Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93078 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] No icons, no Start menu, no Safe Mode!


  • This topic is locked This topic is locked
38 replies to this topic

#1 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 16 October 2009 - 04:18 AM

Hi there,

I have been having a problem for the past week with my computer at work. I just turned it on one day and all the desktop icons were gone as well as the Start menu. I can access the internet and saved files via Task Manager, although I can not access Control Panel and the like. I tried starting up in safe mode and I get nothing but a black screen with the text Safe Mode in each corner. I have tried starting up with Last Known Good Configuration and it comes up with a blank desktop. I downloaded Window Malicious Software Removal Tool and found I had a worm and two viruses and as far as I know they are now removed. Afterwards I did a system restore but got nothing. I also tried the reverse, msconfig system restore then removal tool and nothing. Last week I downloaded AVG free and also updated to IE 8 so I don't know if this could be related. I have tried to run explorer.exe and it says it can not find the file. I have read through countless forums and it seems that this is a common problem and many people have solved it, I however have had no such luck. I have also tried the Windows hotfix that is specific for this problem and I feel I'm at a dead end. The computer is an NEC Powermate and it was purchased second hand from an office environment about three months ago. I have always had problems with the monitor going into sleep mode and not waking up but I don't think that is related to this. I just learned about Hijack This so I did a scan and this is what it came up with:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:01, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com...x?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\admin\LOCALS~1\Temp\IE8-WindowsXP-x86-ENU[1].exe /passive
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\admin\ms18_word.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6648 bytes


If anyone can help I would be grateful, I will take ANY suggestions at this point.
Thanks,
Cheryl

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 16 October 2009 - 07:11 AM

Hi

Hi , welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

It is important that you do not minimize you browser, taskmanager or the tool I'm going to have you download. If you do you will loose them and will need to start over.

Note: When you download this tool to the specified location, it will not be visible to you. We will launch it via the run command.

Please download SystemLook from one of the links below by
  • right clicking the link and clicking Save Target As
  • In the Save As window, using the dropdown menu set the Save In box to Local disk (C:)
  • make sure the filename is SystemLook.exe and the type is Application
  • click Save
Download Mirror #1
Download Mirror #2


Open Task Manager with ctrl,alt,del as you have been doing.
  • In Task Manager, click the Options button
  • check mark Allways on Top
  • This will keep Taskmanager from disappearing when you click on anything else.
  • Using your left mouse button, click on the top blue portion of Task Manager and slide it down to the lower part of your screen so these instructions are visible.

Next
  • Holding down your left mouse button, highlight all the text in the codebox below.
  • Do not copy the word CODE , please note the script starts with the :
  • right click the highlighted text and choose copy
:filefind
explorer.ex*
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    C:\Systemlook.exe
  • click ok
SystemLook should appear on your screen.
  • Right click anywhere in the white field and choose paste.
  • the text you copied earlier should appear
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
Please post this log in your next reply.

If you loose the notepad before you can post the contents, you may retrieve it copying and pasting this command in the Task Manager open box.
%userprofile%\desktop\SystemLook.txt

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 19 October 2009 - 09:46 AM

Thank you for your reply! I followed all the instructions and here are the results: SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 16:42 on 19/10/2009 by admin (Administrator - Elevation successful) ========== filefind ========== Searching for "explorer.ex*" C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c 1032192 bytes [11:28 21/07/2009] [12:00 28/02/2006] A0732187050030AE399B241436565E64 C:\WINDOWS\explorer.exe --a--- 1033728 bytes [12:00 28/02/2006] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------ 1033728 bytes [00:12 14/04/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923 ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] "Debugger"="C:\Program Files\Microsoft Common\svchost.exe" -=End Of File=-

#4 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 19 October 2009 - 11:31 PM

Hi

Okay I see the problem with explorer.

-Set Task Manager to Always on Top as you did before. Slide it out of the way so you can read these instructions.

First, open HJT (hijackthis) the same way you ran to get the log you posted.

Do a system scan only and checkmark these lines, if present

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i


Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.

Next

I'm going to have you download a tool (combofix) and save it directly to your Desktop. The program will not be visible to you, we will run it with a run command in Task Manager.

I'm not sure if you will be able to disable your security programs so we will use an additional switch in the run command. If you recieve notices from your security programs of changes being made to your system, please allow them. The same thing if combofix warns you that AVG is running. I left the references to security programs in the instructions for your future reference.


After you download combofix and before you run it via task manager, I'll have you try to disable AVG.

In the Task Manager Open field, please copy and paste this command and click OK

C:\PROGRA~1\AVG\AVG8\avgtray.exe

AVG's interface should open.

-Click on Tools.
-Select Advanced.
-In the left hand pane, scroll down to "Resident Shield".
-In the main pane, deselect the option to "Enable Resident Shield."



Please read through the instructions to familiarize yourself with what to expect when the tool runs.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
In the Task Manager Open field, please copy and paste this command

"%userprofile%\desktop\combofix.exe" /killall
  • Close all other windows/browser first, except Task Manager
  • Click ok, combofix should now run.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do Not run combofix more than once. If you have problems please post back for further instructions.
3.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with
  • combofix log

Please let us know if you were able to start explorer.exe and any problems you are experiencing.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#5 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 20 October 2009 - 05:44 AM

Hi, Thanks for your follow up. I am having a few problems so I stopped to ask how to continue. *After running the system scan with HJT and fixing the 3 specified items I try to start AVG via C:\PROGRA~1\AVG\AVG8\avgtray.exe and it shows up as running in the task manager but there is no window to speak of. *You require me to turn off Anti Virus/Spyware via the system tray icon which *I think* is currently missing because I have no desktop! So I'm not sure how to access them or if the system tray is something else? *I did a bit of a bad thing, when I went to download HJT I went to the wrong site and downloaded something else! It's called Spyware Doctor and it came from here: www-HijackThis.org. I'm sure it's bad because when I googled it again it was gone :o Now it's asking me to reboot my computer. I got the real HJT after and changed the things you asked me to (I realized after that it was saved to my computer) but I am almost positive I just made your job harder. Eek! Sorry. Look forward to your reply, Cheryl

#6 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 20 October 2009 - 06:46 AM

Hi Cheryl,

After running the system scan with HJT and fixing the 3 specified items I try to start AVG via C:\PROGRA~1\AVG\AVG8\avgtray.exe

I hoped that would launch the icon, but it seems it didn't.

You require me to turn off Anti Virus/Spyware via the system tray icon which *I think* is currently missing because I have no desktop

Yes, I realize that, which is why we tried to open the tray icon. But I also told you this

I'm not sure if you will be able to disable your security programs so we will use an additional switch in the run command. If you recieve notices from your security programs of changes being made to your system, please allow them. The same thing if combofix warns you that AVG is running. I left the references to security programs in the instructions for your future reference.


Spyware Doctor is an antispyware program that could cause problems.

What program is asking you to reboot?

Are you able to save a notepad to C:\? If you can, are you able to open it afterwards?

Let's test if you can.

In the Task Manager Open field, please copy and paste this command and click OK

notepad.exe

In the notepad, type your name
  • Click file, click save as
  • Set the Save in to c:\
  • In the file name box type Cheryl
  • Make sure the Save as type is set to Text Documents [*.txt]
  • click save
Close the notepad.

In the Task Manager Open field, please copy and paste this command and click OK

c:\Cheryl.txt

Did the notepad open?


Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 20 October 2009 - 07:36 AM

The Spyware Doctor told me to reboot to take effect but I haven't done it yet. Notepad seemed to let me save, I can not open it the way you instructed but I do have it saved under this:"C:\Documents and Settings\admin\My Documents\Cheryl.txt". It opens with this. Otherwise, it says that the file name can not be found!

#8 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 20 October 2009 - 06:55 PM

Hi Cheryl,

That would be because you saved the text file to your documents folder. :) That's ok, the important thing is you can retrieve a text file after saving it.

It seems like you installed Spyware Doctor, so you may as well reboot as it will cause problems if we are cleaning your computer while it's finishing installing.

After the reboot we will work on the infection in safe mode as your security programs should not be running in safe mode.

It is very important that when you downloaded combofix, you saved it to your desktop. Otherwise the run command we will use will not work.

Please copy and paste these instructions into a notepad and save it a location you are able to access with Task Manager.

You will need them to run combofix via the Taskmanager. You can name the file anything you want to.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
In Safe Mode,
  • open Task Manager
  • click file
  • click New Task(Run...)
  • In the open field, copy and paste
    "%userprofile%\desktop\combofix.exe"
  • Close all other windows/browsers first, except Task Manager
  • click OK
  • combofix should run

Important note: If combofix reboots your computer, make sure you boot to safe mode. This will allow combofix to finish. Once the log is produced you can reboot to normal windows. Make sure to save the log first.

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 21 October 2009 - 09:29 AM

Okay, I have downloaded the Combifix and it is saved on the desktop. The only thing is, I can't start the computer in safe mode. The screen is black. However, when I start it it will ask me to choose from: Floppy, WDC WD800BB-22F, HL-DT-ST CD-ROM or Onboard Lan. I chose the 2nd option, but maybe I shouldn't have? After I restarted normally my computer went crazy. When I opened task manager it took forever to open and I assumed it was just the computer powering up but then the screen came up and there were 5 task managers running (4 said not responding). So, I didn't start it in safe mode again to try one of the other options. If I need to, just let me know. Otherwise, can I run the combofix normally somehow? I'm sorry this is such a pain :(

#10 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 21 October 2009 - 08:11 PM

Hi Cheryl,

I'm sorry this is such a pain

No problem. :)

In your initial reply you said

but a black screen with the text Safe Mode in each corner
that would indicate you are in safe mode but without a desktop. The missing desktop is due to explorer not running. That is what we are going to correct by running combofix. Running it in safe mode is a way to get around not being able to disable your secutiry programs.

If you are unable to gt to safe mode the way you did when you first started this thread, we can run combofix in normal windows. You will need to allow any changes detected by your security programs and continue the scan if combofix warns you AVG is running.

In Task Manager
  • click file
  • click New Task(Run...)
  • In the open field, copy and paste
    "%userprofile%\desktop\combofix.exe" /killall
  • Close all other windows/browsers first, except Task Manager
  • click OK
  • combofix should run

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 October 2009 - 06:46 AM

Okay, now I can't get safe mode at all! Going absolutely %*&$ing insane. I ran combofix in the normal mode and got past the AVG thing and a blue screen came up and said what combofix was doing, then the screen was gone and the computer restarted, which I knew would happen. But, I was expecting combofix to come back up so I could see and save the log, but it never showed. I have figured out how to delete AVG and Spyware doctor, should I do that and try again?

#12 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 22 October 2009 - 06:57 AM

Hi Cheryl,

I think Spyware Doctor may have interfered. Is your desktop restored or are you still running from the Task Manager? If you still don't have your desktop, uninstall Spyware Doctor and try again.

Before you uninstall Spyware Doctor, check to see if a log was created by combofix. If you are still in Task Manager, C:\combofix.txt should open the log if it's there.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#13 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 22 October 2009 - 08:50 AM

Okay, there is no log that I can see. I have uninstalled Spyware Doctor, rebooted and have run combofix again. Still the same thing, reboots with nothing on the screen. The desktop has not reappeared, I am stiill working from task manager.

#14 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 22 October 2009 - 06:02 PM

Hi Cheryl,

Ok something's not letting combofix finish. We'll another tool.

It's very important to download this tool directly to your Desktop as we will use a run command to open it.

Download OTListIt2 to your desktop.
  • In task manager"s run box copy and paste this command
    "%userprofile%\desktop\otl.exe"
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt

If you lose the OTL.txt, you can retrieve it with this command

"%userprofile%\desktop\otl.txt"

Don't worry,we'll get to the bottom of this.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#15 ~Cheryl~

~Cheryl~

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 23 October 2009 - 03:32 AM

YAY! It worked. It's super long so I will try to attach it. Hope this works! EDIT: The full log is typed out in the next post

Attached Files

  • Attached File  OTL.Txt   63.94KB   329 downloads

Edited by ~Cheryl~, 23 October 2009 - 05:18 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users