internet explorer closes on certain sites

[Kazic]

IE just closes on certrain sites i go to...i dont get any errors or anything it just closes...i tried using spybot,ad-aware and cwshred but no help so if anyone have a clue to fix this plz help me


Logfile of HijackThis v1.98.2

Scan saved at 2:56:38 PM, on 12/23/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\NVSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\PCTVOICE.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\DESKTOP\MANGA\HIJACKTHIS1977\HIJACKTHIS .EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=0409

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/objects.phtml...op&obj_type=58

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: mswebdvb - {A0B2A623-4067-82A0-88D4-746EAED86294} - C:\WINDOWS\SYSTEM\MSWEBDVB.dll

O2 - BHO: tsp3216k - {4D590C56-1F74-6EAA-4829-916950017A61} - C:\WINDOWS\SYSTEM\TSP3216K.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\WINDOWS\TEMP\TD_0003.DIR\FREERAM XP PRO 1.40.EXE" -win

O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\PROGRAM FILES\INTERNETMACROS3\imacros.dll (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32651.cab

[don77]

Hi Kazic welcome to CTH

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

O2 - BHO: mswebdvb - {A0B2A623-4067-82A0-88D4-746EAED86294} - C:\WINDOWS\SYSTEM\MSWEBDVB.dll

O2 - BHO: tsp3216k - {4D590C56-1F74-6EAA-4829-916950017A61} - C:\WINDOWS\SYSTEM\TSP3216K.DLL

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab



Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD



C:\WINDOWS\SYSTEM\MSWEBDVB.dll

C:\WINDOWS\SYSTEM\TSP3216K.DLL

C:\WINDOWS\SYSUPD.EXE

C:\install.cab



Restart your computer,
Check Ad-aware for updates and run a scan with it, have it fix everything it finds,
Restart your computer
Restart HJT
Post back a fresh log please

[Kazic]

ok i did the 1st part but somehow it wouldnt let me do the 2nd part...i couldnt find the files

C:\WINDOWS\SYSTEM\MSWEBDVB.dll

C:\WINDOWS\SYSUPD.EXE

C:\install.cab
but i did find

C:\WINDOWS\SYSTEM\TSP3216K.DLL

and it wouldnt let me delete in safe mode it said it was in use there was also a tsp3216k.dat file and a mswebdvb.dat file



Logfile of HijackThis v1.98.2

Scan saved at 4:54:25 AM, on 12/24/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\NVSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\PCTVOICE.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\DESKTOP\MANGA\HIJACKTHIS1977\HIJACKTHIS .EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=0409

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/objects.phtml...op&obj_type=58

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: tsp3216k - {4D590C56-1F74-6EAA-4829-916950017A61} - C:\WINDOWS\SYSTEM\TSP3216K.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\WINDOWS\TEMP\TD_0003.DIR\FREERAM XP PRO 1.40.EXE" -win

O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\PROGRAM FILES\INTERNETMACROS3\imacros.dll (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32651.cab

[don77]

Thats fine,

It looks clean now, How is the machine running ?

[Kazic]

nope still not working....dont i need to delete the tsp3216k.dll?

[don77]

Sorry,, Yes
have HJT fix this as well. same way as above
O2 - BHO: tsp3216k - {4D590C56-1F74-6EAA-4829-916950017A61} - C:\WINDOWS\SYSTEM\TSP3216K.DLL

Post back a fresh log when done please

[Kazic]

ok i deleted it but when i restart my comp it always just comes back....and if i try to delete it in safe mode it wont let me...so what to do...


Logfile of HijackThis v1.98.2

Scan saved at 4:39:41 PM, on 12/25/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\NVSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\PCTVOICE.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\DESKTOP\MANGA\HIJACKTHIS1977\HIJACKTHIS .EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c=2C01&lc=0409

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/objects.phtml...op&obj_type=58

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: tsp3216k - {4D590C56-1F74-6EAA-4829-916950017A61} - C:\WINDOWS\SYSTEM\TSP3216K.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\starter.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\WINDOWS\TEMP\TD_0003.DIR\FREERAM XP PRO 1.40.EXE" -win

O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\PROGRAM FILES\INTERNETMACROS3\imacros.dll (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL (file missing)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32651.cab

[don77]

Download Pocket Killbox from here. Paste the full file path ( C:\WINDOWS\SYSTEM\TSP3216K.DLL ) in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.

[Kazic]

the link doesnt work...

[Hustler24]

Please start your own thread because the problems you have may be different to Kazic's.

[don77]

Kazic,
You can download Killbox from here, Don't use it yet though
Could you do me a favor search for this file nvsvc.exe click on the propereties and post back what it says please, See what it says under version tab or maker info,

We want to confirm the nvsvc.exe
First,
Been enyoing some much needed time off, So I have been on as much the past few days and the next few coming up, I will let the other Hijackthis helpers or mods know to keep an eye out for your reply in the event I m away for a bit