HJT log for assistance please
-
HJT log for assistance please
Hi folks,
I've got an issue where explorer.exe will not run. Thus the desktop and windows task bar do not appear. There's a full explanation of the situation at: http://www.d-a-l.com/help/showthread.php?p=146403
There I was told to post a HJT log in this forum area.
So, is it a nasty causing this issue?
Looking at the log it appears that lots of service files are missing? Seems a bit odd to me.
Okay... (thinking as I look through the log), I see that there is a "-" in front of many of the service names. This happened about a month ago too. I removed them all manually. Yet I see it has now happened again. So, I guess I'd like to know if the HJT log reveals what is sticking this "-" into the front of the service file locations.
With thanks,
Jonathan
Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 5
44 p.m., on 1/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = E-Volution Enterprise
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)
O3 - Toolbar: Ultra Recall - {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 3a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKCU\..\Run: [Mail Direct] "C:\Program Files\Mail Direct Pro\madypro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\Directory Opus\DOpus.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [MyLife Organized] C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe
O4 - Startup: Xpert-Timer.lnk = C:\Program Files\XpertTimer\XpertTimer.exe
O4 - Global Startup: Taskbar Activate.lnk = C:\Program Files\Taskbar Activate\TaskbarActivate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download the ¤t page with Offline Explorer - file://C:\Program Files\Offline Explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To &Ultra Recall (copy) - C:\Program Files\UltraRecall\Integration\StoreFromIE.html
O8 - Extra context menu item: Send To Ultra &Recall (link) - C:\Program Files\UltraRecall\Integration\LinkFromIE.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted IP range: http://192.168.0.3
O15 - Trusted IP range: http://192.168.1.254
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.com/viewer/eng/MjMmViewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181246863908
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bandwidth Monitor Pro - Unknown owner - -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - -C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: FinePrint Dispatcher v5 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$ACT7 - Unknown owner - -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$ACT7 - Unknown owner - -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE (file missing)
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - -C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Last edited by Inspired; 01-08-2007 at 07:06 AM.
Reason: Added URL for related post
-
Here's some additional background info to go with the HJT log.
1) I ran Ewido online scan. It turned up a few cookies but nothing else.
2) I ran AdAware SE 1.05. It's results log was the removal of some cookies.
3) I ran Spybot S&D. The result was:
----------------------
Virtumonde: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{6ED63687-EB85-4687-A8D0-17E9792B20CA}
Virtumonde: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6ED63687-EB85-4687-A8D0-17E9792B20CA}
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixe
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed
Tradedoubler: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
Tradedoubler: Tracking cookie (Firefox: Jonathan Evatt) (Cookie, fixed)
----------------------------------
Please let me know if you have any suggestions or questions.
Regards,
Jonathan
-
An update...
I did a system restore to a point about 5 days ago. A restore point had been saved when I uninstalled an application on that day.
The system now starts up as it should. Explorer.exe loads, along with all the other stuff on the sytem.
I'd be grateful if the following HJT log was looked over just to make sure there is nothing running on the system that shouldn't be. I am still somewhat suspicious as to why the computer died as it did.
Here's the latest HJT log from the computer running in its current (working) state.
Logfile of HijackThis v1.99.1
Scan saved at 10:44:17 p.m., on 2/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Mail Direct Pro\madypro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Directory Opus\DOpus.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Directory Opus\dopusrt.exe
C:\Program Files\Taskbar Activate\TaskbarActivate.exe
C:\Program Files\XpertTimer\XpertTimer.exe
C:\Program Files\HiJackThis\hijackthis v1.99.1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = E-Volution Enterprise
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IESessions.Manager - {6ECF15F0-468D-4E25-8997-1C710E80F5CD} - C:\Program Files\IESessions\IESessions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - (no file)
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)
O3 - Toolbar: Ultra Recall - {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 3a.exe" /source=HKLM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKCU\..\Run: [Mail Direct] "C:\Program Files\Mail Direct Pro\madypro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\Directory Opus\DOpus.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [FusionDesk] "C:\Program Files\FusionDesk\FusionDesk.exe" minimized
O4 - Startup: Xpert-Timer.lnk = C:\Program Files\XpertTimer\XpertTimer.exe
O4 - Global Startup: Taskbar Activate.lnk = C:\Program Files\Taskbar Activate\TaskbarActivate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download the ¤t page with Offline Explorer - file://C:\Program Files\Offline Explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To &Ultra Recall (copy) - C:\Program Files\UltraRecall\Integration\StoreFromIE.html
O8 - Extra context menu item: Send To Ultra &Recall (link) - C:\Program Files\UltraRecall\Integration\LinkFromIE.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - (no file)
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted IP range: http://192.168.0.3
O15 - Trusted IP range: http://192.168.1.254
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} - http://www.mindjet.com/viewer/eng/MjMmViewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181246863908
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - C:\Program Files\MyBase\ienyf.dll (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bandwidth Monitor Pro - Unknown owner - -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - -C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: FinePrint Dispatcher v5 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$ACT7 - Unknown owner - -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$ACT7 - Unknown owner - -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE (file missing)
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - -C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
With thanks,
Jonathan 
-
Welcoem,
Just some junk cleaning to do,
Run hijackthis and click on scan system only button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - (no file)
This one be low in blue is an opotional fix if you or an administrator did not set this
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - (no file)
Trustworthy in purple
O15 - Trusted IP range: http://192.168.0.3
O15 - Trusted IP range: http://192.168.1.254
Nothing open but hijackthis and click "fix checked"
Reboot
That is about all visible in hijackthis.
-
Thanks Neal,
Nice to know it's "clean"
I'll do those spring cleaning things now.
I guess I'll never know why Windows stopped loading properly. Oh well.
Glad I don't have something nasty to get rid of.
Regards,
Jonathan
-
Good luck and safe surfing.
