Tech Support banner

Not open for further replies.
1 - 6 of 6 Posts

6 Posts
Discussion Starter #1 (Edited)
Computer Gone Crazy!! No Taskbar/Copy-Paste/Drag-n-Drop +more Help Desperately needed

I'm having huge problems with my computer right now.

1. No sound whatsoever, get errors saying im missing audio codecs when I try and play movies.

2. I cannot drag and drop any icons.

3. I finally got my taskbar to show up, yet no programs actually show up on it although the quicklaunch and running programs/clock do.

4. I cannot run system restore I just get an error and it asks me to restart and try again.

5. I cannot copy and paste in explorer or any internet browsers.

6. I only get a blank screen when I open up User Accounts from the control panel.

7. Windows Firewall does not work at all.

I have no clue what happend. I just have spybot search and destoy on the computer currently as It won't let me install any anti-virus's due to the firewall being inactive, I just constantly get errors during installs. I've ran spybot search and destroy, xoftspy, trend micro online virus scanner and have found some random virus's/spyware but the removal of anything does not fix any of these problems. I have also noticed that in my system manager I have an unknown device in there with a yellow question mark beside it, yet I have no way of finding out what this is.

I have included an HJT log in hopes that someone see's something I don't.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:56 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [AtiPTA] "atiptaxx.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1003\..\Run: [Steam] (User '?')
O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TermService - Unknown owner - ?6?6?8?8?8?8?9?;?<?9?<?<?6?7t.exe (file missing)

End of file - 6161 bytes

6 Posts
Discussion Starter #2
Any help on this would be appreciated I've tried following other threads similar to this with no luck. I can run any other program that would help someone decipher the problem at hand.

TSF Emeritus
15,079 Posts
Hello and welcome to TSF :wave:

I would recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good luck :smile:

Please also remember DO NOT post your logs in this thread, please start a new thread here. (Just click on the coloured link.) and post the logs.

Kind regards,
Go The Power

2 Posts
You can make sure it is not a "deffect or failure" at your computer, this is a virus or something like that, causing the problem, or already caused the problem - deleting files or changed registry, etc.

The reason is simple. My main computer has exactly, exactly, the same problem, since I turned it on yesterday morning. I already read another thread in this forum, with the exact, exact problem as mine, and yours.

All of those, and they are all I was able to find at the Internet yesterday and today, happened since October this year, somehow within the range of 45 days ago.

In my case, I suspected all started by some messages from SpyDoctor saying some DLL was trying to be installed to run whenever the computer stats. As I didn't recognize those and didn't installed anything new, I went to c:\windows\system32 and found some "brand new" DLLs (yesterday's date of creation), with few copies with reversed names, etc (ex: ABCD.DLL and DCBA.DLL) that is a trademark of some infectors. You simply can't delete those since they "are being used by the system or other program". For those the VUNDO.EXE package is the best, since it remove such ties with "other programs" and delete those files, but then the computer needs to be rebooted, and voilá, no more problems.

Well, I did it, and after that I also run HJT (without any suspicious), but then the DLLs traces still in the registry and was trying to load them up at reboot, so I run the J16xxx Registry Cleanup, what I do from time to time to make sure Registry is not full of trash and unused keys, it found those DLL keys (missing file, of course, Vundo deleted them), so I commanded it to clean it up.

PERHAPS, some other registry entry was also erased, perhaps, the nasty virus erased some DLLs and substituted with its own, deleting it would cause the machine to behave like that.

I am PRETTY SURE this is not an ocasional failure or misbehave of Windows. I am SURE there was no Windows update for months (the function is disabled).

I my computer case, the USERS screen at Control Panel shows up but it is EMPTY. Also is EMPTY the Printers screen. Trying to add a new printer it says it cannot be done since Printer Spooler is inactive. Trying to active Printer Spooler at Computer Management - Services, it says it can not be done since some "environment facility" (this is the best I can remember) is not available. Trying to run Dazzle software from Endicia (print postage labels) it say some crypto key at Registry can not be found. Talking to the Endicia people (trying to narrow the problem), they put me through some settings to disable the crypto thing and to reenable it, didn't work, it says some HIGH LEVEL SECURITY from Windows is blocking or causing problems to allow Dazzle to remove / install the new crypto...

Also, ZoneAlarm tries to run but it can't. It starts a zillion times, each time it gives TRUEVECTOR failure on start, trying again and again. I think ZoneAlarm is failing because of everything else, something bad doesn't allow the computer to boot up correctly and load everything for the user correctly.

The only way to access Internet with I.E. or Mozilla is with ZOneAlarm trying to start. If I remove the ZoneAlarm at the MSCONFIG and reboot, I can't access Internet. I guess the Firewall at ZA set something at the machine and it needs to be running (at least partially) to allow me to gain access to the net.

There are 3 users created on this machine. All of those presents the same problem. At the Task Manager for example, all the programs running does not show the user's name logged on. Going to the USERs tab of Task Manager, shows empty, no user. It seems that something is wrong with USER logon, but all the desktops (for all users) are ok, it recognize user's password, etc.

Cannot drag any icon (desktop or directories), cannot cut&paste or move any file between directories. The taskbar was very difficult to retrieve, did somehow, but it doesn't show the running programs in middle of it (the ones you click to restore the window after it was minimized), but it shows what is running at the right side of it, along with the clock.

It is a total mess.
I will format another HD and keep this as third drive on that machine, just
to copy the bunch of files and setups.

I was reading a lot at the net yesterday around "cannot drag icons on desktop", but it seems to be a mislead, since even with a good machine it may happens when missing some keys at Registry. Our problem is much more generic and it seems some basic environment is missing, it messes with lots of things. It doesn't allow to load a lot of resources, including sound, etc.

The solution should be somehow simple. Perhaps trying to investigate WHY the Printer Spooler can't be started could be a good lead to the cause / solution.

I am sorry by the long post, but I suspect this problem (exactly) will be poping all around soon.


1 Posts
Ive wasted hours on this cant drag and drop issue.
it appeared on all or site laptops over night!
The fix I found worked for me, appears to be unrelated but cleared all the problems
Cant drag and drop (some just desktop others completely non functional)
Cant get into network properties
Cant get into veiw event logs

Fix as follows. I only had to reregister the ole32.dll to fix all problems.

Error message when you open the properties of a network connection: "An unexpected error occurred"
View products that this article applies to.
Article ID : 824923
Last Review : February 27, 2007
Revision : 2.1

When you open the properties of a network connection in the Network Connections folder, you may receive the following error message:
An unexpected error occurred.
Back to the top

This problem may occur if some registry settings are damaged. The damaged registry settings may prevent you from viewing the properties of the network connection in the Network Connections folder.
Back to the top

To work around this problem, reregister the Netshell.dll file. To do so, follow these steps: 1. Click Start, and then click Run.
2. In the Open box, type regsvr32 %systemroot%\system32\netshell.dll, and then click OK.
3. In the RegSvr32 dialog box, click OK.
Test to see if you can open the properties of the network connection in the Network Connections folder.

If the issue is resolved, you do not have to follow the remaining steps in this article. If the issue persists, and you receive the error message that is mentioned in the “Symptoms” section of this article, follow these steps: 1. Click Start, and then click Run.
2. In the Open box, type regsvr32 %systemroot%\system32\ole32.dll, and then click OK.
3. In the RegSvr32 dialog box, click OK.
4. Restart the computer.
1 - 6 of 6 Posts
Not open for further replies.