 |  |  |  |  |  |  |  |
Desktop completely blank
 |
manitm16,
You do have a couple trojan’s on your system I would boot into safe mode and run HJT and fix the following entries, then run a complete a/v scan. Reboot normally, run HJT, and post the log. Make sure your antivirus is current and you have the latest definitions.
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE"
O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe
O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http ://static.waverevenue.com/website.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www .ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O4 - .DEFAULT Startup: Setup.exe (User 'Default user')
O4 - Startup: Setup.exe
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
AJZ
You do have a couple trojan’s on your system I would boot into safe mode and run HJT and fix the following entries, then run a complete a/v scan. Reboot normally, run HJT, and post the log. Make sure your antivirus is current and you have the latest definitions.
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE"
O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe
O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http ://static.waverevenue.com/website.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www .ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O4 - .DEFAULT Startup: Setup.exe (User 'Default user')
O4 - Startup: Setup.exe
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
AJZ
Manitm16,
The log looks clean, is your desktop still blank? If so, I would boot into safe mode, create another user account, then boot normally, and log in with the new user.
Let me know if the desktop is blank on the new account as well. If you have a desktop again with the new account let me know what information you would like from your old account and I will help you retrieve that information.
AJZ
The log looks clean, is your desktop still blank? If so, I would boot into safe mode, create another user account, then boot normally, and log in with the new user.
Let me know if the desktop is blank on the new account as well. If you have a desktop again with the new account let me know what information you would like from your old account and I will help you retrieve that information.
AJZ
•
•
•
•
Originally Posted by zelkea 
manitm16,
You do have a couple trojan’s on your system I would boot into safe mode and run HJT and fix the following entries, then run a complete a/v scan. Reboot normally, run HJT, and post the log. Make sure your antivirus is current and you have the latest definitions.
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE"
O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe
O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http ://static.waverevenue.com/website.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www .ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O4 - .DEFAULT Startup: Setup.exe (User 'Default user')
O4 - Startup: Setup.exe
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
AJZ
Hi AJZ
The HJT log you have seen is that of the win98se on my computer which I had sent mistakenly. I am posting below the HJT log of win xp: Please let me have your comments on this. Thanks manitm16.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:01 PM, on 2/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pro...www.yahoo.com/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] D:\DOCUME~1\user\LOCALS~1\Temp\GLB2.tmp D:\DOCUME~1\user\LOCALS~1\Temp\GLF7.tmp\settings.ini
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [VRSRun] "D:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKLM\..\Run: [TRxRun] "D:\Program Files\NCH Swift Sound\TRx\trx.exe" -logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Talk] "D:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Recordpad] "D:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IVMRun] "D:\Program Files\NCH Swift Sound\IVM\ivm.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DialDictateRun] "D:\Program Files\NCH Swift Sound\DialDictate\ddictate.exe" -logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [bgsmsnd.exe] D:\WINDOWS\System32\bgsmsnd.exe
O4 - HKLM\..\Run: [AxonRun] "D:\Program Files\NCH Swift Sound\Axon\axon.exe" -logon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://D:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Axon Service (AxonService) - Unknown owner - D:\Program Files\NCH Swift Sound\Axon\axon.exe (file missing)
O23 - Service: DialDictate Service (DialDictateService) - Unknown owner - D:\Program Files\NCH Swift Sound\DialDictate\ddictate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IVM Answering Attendant Service (IVMService) - Unknown owner - D:\Program Files\NCH Swift Sound\IVM\ivm.exe (file missing)
O23 - Service: VRS Recording System Service (VRSService) - Unknown owner - D:\Program Files\NCH Swift Sound\VRS\vrs.exe (file missing)
--
End of file - 8164 bytes
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation: 
Solved Threads: 508
you should download windows latest updates to get to SP2 first ,then get and run spybot S&D ,and ad-aware ,links to them in my signature
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
•
•
Join Date: Feb 2008
Posts: 85
Reputation:
Solved Threads: 0
Junior Poster in Training
HELLO
You could try a system restore to an earlier time when the pc was ok.
Then run a virus / spyware / mailware to see if you have any nasties.
That maybe worth a try
You could try a system restore to an earlier time when the pc was ok.
Then run a virus / spyware / mailware to see if you have any nasties.
That maybe worth a try
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation:
Solved Threads: 508
Last edited by caperjack; Feb 13th, 2008 at 11:30 pm.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
•
•
•
•
Originally Posted by Selwyn
HELLO
You could try a system restore to an earlier time when the pc was ok.
Then run a virus / spyware / mailware to see if you have any nasties.
That maybe worth a try
Hi Selwyn
It will of great help if you please explain how 'system restore' can be done.
Thanks, manitm16
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation:
Solved Threads: 508
so you have nothing on the desktop .try this , ALT+CTRL+DEL ,taks manager should open up .go to file /new task ,type in , explorer.exe ,you might get the desktop back ,you might not, if you do get to the taks manager but the explorer.exe didn't work type in this
%SystemRoot%\system32\restore\rstrui.exe
%SystemRoot%\system32\restore\rstrui.exe
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
|
Similar Threads
- Unable To Right Click Desktop (Viruses, Spyware and other Nasties)
- Blank screen with no beep, after powerboard is replaced. (Troubleshooting Dead Machines)
- New Win32 Virus + Desktop Blank (Viruses, Spyware and other Nasties)
- 2 Envision Display difficulties - fuzzy and blank (Monitors, Displays and Video Cards)
- blank desktop after cleaning trojan (Viruses, Spyware and other Nasties)
- Dell inspirion 1000 problem (Troubleshooting Dead Machines)
- More Cool Web Search/Shopping Wizard/about:blank problems (Viruses, Spyware and other Nasties)
- Help with Trojan.bookmarker.gen (Viruses, Spyware and other Nasties)
- about:blank virus (Viruses, Spyware and other Nasties)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Creating an intranet in Windows XP
- Next Thread: I forgot my xp username help!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
.net 3.5 3daccelertion 2007 2010 activedirectory alaris apache application arm auto automatically black blue book boot cellphones chinese collaboration computer computerfreezes crash desktop desktops dns domain dotnetnuke drive error errors explorer features firefox folder fontmanagers fonts gadgets install intel killprocess laptop laptops latitude linux load login mac markshuttleworth microsoft minimalizes mobile monitor netbooks novell nvidia opensource operatingsystems osinstallationproblem osx outlook partition patch port product proxy raid rds remotedesktopconnection repair replacingraiddrive screen server. simplifiedchinese sp1 sp3 spyware studios ubuntu unreadable update usb verizon videogames virtual virus vista visual vulnerability wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp
