| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 82518 | 2007-08-30 01:47:00 | Blank Desktop and Explorer won't start | ashez2ashes (12753) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 586123 | 2007-08-30 01:47:00 | Hello, I've got a major problem . I recently was having trouble with the malware virtumonde . It kept coming back, no matter how many times Spysweeper got rid of it . I thought I'd finally got rid of it yesterday . Afterwards, I thought I should upgrade to internet explorer 7 to make my comp more secure . I had all of the other Microsoft updates I might as well . I did that, restart . . . but after I logged in my desktop was blank . Windows Explorer didn't load . I tried loading windows explorer through task manager . . . a grey window saying 'personalized settings' comes up for a moment, then explorer in task manager says its not responding and it disapears . I can open any other program within task manager and it works just fine . Safe Mode doesn't work, system restore did not work, defragging did not work . I searched for viruses and adware . . . spy sweeper thinks there isn't any . Adaware finds about 40-60 cookies . I got rid of those, but it seems everytime I check (only hours later) there's more . I don't have a Windows XP disk to patch anything (although I'm willing to buy one if anyone thinks it has a good chance of fixing the problem) . I got a new explorer . exe file from a friend with the same service pack and replaced my file, thinking it might have been corrupt, but nothing different happened . Any help would be greatly greatly apprettiate . I'm out of ideas . If you need to know any other information about my comp please ask . Here's my Hijack this logfile . . . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 8:54:15 PM, on 8/29/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 5730 . 0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\LEXBCES . EXE C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\system32\LEXPPS . EXE C:\Program Files\iolo\Common\Lib\ioloDMVSvc . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper . exe C:\WINDOWS\System32\alg . exe C:\Program Files\Yahoo!\Messenger\YahooMessenger . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\BitTorrent\bittorrent . exe C:\Program Files\Internet Explorer\IEXPLORE . EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI . exe C:\Program Files\Webroot\Spy Sweeper\SSU . EXE C:\Program Files\Trend Micro\HijackThis\HijackThis . exe C:\WINDOWS\system32\wbem\wmiprvse . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = . rd . yahoo . com/customize/ie/defaults/sb/msgr8/*http://www . yahoo" target="_blank">us . rd . yahoo . com . com/ext/search/search . html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . yahoo . com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = . rd . yahoo . com/customize/ie/defaults/sb/msgr8/*http://www . yahoo" target="_blank">us . rd . yahoo . com . com/ext/search/search . html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = . rd . yahoo . com/customize/ie/defaults/su/msgr8/*http://www . yahoo" target="_blank">us . rd . yahoo . com . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin . dll O4 - HKLM\ . . \Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut . exe O4 - HKLM\ . . \Run: [NvCplDaemon] "RUNDLL32 . EXE" C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] "nwiz . exe" /install O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [AlcWzrd] ALCWZRD . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [NvMediaCenter] "RUNDLL32 . EXE" C:\WINDOWS\system32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray . exe" O4 - HKLM\ . . \Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer . exe" O4 - HKLM\ . . \Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI . exe /startintray O4 - HKCU\ . . \Run: [Aim6] "C:\Program Files\AIM6\aim6 . exe" /d locale=en-US ee://aol/imApp O4 - HKCU\ . . \Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ . exe" O4 - HKCU\ . . \Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7 . 0\Reader\AdobeUpdateManager . exe" AcRdB7_0_9 O4 - HKCU\ . . \Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM . exe" -scheduler O4 - HKCU\ . . \Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent . exe" --force_start_minimized O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger . exe" -quiet O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1 . 4 . 2_04\bin\npjpi142_04 . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1 . 4 . 2_04\bin\npjpi142_04 . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/w" target="_blank">update . microsoft . com uweb_site . cab?1168971456218 O20 - AppInit_DLLs: c:\windows\system32\jkhffec . dll O20 - Winlogon Notify: Cmdrep - C:\WINDOWS\SYSTEM32\Cmdrep . dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice . exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc . exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc . - C:\WINDOWS\system32\LEXBCES . EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc . - C:\Program Files\Webroot\Spy Sweeper\SpySweeper . exe -- End of file - 6230 bytes |
ashez2ashes (12753) | ||
| 586124 | 2007-08-30 02:27:00 | Welcome to PressF1 Ashes, Is the PC a name brand PC, Eg: Dell, HP etc or one made up? When you say "Safe Mode doesn't work, system restore did not work," does it come up with error messages or nothing happens - no restore points ? Sooner or later you may need the XP CD to replace files. You don't have to buy one just yet, borrow one if you know someone who has it. The bittorrent on start up may be causing some problems. As soon as Speedy turns up, he should be able to give you more help with the Hijack files. |
wainuitech (129) | ||
| 586125 | 2007-08-30 02:30:00 | It goes into Safe Mode, but the same blank desktop happens and internet explorer won't start. System Restore acted like it worked... I choose a previous restore point before the problems occured, it restarted and said it had been restored but the desktop was still blank. I knew it worked partly, because I was back to Internet Explorer 6. | ashez2ashes (12753) | ||
| 586126 | 2007-08-30 02:54:00 | Ok you can try this -If you dont have a windows XP CD, then download This ( . webtree . ca/windowsxp/Tools/bootdiscs/xp_rec_con . zip" target="_blank">www . webtree . ca)4 . 46Mb Its the boot section of the XP CD that will allow you to enter you current system and run chkdsk . To run chkdsk if you don't know how go Here ( . wisc . edu/helpdesk/page . php?id=5097" target="_blank">kb . wisc . edu) Run chkdsk and enter the following chkdsk /p Note the space between k /p The instructions on that site say you need the windows XP CD, but the download is the first part that actually runs from your system( assuming its not damaged to much) other wise you will need the XP CD Unzip the download then You will need to burn the ISO Image to a cd, if you dont have an image burner, one is located in my Sig below . If that doesn't get it going to how it was before IE7 then you will need a XP CD at some stage . There is another command to use, but this usually will require a XP CD . from start/run type in sfc /scannow Enter/OK Speedy should be able to help you more with the Hijack file |
wainuitech (129) | ||
| 586127 | 2007-08-30 03:10:00 | OPPS! that command should have been chkdsk /r | wainuitech (129) | ||
| 586128 | 2007-08-30 03:15:00 | Ok I'll try chkdsk and see if that fixes the problem. My computer is one I helped a friend build. It's got a 8800GTS Video card, 2 Gigs of Ram, an awesome NZXT case with 6 fans, cable internet Windows XP, great sound card, good flatscreen moniter... etc... It's a good system, so its frustrating when something like explorer that works on my grandma's comp is acting up. |
ashez2ashes (12753) | ||
| 586129 | 2007-08-30 03:23:00 | Run HJT again tick these entries then tick fix checked. Close browser/s. These are safe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Uninstall ALL versions of Sun Java, yours is out of date. Link is in my sig. Not too sure what these are O20 - AppInit_DLLs: c:\windows\system32\jkhffec.dll O20 - Winlogon Notify: Cmdrep - C:\WINDOWS\SYSTEM32\Cmdrep.dll Get rogueremover and trojan remover in my sig. Install both update both then click on scan. And select all options under utilities in trojan remover. If you cant get any browser to work the link to TR is here (www.simplysup.com) |
Speedy Gonzales (78) | ||
| 586130 | 2007-08-30 03:49:00 | Ok I'll try chkdsk and see if that fixes the problem. My computer is one I helped a friend build. It's got a 8800GTS Video card, 2 Gigs of Ram, an awesome NZXT case with 6 fans, cable internet Windows XP, great sound card, good flatscreen moniter... etc... It's a good system, so its frustrating when something like explorer that works on my grandma's comp is acting up. Nice system, since its custom built then you should have been given the XP CD as well. I don't like asking this, but is it a legal copy of XP ? |
wainuitech (129) | ||
| 586131 | 2007-08-30 04:12:00 | Try pressing WindowsKey+R to bring up the Run dialog box. Type explorer.exe and it should load the desktop etc for you. Try pressing Ctrl+Alt+Del and running explorer.exe in the New Task... dialog box. If any of these methods work, add a shortcut to explorer.exe to the Startup folder on your Start menu, under Programs.;) |
jwil1 (65) | ||
| 586132 | 2007-08-30 04:38:00 | OMG Speedy I love you... The Trojan remover worked! My desktop is back! :thumbs: Actually I love everyone that posted. I'm that grateful. XD I assume my Windows XP isn't bootleg. My harddisk is from my previous store bought computer. I fried my motherboard and video card by playing too much Oblivion and had to get mostly new parts... :blush: Any suggestions on what I did wrong so that it doesn't happen again? Too much bit torrenting? Or do I need to get better software to protect my system? Before I only had Spy Sweeper with Anti Virus and Ad aware. |
ashez2ashes (12753) | ||
| 1 2 | |||||