 |  |  |  |  |  |  |  |
I messed up with my OS, can anyone help me solve this
Thread Solved |
I have Win XP SP2, with McAfee 2005, everything was fine until i installed "Acronis True Image" software.
After installation it asked for restart, i restarted, ran fine till bootmenu, Win XP logo, and the password section, but after typing password and press enter it stays their 4 about 15 seconds and then my desktop wallpapers appears without icons and taskbar. It stays like that for 30 seconds and then slowly icons start appearing.
Any idea wat could have happened, i uninstalled the software, removed registry entries but not solved , the worse thing is that the system restore is disabled so i cant restore it.
I even tried to repair XP but nothing changed
This is my HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 9:42:20 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
The last entry shows that the file is missing could it b the problem
After installation it asked for restart, i restarted, ran fine till bootmenu, Win XP logo, and the password section, but after typing password and press enter it stays their 4 about 15 seconds and then my desktop wallpapers appears without icons and taskbar. It stays like that for 30 seconds and then slowly icons start appearing.
Any idea wat could have happened, i uninstalled the software, removed registry entries but not solved , the worse thing is that the system restore is disabled so i cant restore it.
I even tried to repair XP but nothing changed
This is my HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 9:42:20 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
The last entry shows that the file is missing could it b the problem
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
•
•
Join Date: Jun 2005
Posts: 238
Reputation: 
Solved Threads: 6
Posting Whiz in Training
Well... Here are a couple of things.
As far as your HJT log goes. You need not to remove anything:
You can read about
HERE
And unless you are using it to cature access to other computers remotely I would reccommend you delete it, and un-install it.
As far as everything thing else goes I would suggest you download and run AVG & Ad-aware to make sure you are not infected. HiJackThis doesn't always find everything, but it certainly does a great job.
As far as your HJT log goes. You need not to remove anything:
You can read about
•
•
•
•
Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
And unless you are using it to cature access to other computers remotely I would reccommend you delete it, and un-install it.
As far as everything thing else goes I would suggest you download and run AVG & Ad-aware to make sure you are not infected. HiJackThis doesn't always find everything, but it certainly does a great job.
+_-¤ ŦĦễ £ﺄiĢĦŧňĨňĢĦǻщk ¤-_+
South Georgia Computers - Home and Office IT Solutions - Owner/Tech
Need the BEST software for Virus/Spyware Removal? Download - AVG Free -
Computer Problems? Forget the GeeK Squad use something better: DaniWeb
South Georgia Computers - Home and Office IT Solutions - Owner/Tech
Need the BEST software for Virus/Spyware Removal? Download - AVG Free -
Computer Problems? Forget the GeeK Squad use something better: DaniWeb
•
•
Join Date: Aug 2005
Posts: 77
Reputation:
Solved Threads: 1
Junior Poster in Training
Have you tried System Restore?
•
•
Join Date: Aug 2005
Posts: 902
Reputation:
Solved Threads: 23
Posting Shark
Justin01, he mentioned that he has System Restore disabled.
jaishankar, try running BootVis. Follow the instructions on that page to get the most out of it. Let us know if this addresses any of those issues you are having.
jaishankar, try running BootVis. Follow the instructions on that page to get the most out of it. Let us know if this addresses any of those issues you are having.
Did we help you? Did we miss the point entirely? Update your thread and let us know.
Don't like the answers you are getting?
Did you try searching?
Clean up and optimize Windows 2000/XP
Don't like the answers you are getting?
Did you try searching?
Clean up and optimize Windows 2000/XP
Hello
Lightninghawk, justin, and chrisbliss, thanx for the reply
I mentioned about "Acronis True Image" is the problem created due to this
Is it safe to delete RPC, i didnt install it and theres no uninstalller to uninstall it. How shall i remove it
I already have scanned for viruses and spyware system is clean
As far as System Restore its already disabled
Let me try BootVis i will b back soon
Lightninghawk, justin, and chrisbliss, thanx for the reply
I mentioned about "Acronis True Image" is the problem created due to this
Is it safe to delete RPC, i didnt install it and theres no uninstalller to uninstall it. How shall i remove it
I already have scanned for viruses and spyware system is clean
As far as System Restore its already disabled
Let me try BootVis i will b back soon
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
I have deleted the RPC entry even scanned with MCafee some unwanted programs were found but not virus, deleted them
Downloaded BootVis and followed the steps, but no results problem still exists
Iam attaching the screen shot of BootVis scan
Downloaded BootVis and followed the steps, but no results problem still exists
Iam attaching the screen shot of BootVis scan
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
HI
i hve solved the problem
when the computer starts a program was running in the background "Windows Image Acquition" so i disabled this service
Now every thing is fine
Thanx all of ur 4 ur help
i hve solved the problem
when the computer starts a program was running in the background "Windows Image Acquition" so i disabled this service
Now every thing is fine
Thanx all of ur 4 ur help
6 rules to be happy:
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
Free your heart from hatred; Free your mind from worries; Live simply; Expect less; Give more & always have me as Ur Friend.
 |
Similar Threads
- System32/Config/ System missing on XP PRO and Home dual boot system (Windows NT / 2000 / XP)
- Computer restarts at random times (Windows NT / 2000 / XP)
- messed up windows... again! (Windows NT / 2000 / XP)
- Registering Domains (Web Hosting Deals)
- Problems uninstalling programs has created havoc for novice user (Windows NT / 2000 / XP)
- pixles and colors messed up (Windows 95 / 98 / Me)
- Msn buddy icons messed up (Windows Software)
- please help been at my pc for hours still cannot solve problem (Viruses, Spyware and other Nasties)
- HTML mail subscriiption error (PHP)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: Computer Shuts Down, No Warning.
- Next Thread: Rundll32.exe not found
Views: 1598 | Replies: 6
| Thread Tools | Search this Thread |
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Windows NT / 2000 / XP
.net 2010 a.exe address appstore audio auto black blue bluescreen book boot bulletin cellphones collaboration computer computerfreezes crash cursor deployment deployments desktop dns dotnetnuke drive dual eartlink error errors explorer features folder fontmanagers framework gadgets hardware intel interoperability killprocess laptop laptops latitude lcd linux load login mac markshuttleworth memory microsoft minimalizes monitor motionle1600 netbooks novell operatingsystems oracle osx outlook palm partition port printer product proxy remotedesktop replacingraiddrive retail rootkit screen security sharepoint simplifiedchinese sitetositevpn sp3 spyware technology ubuntu uninstall unreadable update usb verizon videodrivers videogames virus vista visual wab webos weecam win win32/heur window windows windows7 windowsxp windowsxpnotstartingup. worm xp
