944,204 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Windows NT / 2000 / XP > I messed up with my OS, can anyone help me solve this
Ad:
Permalink
Dec 13th, 2005
0

I messed up with my Window XP operating system

Expand Post »
I have Win XP SP2, with McAfee 2005, everything was fine until i installed "Acronis True Image" software.

After installation it asked for restart, i restarted, ran fine till bootmenu, Win XP logo, and the password section, but after typing password and press enter it stays their 4 about 15 seconds and then my desktop wallpapers appears without icons and taskbar. It stays like that for 30 seconds and then slowly icons start appearing.

Any idea wat could have happened, i uninstalled the software, removed registry entries but not solved , the worse thing is that the system restore is disabled so i cant restore it.

I even tried to repair XP but nothing changed


This is my HijackThis Log


Logfile of HijackThis v1.99.1
Scan saved at 9:42:20 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



The last entry shows that the file is missing could it b the problem
Similar Threads
Reputation Points: 11
Solved Threads: 14
Posting Whiz
jaishankar is offline Offline
317 posts
since Nov 2005
Permalink
Dec 13th, 2005
0

Re: I messed up with my Window XP operating system

Well... Here are a couple of things.

As far as your HJT log goes. You need not to remove anything:

You can read about
Quote ...
Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
HERE

And unless you are using it to cature access to other computers remotely I would reccommend you delete it, and un-install it.

As far as everything thing else goes I would suggest you download and run AVG & Ad-aware to make sure you are not infected. HiJackThis doesn't always find everything, but it certainly does a great job.
Reputation Points: 35
Solved Threads: 9
Posting Whiz in Training
Lightninghawk is offline Offline
288 posts
since Jun 2005
Permalink
Dec 13th, 2005
0

Re: I messed up with my OS, can anyone help me solve this

Have you tried System Restore?
Reputation Points: 11
Solved Threads: 2
Junior Poster in Training
Justin01 is offline Offline
77 posts
since Aug 2005
Permalink
Dec 13th, 2005
0

Re: I messed up with my OS, can anyone help me solve this

Justin01, he mentioned that he has System Restore disabled.

jaishankar, try running BootVis. Follow the instructions on that page to get the most out of it. Let us know if this addresses any of those issues you are having.
Reputation Points: 38
Solved Threads: 25
Posting Shark
chrisbliss18 is offline Offline
902 posts
since Aug 2005
Permalink
Dec 13th, 2005
0

Re: I messed up with my OS, can anyone help me solve this

Hello

Lightninghawk, justin, and chrisbliss, thanx for the reply

I mentioned about "Acronis True Image" is the problem created due to this

Is it safe to delete RPC, i didnt install it and theres no uninstalller to uninstall it. How shall i remove it

I already have scanned for viruses and spyware system is clean

As far as System Restore its already disabled

Let me try BootVis i will b back soon
Reputation Points: 11
Solved Threads: 14
Posting Whiz
jaishankar is offline Offline
317 posts
since Nov 2005
Permalink
Dec 14th, 2005
0

Re: I messed up with my OS, can anyone help me solve this

I have deleted the RPC entry even scanned with MCafee some unwanted programs were found but not virus, deleted them


Downloaded BootVis and followed the steps, but no results problem still exists

Iam attaching the screen shot of BootVis scan
Attached Thumbnails
Click image for larger version Name: page 1.JPG Views: 14 Size: 111.6 KB ID: 1592   Click image for larger version Name: page 2.JPG Views: 13 Size: 101.2 KB ID: 1593  
Reputation Points: 11
Solved Threads: 14
Posting Whiz
jaishankar is offline Offline
317 posts
since Nov 2005
Permalink
Dec 16th, 2005
0

Re: I messed up with my OS, can anyone help me solve this

HI
i hve solved the problem

when the computer starts a program was running in the background "Windows Image Acquition" so i disabled this service
Now every thing is fine

Thanx all of ur 4 ur help
Reputation Points: 11
Solved Threads: 14
Posting Whiz
jaishankar is offline Offline
317 posts
since Nov 2005

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Windows NT / 2000 / XP Forum Timeline: Computer Shuts Down, No Warning.
Next Thread in Windows NT / 2000 / XP Forum Timeline: Rundll32.exe not found





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC