Solved HijackThis Log [Iexplore opens multiple windows and freezes]

[Resolved] HijackThis Log [Iexplore opens multiple windows and freezes]

From reading different posts I think my machine may have a problem. Iexplore opens multiple windows and freezes my system. I've attached a text file with log results from hijack this. any insight/help would be appreciated. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:06 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
E:\Diskeeper2008\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
e:\Spotmau\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ARPWRMSG.EXE
E:\LinkStash\lsmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\LinkStash\lnkstash.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Firefox\firefox.exe
e:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKCU\..\Run: [LinkStashMonitor] E:\LinkStash\lsmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Desktop Secretary] "e:\Spotmau\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: LinkStash.lnk = E:\LinkStash\lnkstash.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Html To Image - e:\Html To Image\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2FE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - E:\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - E:\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - E:\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - E:\LinkStash\lsgrab.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193758103203
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193752228812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax5815.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\PhotoshopElements6\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Diskeeper2008\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - e:\Spotmau\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - e:\APC-Pwrchute\ups.exe

--
End of file - 10265 bytes

 

Hi pccoach,

We need to use another tool that gives us a better look at things. Download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

thanks will do that and post results...thank you.

 

DSS main.txt contents-thanks for your help!

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-05-16 07:53:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
89: 2008-05-16 10:48:36 UTC - RP304 - Deckard's System Scanner Restore Point
88: 2008-05-16 10:37:53 UTC - RP303 - Installed SUPERAntiSpyware Professional
87: 2008-05-16 10:36:37 UTC - RP302 - Software Distribution Service 3.0
86: 2008-05-16 10:34:09 UTC - RP301 - Installed Windows Internet Explorer 7.
85: 2008-05-16 10:32:42 UTC - RP300 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2008-03-14 21:19:35 UTC - RP216 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:18 AM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
E:\Diskeeper2008\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
e:\Spotmau\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
e:\Spotmau\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
E:\LinkStash\lsmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\LinkStash\lnkstash.exe
C:\WINDOWS\System32\svchost.exe
E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
N:\Drivers_SW_Pics\InstallationSoftware\Deckard's System Scanner\dss.exe
E:\TRENDM~2\HIJACK~1\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LinkStashMonitor] E:\LinkStash\lsmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: LinkStash.lnk = E:\LinkStash\lnkstash.exe
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - E:\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - E:\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - E:\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - E:\LinkStash\lsgrab.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193758103203
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193752228812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax5815.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - E:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\PhotoshopElements6\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Diskeeper2008\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - e:\Spotmau\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: UPS - APC PowerChute plus (UPS) - APC - e:\APC-Pwrchute\ups.exe

--
End of file - 8191 bytes

-- HijackThis Fixed Entries (E:\TRENDM~2\HIJACK~1\backups\) --------------------

backup-20080515-125937-755 O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
backup-20080515-130510-161 O15 - Trusted Zone: *.workathomeagent.net
backup-20080515-130510-741 O15 - Trusted Zone: *.west.com
backup-20080515-130510-766 O15 - Trusted Zone: *.westathome.net
backup-20080515-130510-986 O15 - Trusted Zone: *.westathome.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 hotcore2 - c:\windows\system32\drivers\hotcore2.sys <Not Verified; Paragon Software Group; HotBackup>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 FolderProtectDriver - e:\spotmau\spotmau wincare 2008\sub\fsdriver\folderprotectdriver.sys
R3 SASENUM - e:\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FolderProtectService - e:\spotmau\spotmau wincare 2008\sub\fsdriver\folderprotectservice.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D5653711D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\D5653711D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 11:51:45 444 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72B67499-E294-4439-9B27-6517DB52BBB8}.job


-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 06:37:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 06:37:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-05-13 18:02:00 0 d-------- C:\WINDOWS\CSC
2008-05-13 12:14:21 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 12:14:20 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 12:11:00 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 11:40:10 11354112 --a------ C:\Documents and Settings\HP_Administrator\ntuser.dat
2008-05-13 06:33:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-13 06:33:23 0 d-------- C:\Program Files\Trend Micro
2008-05-12 21:59:00 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-12 19:24:21 0 d-------- C:\Documents and Settings\All Users.WIN_TS\Application Data\CA
2008-05-12 17:19:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinCare2008
2008-05-12 17:00:45 0 d-------- C:\Documents and Settings\BarbS\Application Data\WinCare2008
2008-05-12 15:36:06 0 d-------- C:\Documents and Settings\BarbS\Application Data\Identities
2008-05-12 15:35:58 0 d--h----- C:\Documents and Settings\BarbS\Templates
2008-05-12 15:35:58 0 dr------- C:\Documents and Settings\BarbS\Start Menu
2008-05-12 15:35:58 0 dr-h----- C:\Documents and Settings\BarbS\SendTo
2008-05-12 15:35:58 0 dr-h----- C:\Documents and Settings\BarbS\Recent
2008-05-12 15:35:58 0 d--h----- C:\Documents and Settings\BarbS\PrintHood
2008-05-12 15:35:58 786432 --ah----- C:\Documents and Settings\BarbS\NTUSER.DAT
2008-05-12 15:35:58 0 d--h----- C:\Documents and Settings\BarbS\NetHood
2008-05-12 15:35:58 0 dr------- C:\Documents and Settings\BarbS\My Documents
2008-05-12 15:35:58 0 d--h----- C:\Documents and Settings\BarbS\Local Settings
2008-05-12 15:35:58 0 dr------- C:\Documents and Settings\BarbS\Favorites
2008-05-12 15:35:58 0 d-------- C:\Documents and Settings\BarbS\Desktop
2008-05-12 15:35:58 0 d---s---- C:\Documents and Settings\BarbS\Cookies
2008-05-12 15:35:58 0 dr-h----- C:\Documents and Settings\BarbS\Application Data
2008-05-12 15:35:58 0 d---s---- C:\Documents and Settings\BarbS\Application Data\Microsoft
2008-05-12 15:33:38 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-12 15:33:38 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-12 15:33:38 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-12 15:33:38 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-12 15:33:38 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-12 15:33:02 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-05-12 15:33:02 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-05-12 15:33:02 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-05-12 15:33:02 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-05-12 15:33:02 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-05-12 15:29:48 229376 ---h----- C:\Documents and Settings\Default User.WIN_TS\NTUSER.DAT
2008-05-12 15:28:47 0 d--hs---- C:\Documents and Settings\All Users.WIN_TS\DRM
2008-05-12 11:14:19 0 d--h----- C:\Documents and Settings\All Users.WIN_TS\Templates
2008-05-12 11:14:19 0 dr------- C:\Documents and Settings\All Users.WIN_TS\Start Menu
2008-05-12 11:14:19 0 d-------- C:\Documents and Settings\All Users.WIN_TS\Favorites
2008-05-12 11:14:19 0 dr------- C:\Documents and Settings\All Users.WIN_TS\Documents
2008-05-12 11:14:19 0 d-------- C:\Documents and Settings\All Users.WIN_TS\Desktop
2008-05-12 11:14:18 0 d--h----- C:\Documents and Settings\Default User.WIN_TS\Templates
2008-05-12 11:14:18 0 dr------- C:\Documents and Settings\Default User.WIN_TS\Start Menu
2008-05-12 11:14:18 0 dr-h----- C:\Documents and Settings\Default User.WIN_TS\SendTo
2008-05-12 11:14:18 0 d--h----- C:\Documents and Settings\Default User.WIN_TS\Recent
2008-05-12 11:14:18 0 d--h----- C:\Documents and Settings\Default User.WIN_TS\PrintHood
2008-05-12 11:14:18 0 d--h----- C:\Documents and Settings\Default User.WIN_TS\NetHood
2008-05-12 11:14:18 0 d-------- C:\Documents and Settings\Default User.WIN_TS\My Documents
2008-05-12 11:14:18 0 dr-h----- C:\Documents and Settings\Default User.WIN_TS\Local Settings
2008-05-12 11:14:18 0 d-------- C:\Documents and Settings\Default User.WIN_TS\Favorites
2008-05-12 11:14:18 0 d-------- C:\Documents and Settings\Default User.WIN_TS\Desktop
2008-05-12 11:14:18 0 d---s---- C:\Documents and Settings\Default User.WIN_TS\Cookies
2008-05-12 11:14:03 0 dr-h----- C:\Documents and Settings\Default User.WIN_TS\Application Data
2008-05-12 11:14:03 0 d---s---- C:\Documents and Settings\Default User.WIN_TS\Application Data\Microsoft
2008-05-12 11:14:03 0 dr-h----- C:\Documents and Settings\All Users.WIN_TS\Application Data
2008-05-12 11:14:03 0 d---s---- C:\Documents and Settings\All Users.WIN_TS\Application Data\Microsoft
2008-05-12 11:09:19 0 d-------- C:\WIN_TS
2008-04-24 06:29:24 96577 --a------ C:\WINDOWS\hpqins16.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-16 06:37:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 18:06:43 0 d-------- C:\Program Files\Windows NT
2008-05-13 18:06:39 0 d-------- C:\Program Files\Movie Maker
2008-05-13 18:05:57 0 d-------- C:\Program Files\Messenger
2008-05-13 12:07:05 250048 -rahs---- C:\ntldr
2008-05-12 23:39:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 23:37:58 0 d-------- C:\Program Files\Microsoft Works
2008-05-12 23:19:49 0 d-------- C:\Program Files\Common Files
2008-05-03 07:52:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-04-26 10:41:30 0 d-------- C:\Program Files\Microsoft SQL Server
2008-04-26 10:39:53 0 d-------- C:\Program Files\Microsoft.NET
2008-04-14 11:46:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-04-13 20:25:26 1804 -----n--- C:\WINDOWS\system32\dcache.bin
2008-04-12 12:04:32 0 d-------- C:\Program Files\QuickTime
2008-04-12 09:55:19 0 d-------- C:\Program Files\Realtek
2008-04-12 09:54:57 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-10 10:41:14 0 d-------- C:\Program Files\HP
2008-04-08 15:51:00 0 d-------- C:\Program Files\CA
2008-04-04 12:46:04 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-03 09:24:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-03-31 19:50:52 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WebAssist
2008-03-31 13:30:46 0 d-------- C:\Program Files\Microsoft Expression
2008-03-31 11:47:41 0 d-------- C:\Program Files\MSXML 6.0
2008-03-30 16:51:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-30 13:18:13 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-29 19:49:22 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-29 19:47:17 0 d-------- C:\Program Files\Common Files\Real
2008-03-29 19:47:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-03-29 19:33:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Amazon
2008-03-29 18:20:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 12:55:27 0 d-------- C:\Program Files\Java
2008-03-23 19:04:05 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-03-23 12:17:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\UltraHTML2Image
2008-03-23 11:46:49 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Softplicity
2008-03-18 12:17:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LinkedIn
2008-03-14 12:35:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-05 18:07:48 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-02-24 10:38:23 608 --ahs---- C:\WINDOWS\system32\winzvprt5.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" [08/03/2005 02:19 AM C:\WINDOWS\arpwrmsg.exe]
"UfSeAgnt.exe "= "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LinkStashMonitor "= "E:\LinkStash\lsmon.exe" [11/02/2007 12:50 PM]
"OE "= "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [02/15/2008 11:39 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/30/2007 09:17 AM]
"SUPERAntiSpyware "= "E:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
LinkStash.lnk - E:\LinkStash\lnkstash.exe [11/14/2007 3:36:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= E:\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 E:\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMCWUSB-G 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMCWUSB-G 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMCWUSB-G 802.11g Wireless USB Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"E:\PhotoshopElements6\apdproxy.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"E:\AdobeReader\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Secretary]
"e:\Spotmau\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"E:\Microsoft Office 2007\Office12\GrooveMonitor.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
C:\WINDOWS\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"E:\CanoScan\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "E:\CanoScan\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"E:\CanoScan\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite Scheduler]
E:\CyberScrub\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
E:\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

7977 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-16 07:55:57 ------------

 

I did some aggressive registry cleaning of Iexplore and downloaded IE7 and reinstalled. I also found virus in an external hard drive. not sure the file on external drive was the cuprit. anway....it is working now.... Thank goodness for this site and the good people who post!

 

Glad you got it sorted. Nothing sticking out in your log either.

 

thanks for looking at the log.... all is well for now. take care!