Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro - Desktop won't load


  • This topic is locked This topic is locked
12 replies to this topic

#1 rjfcons

rjfcons

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 04 December 2009 - 11:49 AM

First Time User,

My laptop will not load the desktop - running Xp Pro Service Pack 3, HP Pavilion dv8000
When I start it up it goes through the regular process, reaches the log on screen, after entering password it says it is loading personal settings but only the wallpaper screen shows
No icons, no task bar, no startup programs showing
I have tried to open Task Manager but when I enter CTRL+ALT+DEL the Window Security box where you select Task Manager comes up, but when I select Task Manager this box disappears and it doesn't take me to Task Manager. It just stays on the wallpaper screen
Let me know if there is any other way to get task manager to open.
I have tried going back to a couple of prior restore points, but still same problem
Safe mode starts up fine, but i am not real sure of what to try from here to fix problem
Any help would be appreciated

Thanx!!!
Ron

BC AdBot (Login to Remove)

 


#2 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 04 December 2009 - 06:11 PM

Hello again Rjfcons. Thought I would pop in to see how you were doing. As this side of the board is pretty busy I`ll see if I can`t lend you a hand to at least get you into a normal boot-up.

Download SUPERAntiSpyware Free Edition. Since you can access safe mode then you can probably access safe mode with network support. In this manner you can download it directly to the problem if you have no way of accessing it on another PC and the transferring it ove to the troubled machine.

#3 rjfcons

rjfcons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 04 December 2009 - 06:53 PM

Het ThundeZ

Thanks for checking in on me
I actually have a copy of SuperAntiSpyware already on my laptop
Let me know what you would like me to try

Thanx!!!
Ron

#4 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 04 December 2009 - 07:06 PM

That is great. Let`s see if we can get it to update. Fire up the PC in safe mode with networking. Try to update it.

If it won`t update still go ahead and run a full scan in safe mode. Then post the log here.

#5 rjfcons

rjfcons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 05 December 2009 - 01:53 PM

Hi ThunderZ

Sorry for not getting back to you sooner. Had to take a break last night and go listen to some blues music.
Here is a copy of the log requested


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/04/2009 at 07:12 PM

Application Version : 4.25.1014

Core Rules Database Version : 4337
Trace Rules Database Version: 2190

Scan type : Complete Scan
Total Scan Time : 02:44:38

Memory items scanned : 250
Memory threats detected : 0
Registry items scanned : 10477
Registry threats detected : 0
File items scanned : 83027
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\Ron\Cookies\ron@content.yieldmanager[2].txt
C:\Documents and Settings\Ron\Cookies\ron@bellcan.adbureau[2].txt
C:\Documents and Settings\Ron\Cookies\ron@partypoker[4].txt
C:\Documents and Settings\Ron\Cookies\ron@secure.partyaccount[6].txt
C:\Documents and Settings\Ron\Cookies\ron@content.yieldmanager[3].txt
C:\Documents and Settings\Ron\Cookies\ron@bravenet[1].txt
C:\Documents and Settings\Ron\Cookies\ron@atdmt[2].txt
C:\Documents and Settings\Ron\Cookies\ron@ad.yieldmanager[2].txt
C:\Documents and Settings\Ron\Cookies\ron@partygaming.122.2o7[1].txt
C:\Documents and Settings\Ron\Cookies\ron@imediac.adbureau[5].txt
C:\Documents and Settings\Ron\Cookies\ron@secure.partyaccount[7].txt
C:\Documents and Settings\Ron\Cookies\ron@earlyexperience.partyaccount[2].txt

Trojan.Agent/Gen-HackPatch
C:\PROGRAM FILES\KEYWORD ELITE\FOFF_PATCH.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP695\A0142017.EXE

Thanx!!!
Ron

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 05 December 2009 - 03:20 PM

I understand about taking a break.

The cookies are not a big deal.

Seem`s may have a cracked program\game? If you remove it, what ever it applies to will probably quit working.
The second reference located in C: is a restore point. That can be taken care of by disabling System Restore. I fact I would consider leaving it off until your clean.

Were you able to update SAS prior to the scan? Let it clean everything. Then let`s see if your PC will start normally.

#7 rjfcons

rjfcons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 05 December 2009 - 07:50 PM

Hey ThunderZ,

Yes I was able to update SAS.
I also updated AVAST virus scan and ran a complete scan.
After completing both of these I re-booted and Voila!!!
It started up normally.
Right now I am doing a complete back-up, and have not tried to restart another time.
I will let you know if it works ok on the next restart.
Keepin' my fingers crossed

Thanx!!! A bunch for all your help
Ron

#8 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 05 December 2009 - 09:18 PM

Since you are able to run normally and unless you are planning a reinstall of your OS I`d like you to try one more scan. Grab the free version of Malwarebytes. Install\update and run a full scan. Please post the log.

Edited by ThunderZ, 05 December 2009 - 09:19 PM.


#9 rjfcons

rjfcons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 06 December 2009 - 03:46 AM

ThunderZ
Here is log as requested

Malwarebytes' Anti-Malware 1.42
Database version: 3303
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/06/09 12:33:53 AM
mbam-log-2009-12-06 (00-32-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 612060
Time elapsed: 2 hour(s), 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP695\A0143932.EXE (Trojan.Crypt) -> No action taken.

Let me know what you recommend from here
Thanx!!!
Ron

#10 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 06 December 2009 - 09:25 AM

I`m am guessing you have not disabled System restore. That seem`s to be the location of one infection source. If you were to do a restore at this point for any reason you would probably reinfect yourself. As I mentioned before, I would at least temporarily disable it. This should effectively wipe out the one location = Files Infected:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP695\A0143932.EXE (Trojan.Crypt) -> No action taken.
.

To disable System Restore. Control Panel > System > System Restore tab > place a check mark in Turn off System Restore. Confirm your choice.

The other is in the registry. I do not think that it is any longer a danger but just the same I suggest you now read HERE then post HERE.

Just want to make sure you are 100% clean. This is best determined by one of our trained Malware Removal Crew members. Please be patient as they are extremely busy.

#11 rjfcons

rjfcons
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 06 December 2009 - 02:46 PM

Thanx!! again ThunderZ

I have disabled System Restore as suggested and posted to the forum you recommended
Your help is greatly appreciated

Thanx!!!
Ron

#12 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 06 December 2009 - 04:47 PM

Once you are pronounced clean then turn sys restore back on if you so desire.

I guessing you are in pretty good shape but just wanting to make sure.

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:33 AM

Posted 06 December 2009 - 08:35 PM

Hello,

I see that you have posted your HiJack This topic here: http://www.bleepingcomputer.com/forums/t/276879/trojancrypt-trojanzlob-possible-infection/

I see that you have disabled System Restore: Please enable it again.

Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. If an incident renders your system problematic or unbootable, you can use System Restore to return it to a previous working state. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Disabling this feature could mean having to perform a repair install (or reformat in worst case scenarios) if you're unable to fix any problems which System Restore may be able to correct. Although System Restore is not always 100% guaranteed to work all the time, it at least gives you another option before resorting to more drastic measures.

"System Restore and malware removal - what is best practice?"
"Should I purge all my restore point BEFORE removing infection?"

That said, ow that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users