Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Kill Me Now...desktop Icons Gone


  • Please log in to reply
14 replies to this topic

#1 craiglieberman

craiglieberman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 07:28 AM

Hi all;

I was downloading a file and soon thereafter, my desktop icons vanished. Can only get in through Task Manager.

I've run Stinger, PCDoctor and HijackThis.

After doing this once, the computer returned to normal for about 3 hours. Then, after closing Photoshop, the icons vanished again.


Here's my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 5:03:34 AM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\Tunebite\tunebite.exe -tray
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124402006828
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.9
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Any help would be greatly appreciated in identifying and eliminating this bug.

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 07:37 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum craiglieberman :thumbsup:

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

********************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 07:44 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum craiglieberman :thumbsup:

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

********************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.


Will do.

In the interim, here is my report from SmitFraudFix:
Scan done at 5:32:47.45, Wed 05/23/2007
Run from C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.4.16.25
DNS Server Search Order: 68.4.16.30
DNS Server Search Order: 68.6.16.30

HKLM\SYSTEM\CCS\Services\Tcpip\..\{02C7D618-D27B-4AE7-834A-CC9294507521}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{260B5B9A-6AD3-4131-A0A4-57C3EB1F2A49}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{508FFCBE-C4B6-4449-A89C-47460BC6872F}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9103DAE6-CB56-4911-90FE-A2071F0E736D}: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{02C7D618-D27B-4AE7-834A-CC9294507521}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{260B5B9A-6AD3-4131-A0A4-57C3EB1F2A49}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{508FFCBE-C4B6-4449-A89C-47460BC6872F}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9103DAE6-CB56-4911-90FE-A2071F0E736D}: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{02C7D618-D27B-4AE7-834A-CC9294507521}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{260B5B9A-6AD3-4131-A0A4-57C3EB1F2A49}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{508FFCBE-C4B6-4449-A89C-47460BC6872F}: DhcpNameServer=85.255.114.34,85.255.112.9
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9103DAE6-CB56-4911-90FE-A2071F0E736D}: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.9
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.4.16.25 68.4.16.30 68.6.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.34 85.255.112.9


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#4 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 08:07 AM

Small problem:
After trying to run the FixwareOut, I got only the blue screen of death...saw a mouse cursor only, could not get past it. Had to reboot in Safe Mode and then ran VundoFix.

It gave me a prompt to remove a bunch of System 32 files, including System32\vtsqq.dll and System 32\xxyawxv.dll which it did, then the computer rebooted.

It is still giving me the blue screen.

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 08:22 AM

If you have not disabled System Restore,restart your pc in Safe Mode and select 'Safe Mode with Command Prompt'.
At the prompt copy and paste:
%systemroot%\system32\restore\rstrui.exe
Then press Enter.
Follow the onscreen instructions.
Posted Image
Posted Image

#6 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 08:48 AM

If you have not disabled System Restore,restart your pc in Safe Mode and select 'Safe Mode with Command Prompt'.
At the prompt copy and paste:
%systemroot%\system32\restore\rstrui.exe
Then press Enter.
Follow the onscreen instructions.


Ok...did that, re-ran FixwareOut.

It instantly prompted me for a reboot, still getting the blue screen....nothing happens.

I can't Ctrl+Alt+Del past it, and it just sits there.

Upon normal reboot, NOT in Safe Mode, the blue screen backdrop reappears The mouse has the hourglass next to it and nothing happens.

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 08:53 AM

Ok,run System Restore again but this time don't run FixWareout,what happens.
Posted Image
Posted Image

#8 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 09:37 AM

Ok,run System Restore again but this time don't run FixWareout,what happens.



Now that System Restore was disabled in Safe Mode, it won't let me change the settings to allow a restore except from Windows Explorer.

I can't seem to get to anything on my computer, except through Task Manager.

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 09:49 AM

If you have the Microsoft Windows XP install disk try a Repair Install.
Configure your computer to start from the CD-ROM drive.
(Boot into the Bios and set your CD-Rom drive as first boot device).
Insert your Windows XP CD into your CD/DVD-ROM drive, and then restart your computer.
When the "Press any key to boot from CD" message is displayed on your screen, press a key to start your computer from the Windows XP CD.
When you see the following message displayed on the Welcome to Setup screen, press ENTER:
To setup Windows XP now, press ENTER.
At this point an option to press R to enter the Recovery Console is displayed.
Do not select this option.
On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement. Make sure that your current installation of Windows XP is selected in the box, and then press the R key to repair Windows XP.
Follow the instructions on the screen to complete Setup.
Posted Image
Posted Image

#10 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 10:32 AM

If you have the Microsoft Windows XP install disk try a Repair Install.
Configure your computer to start from the CD-ROM drive.
(Boot into the Bios and set your CD-Rom drive as first boot device).
Insert your Windows XP CD into your CD/DVD-ROM drive, and then restart your computer.
When the "Press any key to boot from CD" message is displayed on your screen, press a key to start your computer from the Windows XP CD.
When you see the following message displayed on the Welcome to Setup screen, press ENTER:
To setup Windows XP now, press ENTER.
At this point an option to press R to enter the Recovery Console is displayed.
Do not select this option.
On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement. Make sure that your current installation of Windows XP is selected in the box, and then press the R key to repair Windows XP.
Follow the instructions on the screen to complete Setup.


Ok...done to the letter.

after completion, the computer rebooted.
Upon reboot, it went through a "An Exciting new look" screen wherein it said "Installing Windows". It is saying "Setup will complete in approximately: 39 minutes. "

I'm letting it run and will report back.

By the way,...thank you VERY MUCH for your help thus far.

#11 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 11:12 AM

Ok, I've reinstalled XP from the CD. Computer automatically rebooted.

It prompted to me to "Start Windows Normally.

It wouldn't start normally...I had to restart in Safe Mode.

NO change....Safe Mode is up, still have a black screen and the only way in is through Ctrl+Alt+Del into Task Manager.

Now what?

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 12:23 PM

Well i'm at a total loss here,i don't think running Vundofix in Safe Mode would have helped.
Not looking very good i'm afraid,you may have to resign to the fact you're going to have to format the drive and reinstall XP.

Try this,it might help:
Boot into 'Safe Mode with Command Prompt'.
At the prompt type the following,then press Enter',then restart your pc.
NETSH WINSOCK RESET
Posted Image
Posted Image

#13 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 23 May 2007 - 01:42 PM

Well i'm at a total loss here,i don't think running Vundofix in Safe Mode would have helped.
Not looking very good i'm afraid,you may have to resign to the fact you're going to have to format the drive and reinstall XP.

Try this,it might help:
Boot into 'Safe Mode with Command Prompt'.
At the prompt type the following,then press Enter',then restart your pc.
NETSH WINSOCK RESET



If I do this, can I still access the programs and files I have? I have about 90% backed up to an external hard drive, but there are some files not saved to the external hard drive.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 May 2007 - 06:46 PM

Try doing a parallel install,that means you'll be doing a new install of XP onto the same drive/partition as the current corrupt installation.
Then when you've finished you'll be able to move all your important data over to the new install.
When you've done that you can delete the corrupt intallation.

*******************************

To perform a parallel install of Windows XP:

1. Insert the Windows XP CD-ROM and restart your computer.

2. At the Press any key to boot from CD message, press any key.

3. Press Enter at the Welcome to Setup screen to begin Setup.

4. Press F8 to accept the End-User License Agreement.

5. Select the partition in which you want to install Windows XP and press Enter. A different partition than the original install is preferable.

6. Select the Leave the current file system intact (no changes) option if you are using the original partition.

7. Press Esc to install to a different folder if you are using the original partition. If Setup detects another operating system, it prompts for the new folder name after the back slash (\).

8. Press Enter to continue.

9. Follow the on-screen instructions.

*****************************

Microsoft's Windows XP Professional (Pro) Parallel Install:
http://www.windowsxpprofessional.windowsre...dexfullpage.htm

Microsoft's Windows XP Home Parallel Install:
http://www.windowsxphome.windowsreinstall....dexfullpage.htm
Posted Image
Posted Image

#15 craiglieberman

craiglieberman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 25 May 2007 - 05:41 PM

Try doing a parallel install,that means you'll be doing a new install of XP onto the same drive/partition as the current corrupt installation.
Then when you've finished you'll be able to move all your important data over to the new install.
When you've done that you can delete the corrupt intallation.

*******************************

To perform a parallel install of Windows XP:

1. Insert the Windows XP CD-ROM and restart your computer.

2. At the Press any key to boot from CD message, press any key.

3. Press Enter at the Welcome to Setup screen to begin Setup.

4. Press F8 to accept the End-User License Agreement.

5. Select the partition in which you want to install Windows XP and press Enter. A different partition than the original install is preferable.

6. Select the Leave the current file system intact (no changes) option if you are using the original partition.

7. Press Esc to install to a different folder if you are using the original partition. If Setup detects another operating system, it prompts for the new folder name after the back slash (\).

8. Press Enter to continue.

9. Follow the on-screen instructions.

*****************************

Microsoft's Windows XP Professional (Pro) Parallel Install:
http://www.windowsxpprofessional.windowsre...dexfullpage.htm

Microsoft's Windows XP Home Parallel Install:
http://www.windowsxphome.windowsreinstall....dexfullpage.htm


Can't get to a screen that allows me to "Boot from CD" I was able to do that yesterday by changing my start up sequence, but today I can't install XP from the CD as the computer can only accessed through SAFE mode.

Would love to learn more about the RAID AHCI settings, too.

I did another Hijack this log...see below.

Also, can someone walk me through how to get into to change the BIOS settings on a DImension 8400? I've exhausted the online resources, but none of them tell me how to get into a screen to see the settings.

At this point, I'm pretty sure it's the BIOS settings or a Windows Registry problem.

I can run a CD from my DVD player, but can't, copy files to the CD/DVD drive. I can't access my H drive (external supplemental hard drive).

I'm a total loss here.




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.craiglieberman.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [McafDellTag] C:\Program Files\McAfee.com\Agent\mcdeltag.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\vundofix.exe"
O4 - HKLM\..\RunOnce: [FixWareOut] C:\windows\system32\cmd.exe /c C:\fixwareout\FindT\XP-2K2.cmd
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\Tunebite\tunebite.exe -tray
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124402006828
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.9
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\CRAIG.CL-5135C53C1D3E\Desktop\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users