Member Avatar for Zmaster

Hello,

Yesterday I stumbled onto some spyware and subsequently ran spybot and a few other programs, and got rid of it (or at least I'm pretty sure I did). Now I'm having a problem where when I log in I never get the start menu or my desktop icons, just the background image. I would perfer not to reformat, seeing as this is my work computer, I can get all the files I need off of it, but I would rather exaust all other possibilities first. I have been navigating around everything from the task manager, but for some reason when I run Explorer.exe it instantly gets killed, and I don't get anything out of it. Here is my HijackThis report in case that helps, and thanks for any help.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:52:58 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MPICH\mpd\bin\mpd.exe
C:\MSC.Software\MSC.Licensing\9.2a\lmgrd.exe
C:\MSC.Software\MSC.Licensing\9.2a\msc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9r5pqiii.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/9r5pqiii.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-21-861567501-838170752-682003330-500\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-861567501-838170752-682003330-500\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-838170752-682003330-500\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-861567501-838170752-682003330-500\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-838170752-682003330-500\..\RunOnce: [FFTI] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9r5pqiii.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/9r5pqiii.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Micro Update] dailin.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Micro Update] dailin.exe (User 'Default user')
O4 - S-1-5-21-861567501-838170752-682003330-500 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149004811812
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = engineous.com
O17 - HKLM\Software\..\Telephony: DomainName = engineous.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = engineous.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = engineous.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: atlanta_server - Unknown owner - C:\Program Files\Engineous\iSIGHT-FD_1.0\bin\win32\lmgrd.exe (file missing)
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MPICH Daemon (C) 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Program Files\MPICH\mpd\bin\mpd.exe
O23 - Service: MSC.Licensing 9.2a - Macrovision Corporation - C:\MSC.Software\MSC.Licensing\9.2a\lmgrd.exe
O23 - Service: RSH Daemon (rshd) - Unknown owner - c:\fluent.inc\ntbin\ntx86\rshd.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe

--
End of file - 6758 bytes

  • 4 Contributors
  • 5 Replies
  • 186 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by jbennet

Recommended Answers

All 5 Replies

Member Avatar for ihelp

Try bootting the computer in safe mode.Try logging in all the user a/c's u see in safe mode.If you see the start menu and icons in safe mode than:
start-run-msconfig.
click on startup tab-click on disable all
click on services tab-put a check mark in hide all microsoft services-click on disable all.
click on apply,ok and restart the computer and you should see a normal desktop.

If in safe mode to the same problem persists than:
open the task manager by pressing alt-ctrl-del
click on file-new-nusrmgr.cpl and click on ok.this will give you the option to create a new user a/c.try creating one and see what happens.
OR, from the task manager open cmd and than from cmd-sfc /scannow.
If this doesnt work either use the win xp cd to do a repair installation where you wont loose any files.If you want assistanc in doing repair installation visit :
http://www.microsoft.com/windowsxp/using/setup/support/nostart.mspx

Member Avatar for Gunnarh

ctrl+alt+del to activate task manager, then Program, New activity, explorer...

If the start menu comes up you know that the command to start the program shell is missing in registry. I will try to find out how to reapir that... But now I have to go away for some hours

Member Avatar for Gunnarh

reapir should be repair of course. I cannot find an easy fix. It would be interesting to hear about your results from my suggestion though..

Member Avatar for Zmaster

Thanks ihelp, the repair windows install fixed the problem (a note to anyone else attempting to do this... have your windows cd key at the ready...). Gunnarh, when I tried starting explorer nothing happened, not even a flash of the start menu or icons, but thanks for the suggestion.

Member Avatar for jbennet

if for some reason it never comes up then make sure to close your existing explorer first (under processes tab on control-alt-delete then in the taks manager do file -> run -> explorer and click the desktop a couple of times and wait.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.