bobbyraw
Nearly a Posting Virtuoso
1,324 posts since Oct 2006
Reputation Points: 34
Solved Threads: 103
Have something to say? Contribute New Article Reply to this Article
Desktop completely blank
Hi folks,
I have an urgent problem on my hands. When I booted my pc in winxp, it booted ok, but the desktop and taskbar are completely missing. In other words the desktop is completely blank. With this blank desktop I can do nothing such as reinstall xp etc. Please suggest a solution to this problem. With regards, manitm16
Hi Bobbyraw
I can start the pc in safe mode, screen is not black, wall paper is there. manitm16
Manitm,
You may have a virus can you download HJT and post the results here?
http://www.majorgeeks.com/download5554.html
AJZ
in safe mode, click on start, then run then type msconfig on the general tab choose diagnostic startup then restart the pc. when you get in do what zelkea suggest
bobbyraw
Nearly a Posting Virtuoso
1,324 posts since Oct 2006
Reputation Points: 34
Solved Threads: 103
Hi folks, I have an urgent problem on my hands. When I booted my pc in winxp, it booted ok, but the desktop and taskbar are completely missing. In other words the desktop is completely blank. With this blank desktop I can do nothing such as reinstall xp etc. Please suggest a solution to this problem. With regards, manitm16
Is this is an Network environment? With a domain? What most likely happened is your profile reset. Check your "Document and Settings" folder and see if you see a folder that has your normal.domain such as BSmith.WORGROUP. If so you profile reset and you can force the fix in the Registry. If this is the case don't worry, you haven't lost any data yet.
Best
I can start the pc in safe mode, only the desktop wall paper can be seen, screen is not black. manitm16
_____________________________________________________________________________
can you start the pc in safe mode, when you say blank do you see the desktop wall paer or the screen is black.?????????/
Manitm, You may have a virus can you download HJT and post the results here?
http://www.majorgeeks.com/download5554.html
AJZ
__________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:17 AM, on 2/5/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [pas_check] C:\PROGRAM FILES\SYSTEMDOCTOR 2006 FREE\PASMON.EXE
O4 - HKLM\..\Run: [Firewall] "C:\Program Files\WinAntiVirus Pro 2007\NtFt.exe" /win98
O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Wallettick] C:\WINDOWS\Desktop\Wallettick.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe
O4 - HKCU\..\Run: [CoolTick] C:\PROGRAM FILES\COOLTICK8\COOLTICK8.EXE -I0
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [CoolTick] C:\PROGRAM FILES\COOLTICK8\COOLTICK8.EXE -I0 (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - .DEFAULT Startup: Setup.exe (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: scandskw.lnk = C:\WINDOWS\Start Menu\Programs\Accessories\System Tools\scandskw.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Setup.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: scandskw.lnk = C:\WINDOWS\Start Menu\Programs\Accessories\System Tools\scandskw.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
--
End of file - 7617 bytes
Manitm, You may have a virus can you download HJT and post the results here?
http://www.majorgeeks.com/download5554.html
AJZ
_____________________________________________________________________________
Zelka,
The test you suggested was done on on XP in diagnostic mode and the result is given below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:21 AM, on 2/5/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
D:\WINDOWS\system32\restore\rstrui.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files\Microsoft Office\Office10\MSTORDB.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=322&client_id=C7172F8001C84125036A6DB2&version=4.5.6.0&it=1197948397&loc=&qry=&url=http://www.yahoo.com/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-21-725345543-1844237615-2147112213-1003\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe (User '?')
O8 - Extra context menu item: &WordWeb... - res://D:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
--
End of file - 5210 bytes
manitm16,
You do have a couple trojan’s on your system I would boot into safe mode and run HJT and fix the following entries, then run a complete a/v scan. Reboot normally, run HJT, and post the log. Make sure your antivirus is current and you have the latest definitions.
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE"
O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe
O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http ://static.waverevenue.com/website.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www .ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O4 - .DEFAULT Startup: Setup.exe (User 'Default user')
O4 - Startup: Setup.exe
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
AJZ
Manitm16,
The log looks clean, is your desktop still blank? If so, I would boot into safe mode, create another user account, then boot normally, and log in with the new user.
Let me know if the desktop is blank on the new account as well. If you have a desktop again with the new account let me know what information you would like from your old account and I will help you retrieve that information.
AJZ
manitm16, You do have a couple trojan’s on your system I would boot into safe mode and run HJT and fix the following entries, then run a complete a/v scan. Reboot normally, run HJT, and post the log. Make sure your antivirus is current and you have the latest definitions.
O4 - HKLM\..\Run: [WINFLYER32.DLL] "rundll32.exe" C:\WINDOWS\SYSTEM\WINFLYER32.DLL,Run O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [mav_startupmon] "C:\PROGRAM FILES\COMMON FILES\WINANTIVIRUS PRO 2007\MAV_STARTUPMON.EXE" O4 - HKCU\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe O4 - HKUS\.DEFAULT\..\Run: [Bearshare Accelerator] C:\Program Files\Bearshare Accelerator\Bearshare Accelerator.exe (User 'Default user') O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http ://static.waverevenue.com/website.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www .ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab O4 - .DEFAULT Startup: Setup.exe (User 'Default user') O4 - Startup: Setup.exe O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] C:\WINDOWS\TEMP\GLB31B2.TMP C:\WINDOWS\TEMP\GLF31D3.TMP\settings.ini
AJZ
__________________________________________________________________________
Hi AJZ
The HJT log you have seen is that of the win98se on my computer which I had sent mistakenly. I am posting below the HJT log of win xp: Please let me have your comments on this. Thanks manitm16.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:01 PM, on 2/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=322&client_id=C7172F8001C84125036A6DB2&version=4.5.6.0&it=1197948397&loc=&qry=&url=http://www.yahoo.com/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - D:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - D:\WINDOWS\System32\bgstb.dll
O4 - HKLM\..\Run: [{7FDDA133-D598-434B-9C4F-35BB909D2623}] D:\DOCUME~1\user\LOCALS~1\Temp\GLB2.tmp D:\DOCUME~1\user\LOCALS~1\Temp\GLF7.tmp\settings.ini
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [VRSRun] "D:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
O4 - HKLM\..\Run: [TRxRun] "D:\Program Files\NCH Swift Sound\TRx\trx.exe" -logon
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Talk] "D:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Recordpad] "D:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IVMRun] "D:\Program Files\NCH Swift Sound\IVM\ivm.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DialDictateRun] "D:\Program Files\NCH Swift Sound\DialDictate\ddictate.exe" -logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [bgsmsnd.exe] D:\WINDOWS\System32\bgsmsnd.exe
O4 - HKLM\..\Run: [AxonRun] "D:\Program Files\NCH Swift Sound\Axon\axon.exe" -logon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://D:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Axon Service (AxonService) - Unknown owner - D:\Program Files\NCH Swift Sound\Axon\axon.exe (file missing)
O23 - Service: DialDictate Service (DialDictateService) - Unknown owner - D:\Program Files\NCH Swift Sound\DialDictate\ddictate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IVM Answering Attendant Service (IVMService) - Unknown owner - D:\Program Files\NCH Swift Sound\IVM\ivm.exe (file missing)
O23 - Service: VRS Recording System Service (VRSService) - Unknown owner - D:\Program Files\NCH Swift Sound\VRS\vrs.exe (file missing)
--
End of file - 8164 bytes
you should download windows latest updates to get to SP2 first ,then get and run spybot S&D ,and ad-aware ,links to them in my signature
caperjack
I hate 20 Questions
Team Colleague
13,068 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
HELLO
You could try a system restore to an earlier time when the pc was ok.
Then run a virus / spyware / mailware to see if you have any nasties.
That maybe worth a try
caperjack
I hate 20 Questions
Team Colleague
13,068 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
HELLO You could try a system restore to an earlier time when the pc was ok. Then run a virus / spyware / mailware to see if you have any nasties. That maybe worth a try
_______________________________________________________________________________
Hi Selwyn
It will of great help if you please explain how 'system restore' can be done.
Thanks, manitm16
so you have nothing on the desktop .try this , ALT+CTRL+DEL ,taks manager should open up .go to file /new task ,type in , explorer.exe ,you might get the desktop back ,you might not, if you do get to the taks manager but the explorer.exe didn't work type in this
%SystemRoot%\system32\restore\rstrui.exe
caperjack
I hate 20 Questions
Team Colleague
13,068 posts since Aug 2003
Reputation Points: 1,064
Solved Threads: 812
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
