Explorer.exe not loading. Desktop blank. XP startup incomplete

Hi folks,
Today my computer came up blank when windows started. Hunting around on the net I've seen many people having this problem, but I did not find a generic solution to try, just many custom ones. The folks here helped a few people with this issue so I thought I'd see if we can figure this one out together. I'd be grateful to have some assistance.

Here's the data:
SYSTEM: Windows XP Professional (OEM) SP2 on an Acer TM633 laptop

HISTORY/SURROUNDING EVENTS:
Two days ago computuer working fine. Did not use it yesturday.
Today, after logging into Windows the desktop is blank. No taskbar. Basically Explorer.exe did not load.
Tried loading it manually. The process starts, then after a few seconds it stops. Nothing appears on desktop.
Restarted. Desktop and taskbar appeared, all icons in place. Then it vanished (explorer.exe died). Further attempts, exploere dies right away or does not even attempt to load.
Tried it in Safe Mode. Same story.

I note that much of the startup process does not complete. I am thinking that something in the startup rountine is hanging the rest of the routine, including explorer.exe. Although that does not explain why I can't run it manually.

Only changes made to PC between weekend and today was that one the weekend (the last time I was using the computer) I installed thje open source programme EasyTag 2.1. I also installed the GTK+-2.10.13 support files for EasyTag.
I have now uninstalled both of these. Problem remains.

Further history. A few weeks ago nearly every application in the startup rountine (all the registry based user defined/installed apps) had a "-" in front of it's file name. Hence none of these things would start when I started XP. I fixed this by removing the "-" from the front of the file names. I am not sure what caused that to occur. It may or may not be related. I did do a virus scan at that time and it came up clean (NOD32).

Another thing I note is that I've taken a look into the Event Log. The following errors have been occuring every time I start up the PC for as long back as I have a record (which is only the 11th of July). These services not starting are:

1) The HID Input Service service terminated with the following error: The system cannot find the file specified. (The path for HID in Services.msc is "C:\WINDOWS\System32\svchost.exe -k netsvcs")

2) The server could not bind to the transport \Device\NetBT_Tcpip_{E4E61D70-53BF-4283-8718-DA138BC8C01B} because another computer on the network has the same name. The server could not start.

3) The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

Another thing I note in Service Control Manager is this service at the top:
Service Name: Bonjour Service
Display Name: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #
Description: ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762# #
Path to executable: "C:\Program Files\Bonjour\mDNSResponder.exe"

I disabled this service a month or more ago when I found the mDNSResponder.exe running every time I started my PC.

I know the startup rountine is not completing because I ran SDFix and when it rebooted back into standard XP mode, the RunOnce trigger in the Registry (to complete the SDFix process) did not run. I ran it manually though. The Report.txt data is at the end of this message (in case it is of any use):

In the Application Event log I note the following (three times) from the first time I turned my computer on today. There are no subsequent occurances of this today (although I've restarted the PC many times). It just happened the first time the PC started today.
If I should post a HJT log please let me know.

Below is also the results of running the Xoftspy 4.22 scanner, and SB S&D.
S7D says the Virtuemode trojan is on my computer.

Your help is greatly appreciated . So far I've lost most of the day of work.

Regards,

Jonathan



SDFix Report.txt
SB S&D Scan results:
Here are the FIX results from S&D (one item not fixed)
I am still waiting for Xoftspy to finish. Will post results when it's done.

You might as well post a HijackThis log in that section. Here is the introductory post:

Read This First - IMPORTANT Instructions

If they give you an "all clear" then please return to this thread and we can look further.

I've posted the HJT log (http://www.d-a-l.com/help/showthread.php?p=146414).
Looking through the log I notice that again many of the service file paths have a hypen ( - ) stuck at the front. I have no idea what is doing this. It happened about a month ago as mention in previous data.

Hopefully the HJT review will turn up what is doing this to my service paths.

Regards,

Jonathan

For those interested, here's what has been unexplainably changed (twice now) in my registry. Perhaps other things have been changed to. Has any one else come across this situation in Windows XP? I'd love to know what's causing it, but found it rather tricky to pick the right search terms in Google in order to get some info on it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Disabled Run, SynTPEnh, -C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B andwidth Monitor Pro, ImagePath, -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b twdins, ImagePath, -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D ynDNS_Updater_Service, ImagePath, -C:\Program Files\DynDNS Updater\DynDNS.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SSQL$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SSQLServerADHelper, ImagePath, -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S QLAgent$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\V MAuthdService, ImagePath, -C:\Program Files\VMware\VMware Player\vmware-authd.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\B andwidth Monitor Pro, ImagePath, -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\b twdins, ImagePath, -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\D ynDNS_Updater_Service, ImagePath, -C:\Program Files\DynDNS Updater\DynDNS.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\M SSQL$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\M SSQLServerADHelper, ImagePath, -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\S QLAgent$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\V MAuthdService, ImagePath, -C:\Program Files\VMware\VMware Player\vmware-authd.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B andwidth Monitor Pro, ImagePath, -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b twdins, ImagePath, -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\D ynDNS_Updater_Service, ImagePath, -C:\Program Files\DynDNS Updater\DynDNS.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\M SSQL$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\M SSQLServerADHelper, ImagePath, -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\S QLAgent$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\V MAuthdService, ImagePath, -C:\Program Files\VMware\VMware Player\vmware-authd.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bandwidth Monitor Pro, ImagePath, -C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\btwdins, ImagePath, -C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DynDNS_Updater_Service, ImagePath, -C:\Program Files\DynDNS Updater\DynDNS.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSSQL$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSSQLServerADHelper, ImagePath, -C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SQLAgent$ACT7, ImagePath, -C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VMAuthdService, ImagePath, -C:\Program Files\VMware\VMware Player\vmware-authd.exe

UPDATE
My HJT log came up clean.

In the mean time I found a Restore point from a few days prior to this event that an uninstall of some software created. Restored back to that point and the computer runs as normal.

I imagine there's no easy way to find out why it started behaving badly.
The other thing I'd love to know if why a "-" got stuck in front of the file path for a whole lot of services (a few weeks back). But I imagine that's also no easy to figure out.

So, unless someone has suggestions re the above points, this help request is closed.

Thanks,

Jonathan

Thanks for the update.

My only idea about the hyphen prior to file names would be malicious in nature.

Placing a hyphen as the first character basically annuls a file.