09:23 AM 213,216 spuninst.exe
02/18/2006 03:03 AM 7,995 spuninst.inf
02/18/2006 03:03 AM 231 spuninst.txt
06/28/2005 09:23 AM 371,424 updspapi.dll
4 File(s) 592,866 bytes

Total Files Listed:
5 File(s) 957,410 bytes
5 Dir(s) 57,361,969,152 bytes free
Volume in drive C has no label.
Volume Serial Number is 5012-4708

Directory of C:\WINDOWS\$NtUninstallKB911565$

02/18/2006 03:02 AM <DIR> .
02/18/2006 03:02 AM <DIR> ..
02/18/2006 03:02 AM <DIR> spuninst
08/04/2004 02:56 AM 4,874,240 wmp.dll
1 File(s) 4,874,240 bytes

Directory of C:\WINDOWS\$NtUninstallKB911565$\spuninst

02/18/2006 03:02 AM <DIR> .
02/18/2006 03:02 AM <DIR> ..
06/28/2005 09:23 AM 213,216 spuninst.exe
02/18/2006 03:03 AM 7,817 spuninst.inf
02/18/2006 03:02 AM 203 spuninst.txt
06/28/2005 09:23 AM 371,424 updspapi.dll
4 File(s) 592,660 bytes

Total Files Listed:
5 File(s) 5,466,900 bytes
5 Dir(s) 57,361,969,152 bytes free
Volume in drive C has no label.
Volume Serial Number is 5012-4708

Directory of C:\WINDOWS\$NtUninstallKB911927$

02/18/2006 03:03 AM <DIR> .
02/18/2006 03:03 AM <DIR> ..
02/18/2006 03:03 AM <DIR> spuninst
08/04/2004 02:56 AM 67,584 webclnt.dll
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\$NtUninstallKB911927$\spuninst

02/18/2006 03:03 AM <DIR> .
02/18/2006 03:03 AM <DIR> ..
10/12/2005 06:12 PM 213,216 spuninst.exe
02/18/2006 03:03 AM 8,070 spuninst.inf
02/18/2006 03:03 AM 267 spuninst.txt
10/12/2005 06:12 PM 371,424 updspapi.dll
4 File(s) 592,977 bytes

Total Files Listed:
5 File(s) 660,561 bytes
5 Dir(s) 57,361,969,152 bytes free
Volume in drive C has no label.
Volume Serial Number is 5012-4708

Directory of C:\WINDOWS\$NtUninstallKB913446$

02/18/2006 03:02 AM <DIR> .
02/18/2006 03:02 AM <DIR> ..
02/18/2006 03:02 AM <DIR> spuninst
05/25/2005 02:04 PM 359,808 tcpip.sys
1 File(s) 359,808 bytes

Directory of C:\WINDOWS\$NtUninstallKB913446$\spuninst

02/18/2006 03:02 AM <DIR> .
02/18/2006 03:02 AM <DIR> ..
10/12/2005 06:12 PM 213,216 spuninst.exe
02/18/2006 03:02 AM 7,971 spuninst.inf
02/18/2006 03:02 AM 269 spuninst.txt
10/12/2005 06:12 PM 371,424 updspapi.dll
4 File(s) 592,880 bytes

Total Files Listed:
5 File(s) 952,688 bytes
5 Dir(s) 57,361,969,152 bytes free

I've never used HJT to uninstall - do I go to Misc Tools and highlight the item? will dlete this entry unistall the item (my guess) or just remove the entry from the list (probably not)

I don't think those updates are the cause. So we can leave them in place.


Did you ask about how this all came about? When did the problem occur and what lead up to it?


We have had segver thunder storms here all day and may have more. I'll have to leave if they startup again. If I disappear, that's what happened.

Were you able to perform the sfc /scannow and the restart?

There are several other things we may look at as well. A colleague has requested some information too. I'll post that in a bit, after I hear back on these issues.

ran sfc - no errors
ran Dell tests "cannot boot os" - all test reported as passed, although IDE Disk confidence check didn't get a checkmark - i'm rerunning that test now

never mind - it just passed

We have some choices here. One is to see if Folder Magic is a problem. Before you disable that you should ask the owner. We don't want to lose any information. I am not sure if they have encrypted folders using it depending on which version they installed.

Another is to try a batch I wrote to replace and then register some important files. Then restart.

The third would be to uninstall Service Pack 2. Restart and see if Explorer is back. You would have to reinstall SP2 again and then perform all Updates.

And a friend did ask me for some information. I should ask you to do this first for informational purposes:


Please download Registry Search 2.0 by Bobbi Flekman

http://www.xs4all.nl/~fstaal01/regsearch-us.html

1. Create a new folder and download the Regsearch.zip file into it.

2. extract the zip file to the same folder

3. Double click the Regsearch.exe file > regsearch opens

4. In the top box enter the following bold line

explorer.exe

5. Leave all the boxes ticked and click the OK button

6. as the program says "this may take some time, so please be patient"

7. eventually notepad will open with some text in it, please copy & paste that text here into your next reply.


After we get those registry search results we can go to the next step.

I'll email you the batch for later use if you want to try that next.

i'll try to get that to work overnite and post tomorrow

Great. See you then.

well it ran a lot faster than i expected so here it is

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.0.1

; Results at 3/13/2006 10:37:08 PM for strings:
; 'explorer.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\explorer.exe]
; Contents of value:
; %SystemRoot%\Explorer.exe,13
"TaskbarGroupIcon"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,\
6f,72,65,72,2e,65,78,65,2c,31,33,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE\TaskbarExceptionsIcons\WordMail\IconPath]
@="explorer.exe,16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Briefcase\shell\open\command]
@="explorer.exe %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\explore\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,65,2c,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
; Contents of value:
; %SystemRoot%\Explorer.exe,0
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,2c,30,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7020"
"InfoTip"="@explorer.exe,-7000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7021"
"InfoTip"="@explorer.exe,-7001"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7022"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7023"
"InfoTip"="@explorer.exe,-7003"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7024"
"InfoTip"="@explorer.exe,-7004"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
; Contents of value:
; %SystemRoot%\explorer.exe,-253
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,65,78,70,6c,6f,72,65,72,2e,65,\
78,65,2c,2d,32,35,33,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@explorer.exe,-7025"
"InfoTip"="@explorer.exe,-7005"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
; Contents of value:
; %SystemRoot%\explorer.exe,-254
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,65,78,70,6c,6f,72,65,72,2e,65,\
78,65,2c,2d,32,35,34,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a}\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\DefaultIcon]
@="C:\\WINDOWS\\explorer.exe,-103"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\explore\command]
@="Explorer.exe /e,/idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\open\command]
@="Explorer.Exe /idlist,%I,/L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\explore\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,65,2c,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\Shell\find\command]
; Contents of value:
; C:\WINDOWS\Explorer.exe
@=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,45,78,70,6c,6f,72,65,72,2e,65,78,65,\
00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fndfile\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,65,2c,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Publishing Folder\shell\explore\command]
@="explorer.exe /e,/idlist,%I,%L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Publishing Folder\shell\open\command]
@="explorer.exe /idlist,%I,%L"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHCmdFile\shell\open\command]
@="explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell\shell\explore\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,65,2c,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shell\shell\open\command]
; Contents of value:
; %SystemRoot%\Explorer.exe /idlist,%I,%L
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
78,65,20,2f,69,64,6c,69,73,74,2c,25,49,2c,25,4c,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\International]
"explorer.exe"="6.0.2600.0-6.0.9999.9999"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
"Bitmap"="%SystemRoot%\\explorer.exe,100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\explorer.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\explorer.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\explorer.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-21-3757089453-2358952087-4291990509-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="C:\\WINDOWS\\explorer.exe\\1"

[HKEY_USERS\S-1-5-21-3757089453-2358952087-4291990509-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-21-3757089453-2358952087-4291990509-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-21-3757089453-2358952087-4291990509-1012\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@explorer.exe,-7025"="E-mail"
"@explorer.exe,-7024"="Internet"
"@explorer.exe,-7023"="&Run..."
"@explorer.exe,-7020"="&Search"
"@explorer.exe,-7021"="&Help and Support"
"@explorer.exe,-7004"="Opens your Internet browser."
"C:\\WINDOWS\\explorer.exe"="Windows Explorer"
"@explorer.exe,-7005"="Opens your e-mail program so you can send or read a message."
"@explorer.exe,-7000"="Opens a window where you can pick search options and work with search results."

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"Icon"="explorer.exe#0100"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Icon"="explorer.exe#0100"

; End Of The Log...

Do you want to run the batch I sent you (Replace.bat )and restart? See if you get explorer back? That would be the next and easiest step.


After you try that and restart, find me.txt and post the contents please. me.txt is the log the batch creates and should be found in the same folder where replace.bat is located.


I am not counting on it, but we should try this next.

how was the storm? all we got was a 40 degree temp drop and wind and a $500 gutter estimate

hey I ran the replace script, but I hosed it up and ended up running it twice
1st output

Working on Explorer.exe
dllcache\Explorer.exe here
Working on browseui.dll
dllcache\browseui.dll here
Working on Comctl32.dll
dllcache\Comctl32.dll here
Working on Comdlg32.dll
dllcache\Comdlg32.dll here
Working on Mlang.dll
dllcache\Mlang.dll here
Working on Ole32.dll
dllcache\Ole32.dll here
Working on Oleaut32.dll
dllcache\Oleaut32.dll here
Working on Shdocvw.dll
dllcache\Shdocvw.dll here
Working on Shell32.dll
dllcache\Shell32.dll here
Working on Shlwapi.dll
dllcache\Shlwapi.dll here
Working on Urlmon.dll
dllcache\Urlmon.dll here
Working on Wininet.dll
dllcache\Wininet.dll here
Working on Setupapi.dll
dllcache\Setupapi.dll here

*********************************
2nd output

Working on Explorer.exe
dllcache\Explorer.exe here
A duplicate file name exists, or the file
cannot be found.
Working on browseui.dll
dllcache\browseui.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Comctl32.dll
dllcache\Comctl32.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Comdlg32.dll
dllcache\Comdlg32.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Mlang.dll
dllcache\Mlang.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Ole32.dll
dllcache\Ole32.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Oleaut32.dll
dllcache\Oleaut32.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Shdocvw.dll
dllcache\Shdocvw.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Shell32.dll
dllcache\Shell32.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Shlwapi.dll
dllcache\Shlwapi.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Urlmon.dll
dllcache\Urlmon.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Wininet.dll
dllcache\Wininet.dll here
A duplicate file name exists, or the file
cannot be found.
Working on Setupapi.dll
dllcache\Setupapi.dll here
A duplicate file name exists, or the file
cannot be found.

We had very high wind and the temperature dropped like a rock. Just a dusting of snow though.

The log shows that the first time it ran. The second shows that it already had run.


Can I assume that after a restart you still have no explorer.exe running?

If so, the next step is your choice.

I would like to rule out Magic Folders. Did you ask the owner if it was ok to disable it? If that's ok then let's give that a shot.

If not, then I would say let's uninstall Service Pack 2 and see if the older version of Windows will run Explorer.

Hod off a minut4e if you are reading.

Anpther thread the person fixed this by disabling third party browser extensions. Even if not spyware, they can go corrupt.

Download and save this reg file and then double click on it, say yes to the prompt.

Here's the link to the regfile.

http://windowsxp.mvps.org/reg/DisableIEExtensions.reg


Restart and see if the problem is now gone please.

(Yuo can try to start explorer manually first. I am not sure it is really necessary to restart. But if no explorer, please try the restart)

There's something else to try too. This worked for another person.

It is a utility to repair Internet Explorer.

You can download it from this page and then follow the directions shown on that page.

http://windowsxp.mvps.org/IEFIX.htm


What IEFix does?
Registers the core Internet Explorer libraries.

Repairs Internet Explorer using IE.INF method.

Fixes two important registry keys which are required to set Internet Explorer as default



It is much more thorough than just the batch I gave you.

I've got the sick pc apart right now - trying to copy as much off the HDD as I can and the actual box is open and sitting out in front of my house - I'm letting the wind clean it out - good thing the wind is strong, 'cause there was some major dirt in there (heat problem?)
later I'll put this back together and try the above

Please don't leave that outside! One drop of moisture in there when you turn it on and it will be ruined. Please take it inside. To clean out a case, you need to use Canned Compressed air.

tried those two routines - still nothing
taking a break
will check later, but I think I'll drop a spare hdd into the machine and try to reinstall winxp and copy his stuff back, then I''ll give him his pc back and keep the disk in case we want to play some more

it's dry as a bone here - besides, no way would I air this out inside (looked worse than under the bed)
don't worry - I was watching it
thnx

Ok good. If it's cold, let it warm up a bit before you plug it in too. Good luck. Let's hope the repair utility does the trick.

ran iefix - asked for about 8 files including iexplorer.exe - looked on microsoft site and pointed to various program files directories where it then found those files
at the end - nothing changed, stll unable to run explorer

It didn't ask for the CD? I see one link at the beginning of that page and another further down. Did you do it from the instructions and use the link from this section of the page?

IEFix Usage

it asked for the sp2 cd - no gots
I have an sp1 pro cd
I have the sp2 downloaded somewhere; can I burn a cd from that?

In the instructions there is a way to skip the CD and just do the registry changes. If need be you can try that. But first have a look on the hard drive for a folder named ServicePackFiles\i386

If you find it then that is what the IEFIX needs. Point it to that.

Plus now I have just been pointed to another possibility by an expert at another forum named wng_z3r0.


Can you please run regedit on the problem machine and go to this key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RpcSs


Highlight RpcSs in the left pane and look in the right pane for this entry:


ObjectName

What does it say in the data column?

It should say LocalSystem

Let me know. Don't make any changes. Just have a quick look.

the Data field for ObjectName is:
NT Authority\NetworkService

That seems to be the usual data for Windows Xp SP2. So that is not wrong. That can be a problem after SP2 is removed and that entry is not then corrected. I have been reading and some people running XP Sp2 had slow startups and changed that data. They then had a faster startup.

But before we try anything else, I need to know if you were able to run the IEfix and if you found Servicepackfiles folder?

didn't I run iefix twice the other night? or was that something else?
my head's swimming -lacrosse season has started at high school and i shoot and edit the games so I'm all videoed out

Here's what you told me:

ran iefix - asked for about 8 files including iexplorer.exe - looked on microsoft site and pointed to various program files directories where it then found those files
at the end - nothing changed, stll unable to run explorer

If you cannot find the servicepackfiles folder then let;s make a decision.

Either disable Folder magic and see if that fixes this..

Or uninstall Service Pack2 and see if that does the job.

Let me know which one you would like to try before you do it.

Let's hope one or the other fixes this problem.

ok it's coming back to me - what I did was to point the IEFix to the folders that contained the files it was looking for by checking on MS site to find out what location in the file system they usually lived in
I just reran and relinked all the files - same result

what's the preferred way to get rid of magic folder?

Remember I gave you a link to the page? And it showed you how to disable using Recovery Console? Follow those instructions first. Then see if you get explorer back.

fromm recovery console I disabled mfx and xms1563k
wouldn't allow me to rmdir syz_dat
but after normal reboot, I could find and delete (under WinXP) the directory and the files in win\system32\drivers
however, rebooting again results in the same problem and I can't manually start explorer (tried that,too)

But why remove it? You could have reenabled the driver after finding there was no problem with it. They can reinstall if they need to do that. Things are better uninstalled if that's possible because uninstalling cleans up the registry too.

At a command prompt can you enter this and press enter:
sc query RpcSs

State should tell you it's running. I can't imagine it wouldn't be.

Let's back up that key and then make a change. See if this last ditch helps. I doubt it. But we can try it.
Save the contents of the code box to notepad.
Name the file rpc.bat
Save as type: All files
Run rpc.bat.
It will only take a second.


regedit /e C:\rpcss.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs



Now go into the registry and find this key again please:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Highlight RpcSs in the left pane and double click on this value in the right pane:
ObjectName

When the box appears, change the data to this Exactly:
LocalSystem

Case sensitive and no spaces.

-------------------------

Click Ok and close the registry.

Restart and only if you have a problem getting back into windows, bring up the boot menu and select LastKnownGood Configuration.


Let's hope you don't. Does Explorer come up now?

If not, then we are going to have to try uninstalling Service Pack 2, I think.

Let me know if Add Remove prograqms appearsd when you open a command prompt and type this in (then press enter)

appwiz.cpl

hi - did all the above steps and same result

in an earlier post you asked why I removed - I diasabled first and that didn't make a diff, so in looking through the instructions, removing was mentioned so I tried that
I'm usually pretty optimistic, but with this system I hear myself saying "not going to be it this time" whenever I reboot
I'm at the add/remove window now
can I just remove SP2 without any associated/newer updates/fixes?
I remember on mainframes, it was safer to uninstall fixes in reverse order of install

Can you refresh my memory please? You are not able to do a systrem restore, right?

Here's a link to the official MS page on removing Service Pack 2. Have a quick look before you go ahead.

http://support.microsoft.com/KB/875350




It mentions nothing about uninstalling the updates first.

removed SP2
same result
I picked up a 80G HDD for $10 after rebate at a local store of a national chain this AM
I'm going to install WinXP on it and give this guy his system back
If you want I'll hold onto the old drive and install it into one of my other boxes to continue to play

This is being very stubborn. That's about all I can think of to do. Other than a repair install using the correct install CD for that system. But even that sounds like it won't help.

Other than the usual maintenance like chkdsk to see if there are bad sectors.

I would say a format and reinstall and then see if it works. I wish there were more, but I think you've done about all you can.

me?
you were at the controls here - and I thank you for that
we're going to a st patricks party at our favorite french restaurant (go figure) and I'm going to propose a toast over some bubbly to you
another forum member might be there, so at least the two of us will know we're toasting to all the hard work you guys/gals do here

btw - i did try to go to several restore points and although it looks to work, 1/2 hour later after the system reboots, I get a msg saying it couldn't restore to that point

rayno,


Have a good time at the party. We removed a lot of files and so that might be why system restore didn't work. Or that's broken too. There are many reasons for that kind of failure including corruption. I propose a good format and then see if the drive will let you install an OS on it.



Mo

This topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread. :)