0

Hi,
I'm a new poster hoping to get some help. I am unable to open any folders, My Computer, Control Panel, or Search from the desktop or using Start menu. When I dbl click to open from desktop, all icons and taskbar disappear for a few seconds and then reappear. and the TASK MANAGER SHOWN THAT 99% on idle process .. the rest 0

I've run Ad Aware, AVG Anti Spyware, Spybot Search and Destory, and Registry Mechanic but have seen no change. My problem does not exist in Safe Mode.

I've seen other problems similar to this in this forum, and all included a Hijack This log.... so mine's below
THANKS for any help , thank you very mush .....


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\EDITCE~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Acronis燭rue營mage Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://panda0321bhc.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130298874137
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130298857434
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

4
Contributors
13
Replies
15
Views
10 Years
Discussion Span
Last Post by jubel
0

Download the file from here, unzip it to the same folder and dclick the file linkfile_fix.reg; answer yes to merge it with your registry.
http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip
- This may solve your problem, it certainly will not make things worse.
[when you dclick the unzipped file it may just open in notepad - I have altered my settings so that this is the case, no unintended application of .reg files to my registry that way. Anyway if this is the case for you simply rclick the file, choose open with, and registry editor....]

0

Thanks gerbil..
i hv tried ur linkfile_fix load into my registry but the problems still persist ...
during the normal mode , i cant explore any programs , folder and cannot connect to internet due to the IE cannot open too . my computer open will 'hang' same as my control panel , no matter how i click on the icon , (the task manager still show 99% in system idle process or 1 % in task manager ) the rest shown 0%/
In safe mode , i can only open the folder in desktop but the rest e.g my computer , control panel any programs that install in c: problem still occur .so i install the antivirus software in my pendrive . AVG , spybot , scan but cant find any infected files.my default anitivirus software is Norton , but norton also cant access now .
Thanks for help ....

0

after run ccClean - unable to clean files ( temporary internet files and hitory ) after running combo fix , below is the log

"EditCentre" - 2007-07-03 11:46:07 - ComboFix 07-06-27.7 - Service Pack 2  NTFS  [SAFE MODE]



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\WINDOWS\system32\xunleibho_v8.dll



(((((((((((((((((((((((((   Files Created from 2007-06-03 to 2007-07-03  )))))))))))))))))))))))))))))))



2007-07-03 11:44    49,152  --a------   C:\WINDOWS\nircmd.exe
2007-07-03 11:43    <DIR>    d--------   C:\VundoFix Backups
2007-06-29 17:00    626,688 --a------   C:\WINDOWS\system32\msvcr80.dll
2007-06-29 16:42    0   --a------   C:\WINDOWS\system32\SBRC.dat
2007-06-29 16:42    0   --a------   C:\WINDOWS\system32\SBFC.dat
2007-06-29 13:54    <DIR>    d--h-----   C:\WINDOWS\system32\GroupPolicy
2007-06-29 09:12    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-27 12:00    <DIR>    d--------   C:\WINDOWS\system32\appmgmt
2007-06-27 10:47    <DIR>    d--hs----   C:\WINDOWS\CSC
2007-06-21 09:02    8,192   --a------   C:\WINDOWS\system32\wshirda.dll
2007-06-21 09:02    59,648  --a------   C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-21 09:02    274,304 --a------   C:\WINDOWS\system32\drivers\bthport.sys
2007-06-21 09:02    27,136  --a------   C:\WINDOWS\system32\irmon.dll
2007-06-21 09:02    18,944  --a------   C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-06-21 09:02    17,024  --a------   C:\WINDOWS\system32\drivers\BthEnum.sys
2007-06-21 09:02    152,576 --a------   C:\WINDOWS\system32\irftp.exe
2007-06-21 09:02    100,992 --a------   C:\WINDOWS\system32\drivers\bthpan.sys



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-06-29 05:44:21 --------    d-----w C:\Program Files\Online Services
2007-06-28 05:23:10 --------    d-----w C:\Program Files\Norton AntiVirus
2007-06-27 03:54:01 --------    d-----w C:\Program Files\Windows Media Connect 2
2007-06-22 03:21:50 --------    d-----w C:\DOCUME~1\EDITCE~1\APPLIC~1\AdobeUM
2007-06-13 07:55:41 --------    d-----w C:\Program Files\MSN Messenger
2007-06-13 07:19:56 --------    d-----w C:\DOCUME~1\EDITCE~1\APPLIC~1\ppStream
2007-06-01 01:48:29 --------    d-----w C:\DOCUME~1\EDITCE~1\APPLIC~1\U3
2007-05-29 01:58:55 --------    d-----w C:\DOCUME~1\EDITCE~1\APPLIC~1\WinRAR
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400   ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624  ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936   ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504  ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080  ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352  ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 14:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0005A87D-D626-4B3A-84F9-1D9571695F55}=C:\WINDOWS\system32\xunleibho_v8.dll []
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 01:03]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-11-24 23:46]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-18 14:00 C:\WINDOWS\SOUNDMAN.EXE]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 11:35]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-27 16:13]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-27 16:13]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-04 17:17]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{134a0b92-e0bb-11db-b2d8-000d61585d95}]
Auto\command- pagefile.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e64dd7ab-b58e-11db-b2c8-000d61585d95}]
Auto\command- pagefile.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe



Contents of the 'Scheduled Tasks' folder
2007-07-03 01:31:52  C:\WINDOWS\tasks\Symantec NetDetect.job


**************************************************************************


catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 11:46:49
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


cmd.exe [2004]



scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""


[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]



[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]



Completion time: 2007-07-03 11:47:36
C:\ComboFix-quarantined-files.txt ... 2007-07-03 11:47


--- E O F ---

Edited by happygeek: fixed formatting

0

hmm... nothing there. Combofix has actually deleted a file by Thunder Networking Tech - it is the genuine file, not a bit of malware. But i don't know what it does, apart from being a BHO -browser helper- so you may not miss it. The key which started it is still there; you can go into registry and remove it if you wish:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects;
{0005A87D-D626-4B3A-84F9-1D9571695F55}=C:\WINDOWS\system32\xunleibho_v8.dll []
You could try a Panda scan while we think on your symptoms.... do a fresh CCleaner run first:
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

From what you say I do not think it is a spyware problem.. 99% sys idle is good.

0

OOPS!! Big oops!. The Panda scan is online ...gulp... can you start internet explorer via Task Manager? File, New task, type Iexplore.exe and enter. Sorry... Or else start in safe mode with networking and try it from there.
Have you got an XP SP2 installation CD? It would pay to run
sfc /scannow

0

thanks , safe mode with networking also unable to start IExplorer so unable to run online scanning , connected with network but unable to run IE.under safemode , task manager /run new task iexplorer unable to open too . thanks for help .i will try the reinstall XP SP2 :>

0

Do the sfc /scannow command first, it checks and replaces any corrupted protected windows components, and takes maybe 10mins...and it is looking like your shell or rundll32 is broken. Next option is a windows repair - with that as opposed to a reinstall you keep all your 3rd party applications and files intact.
Say how you get on.

0

Thanks , i will try it later , reinstall or recover the windows xp will keep 3rd party applications and files intact ... thank you gerbil

0

You misunderstood me - a repair installation will keep 3rd party applications and files intact, reinstalling will not.

0

HI.

Just wanted to say that I experienced the same problem with the icons on my desktop and I used the panda scan link and waited for it to complete. About halfway into the scan(after it picked up about 2 viruses and about 40+ spyware items..not sure if all were valid threats to my pc since I did take an internet security class and the professor did give us spyware software of which some were on my computer) my computer shut off. when I restarted it, I am now able to access all items on my desktop and most importantly, my internet explorer, my computer, and network places. even though my desktop didn't work, I still had access to realplayer and I was able to open a browser there so that I could access google to search the web for any solutions. That is when I was lead to you guys and then the link for panda scan.

Thanks so much for the advice. I ended up joining daniweb since it was such a help to me.

0

hi rayvj ,
thanks . but i unable to to connect to internet so , i was unable to do to panda live scanning ...

0

Hi , thanks everyone , thank you !
i'm sorry to wasted all ppls effoct , before i try the scf /scannow my coll formatted the hd ....so only this step i hvn try . thanks gerbil maybe i could try it next time ... thanks ya

0

Hi,

I resolve it by installing Internet explorer 7, or by re-installing explorer 6, i think this problem is due to explorer files being corrupted, hope this helps everyone with similar problem.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.