No taskbar, copy/paste, moving icons, and memory is unusable. (from xp)

Fyshhed · 06-28-2005, 03:17 AM

Running a p4 computer on WinXP home, I booted up my computer today to find a substantially tenacious array of problems that have eluded my attempts to solve them. Here's the list of symptoms that I have so far noticed:
-Initial boot time has increased dramatically
-Taskbar is locked and inaccessible
-Icons do load, but are unmovable on the desktop
-Certain programs such as Windows Media Player will not load, claiming "low memory."
-System restore says it cannot protect the PC.
-User accounts window is empty.

Things I have tried
-Virus scan and spyware sweeps show nothing
-Attempts to repair using the XP cd have so far failed, stating that my version is newer.
-System restore cannot protect PC
-Cannot access user accounts to change user
-Kelly's Taskbar program has failed to run, stating "Runtime error 462, the remote server machine does not exist or is unavailable."
-Tweakui does not perform any actions or launch a program when the install file is run
- Removing ATI processes that load on startup in msconfig that look like they may conflict has not affected the problems.

Note: I initially thought that the cause of the problem was McAfee's security center/virus scan, but I was unable to delete it and had to manually clear the registry and delete the folders of it in order to do so. It also had no effect on the problems.

Any ideas?

elf · 06-28-2005, 06:08 AM

It sounds like you are infected by a dirty virus. Download HijackThis (link below), move it to a folder on your desktop and run it. Save a log, and copy/paste it all here and we will walk you through the cleanup process.

You seem pretty computer literate so I'll leave it at that, if you need further instructions let me know.

Fyshhed · 06-28-2005, 11:53 AM

File is attached, I'm looking over it now to see if there's anything suspicious I can find.

Logfile of HijackThis v1.99.1
Scan saved at 1:51:27 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric Ragusa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN

elf · 06-28-2005, 02:50 PM

Yea I see a couple bad guys in there...I am not really qualified to give cleaning instructions, but I will move it over to the security section where they will. The URL will remain the same, and I will leave a link in place of the original thread so it will be easy to follow.

Thank you, come again.
elf

Fyshhed · 06-28-2005, 04:20 PM

Anyone who knows HJT better than me have any ideas? I removed the 2 searchhook entries and that didn't solve the problem.

Fyshhed · 06-28-2005, 08:58 PM

Quote:

Originally Posted by Fyshhed

Anyone who knows HJT better than me have any ideas? I removed the 2 searchhook entries and that didn't solve the problem.

bump.

sUBs · 06-29-2005, 01:54 AM

Your log appears clean. Let's dig deeper ..

SilentRunners.vbs - Right click & choose "Save As...". Save it as SilentRunners.vbs to Desktop.

Make sure you disable any programs that may block/disable scripts (like your anti-virus or anti-spyware programs. Double-click SilentRunners to run it. This will take a few minutes, and will create a file called "Startup Programs". Post ALL its contents here in your next reply.

tomjones333 · 07-11-2005, 12:11 PM

Hello,
I am having the exact same issue. I have performed all of the tasks listed as well. My issues came up after slaving a friend's hard drive to get data from it. I can now see the HD, but can't copy or paste any info from either my hard drive or theirs. I do not have a taskbar or start menu, but can see my desktop icons.

I attempted to run your vbs script, but nothing. I copied it to a usb drive (from a good computer) and tried to copy it to the system not working with no luck. Then tried to run it directly from the usb drive with no luck either.

Was this issue resolved by the original poster? If so, could you provide details?

Thanks!

PLEASE READ the rules and start your own thread!

06-28-2005, 03:17 AM	#1 (permalink)
Fyshhed Registered User Join Date: Jun 2005 Posts: 4 OS: XP	No taskbar, copy/paste, moving icons, and memory is unusable. Running a p4 computer on WinXP home, I booted up my computer today to find a substantially tenacious array of problems that have eluded my attempts to solve them. Here's the list of symptoms that I have so far noticed: -Initial boot time has increased dramatically -Taskbar is locked and inaccessible -Icons do load, but are unmovable on the desktop -Certain programs such as Windows Media Player will not load, claiming "low memory." -System restore says it cannot protect the PC. -User accounts window is empty. Things I have tried -Virus scan and spyware sweeps show nothing -Attempts to repair using the XP cd have so far failed, stating that my version is newer. -System restore cannot protect PC -Cannot access user accounts to change user -Kelly's Taskbar program has failed to run, stating "Runtime error 462, the remote server machine does not exist or is unavailable." -Tweakui does not perform any actions or launch a program when the install file is run - Removing ATI processes that load on startup in msconfig that look like they may conflict has not affected the problems. Note: I initially thought that the cause of the problem was McAfee's security center/virus scan, but I was unable to delete it and had to manually clear the registry and delete the folders of it in order to do so. It also had no effect on the problems. Any ideas?

06-28-2005, 06:08 AM	#2 (permalink)
elf Manager, Microsoft Support Join Date: Jul 2002 Location: Knoxville, TN or Austin, TX depending Posts: 7,038 OS: WinXP Pro SP3 and Windows 7 My System	It sounds like you are infected by a dirty virus. Download HijackThis (link below), move it to a folder on your desktop and run it. Save a log, and copy/paste it all here and we will walk you through the cleanup process. You seem pretty computer literate so I'll leave it at that, if you need further instructions let me know. __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! I do not subscribe to threads, so if I stop replying, PM me with a link to your thread so I can find it again.

06-28-2005, 02:50 PM	#4 (permalink)
elf Manager, Microsoft Support Join Date: Jul 2002 Location: Knoxville, TN or Austin, TX depending Posts: 7,038 OS: WinXP Pro SP3 and Windows 7 My System	Yea I see a couple bad guys in there...I am not really qualified to give cleaning instructions, but I will move it over to the security section where they will. The URL will remain the same, and I will leave a link in place of the original thread so it will be easy to follow. Thank you, come again. elf __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! I do not subscribe to threads, so if I stop replying, PM me with a link to your thread so I can find it again.

06-29-2005, 01:54 AM	#7 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,473 OS: N/A	Your log appears clean. Let's dig deeper .. SilentRunners.vbs - Right click & choose *"Save As...". Save it as SilentRunners.vbs* to Desktop. Make sure you disable any programs that may block/disable scripts (like your anti-virus or anti-spyware programs. Double-click SilentRunners to run it. This will take a few minutes, and will create a file called "Startup Programs". Post ALL its contents here in your next reply. __________________ Question - what have you done for the community today?

07-11-2005, 12:11 PM	#8 (permalink)
tomjones333 Registered User Join Date: Jul 2005 Posts: 1 OS: XP	Hello, I am having the exact same issue. I have performed all of the tasks listed as well. My issues came up after slaving a friend's hard drive to get data from it. I can now see the HD, but can't copy or paste any info from either my hard drive or theirs. I do not have a taskbar or start menu, but can see my desktop icons. I attempted to run your vbs script, but nothing. I copied it to a usb drive (from a good computer) and tried to copy it to the system not working with no luck. Then tried to run it directly from the usb drive with no luck either. Was this issue resolved by the original poster? If so, could you provide details? Thanks! PLEASE READ the rules and start your own thread! Last edited by MicroBell; 07-12-2005 at 01:10 AM.

06-28-2005, 04:20 PM	#5 (permalink)
Fyshhed Registered User Join Date: Jun 2005 Posts: 4 OS: XP	Anyone who knows HJT better than me have any ideas? I removed the 2 searchhook entries and that didn't solve the problem.