This was originally posted at the XP Support Forum. I was sent here to post a HJT log, which is posted right after the problem write-up...
Well, I haven't finished with a girlfriends computer problems and now I'm helping another friend.
He has XP Home and the problem is that there are no icons on the desktop. Right clicking the desktop does not bring up properties. The taskbar isn't there, either. Trying Run/c:/ doesn't work, as it says it can't be found. I can get most places using the task manager, but not all.
I ran both AdAware & SpyBot and removed just over 4,000(!) pieces of garbage, including "possible browser hijack attempts", trogan spyware, etc.
Something I don't really understand is that some of the user accounts are on the d:\, which also can't be found with the run function. Thought this may mean something to someone.
What are the chances that I can create a new user account that is ok? Seems to easy to be very likely.
Ran out of time tonight, but will try any suggestions tomorrow night.
Also, he has XP Pro on a disk that came from the guy that he originally got this computer from. Since he has the Home Edition, if it comes down to it, can we just wipe and install Pro? The key number is written on the disk.
Thanks for any advice.
HJK log...
Logfile of HijackThis v1.99.1
Scan saved at 8:01:01 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\WINDOWS\system32\cisvc.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\wanmpsvc.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
D:\Program Files\Iomega\AutoDisk\ADService.exe
D:\WINDOWS\system32\taskmgr.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\John\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\inf\winsys32.exe
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Class - {03985CE5-1795-ADB0-4881-ECE4DF4553EA} - D:\WINDOWS\windk32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {19B6C5BA-DF6C-D9DE-B148-3B4AA52F6A5D} - D:\WINDOWS\atlql32.dll (file missing)
O2 - BHO: Class - {1EA9541A-BFC3-33B9-DD9E-6278B32CF3AF} - D:\WINDOWS\ieel.dll (file missing)
O2 - BHO: Class - {1F204D3D-B7CB-18CA-6ED8-FB07E3983F5F} - D:\WINDOWS\netio32.dll (file missing)
O2 - BHO: Class - {348385B4-1D00-F877-6E9F-5DC720AC5FF6} - D:\WINDOWS\appkp32.dll (file missing)
O2 - BHO: Class - {47F1A18E-4D68-80F1-6BBB-16B984AC80ED} - D:\WINDOWS\winvl32.dll (file missing)
O2 - BHO: Class - {51206847-68EE-2600-5F1C-7100A1D4A3BB} - D:\WINDOWS\system32\msxd32.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Class - {6982C7D9-061E-AA2D-89CC-05AF765683F2} - D:\WINDOWS\addgv32.dll (file missing)
O2 - BHO: (no name) - {6A72009D-A616-47E7-A064-560505079BD5} - \
O2 - BHO: Class - {6BFC7DB0-C871-9935-DEC2-92E086CE9435} - D:\WINDOWS\sdkkv32.dll (file missing)
O2 - BHO: Class - {855DBF77-66A2-D764-2BF9-479FC929DBEC} - D:\WINDOWS\system32\netzf.dll (file missing)
O2 - BHO: Class - {9877CF20-2004-429B-24EF-2F9B313EAD4B} - D:\WINDOWS\ielx32.dll (file missing)
O2 - BHO: Class - {A1747CDA-DF6E-9351-9646-E4EDFB0652D6} - D:\WINDOWS\ipsl32.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - D:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Class - {AC7E66E3-5660-8CBA-66D2-78BA39AF6ED5} - D:\WINDOWS\cryr32.dll (file missing)
O2 - BHO: Class - {B04F0339-6F75-CC2D-AD27-CEB873145335} - D:\WINDOWS\system32\ntog32.dll (file missing)
O2 - BHO: Class - {E7079154-D322-8680-D04B-4D90966292B8} - D:\WINDOWS\system32\crfe32.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Class - {FA6A4655-C13C-BF9A-C97E-513B7A9A010A} - D:\WINDOWS\system32\apihf32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [explorer.exe] D:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [DC6] "D:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "D:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "D:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [ERS_check] "D:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "D:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [Microsoft update] D:\WINDOWS\update\update.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [AAW] "H:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" "+b1"
O4 - HKLM\..\RunOnce: [SpybotSnD] "H:\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: explorer.lnk = D:\WINDOWS\explorer.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYUS_undefined
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: DigiChat Applet -
http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: pasksa - pasksa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: msvchost - Unknown owner - D:\WINDOWS\system32\msvchost.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - D:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - D:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - D:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - D:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe
I hope this is what y'all needed to help me. Thanks so much for your time and advise.
or whatever your primary drive is 
