3 replies to this topic

[elmkd]

Hello,

After logging into Windows XP, I am unable to see my desktop icons. Also the PC is running very slowly . I have tried system restore to an earlier state, but this has not worked. Currently I am using a F4UBCD to run firefox just to post this note. I have downloaded HJT but I am not sure if I will be able to run it. I am able to Ctrl+Alt+Del to go to files, but I think that I cannot run file explorer. Any help that someone could give me would be greatly appreciated. I will post HJT logs shortly, if it will run.

Regards,

elmkd

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:30:42 AM, on 1/13/2015
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kyocera\FileUtility\SFUSVC.exe
C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
C:\Program Files\Kyocera\FileUtility\nsCatCom.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\utilman.exe
C:\ATF-Cleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ClamWin\bin\ClamTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook....home.php?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Telstar\LOCALS~1\Temp\init.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Scanner File Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{72DAACF4-5351-4937-A454-CF1A2AE3D8EE}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72DAACF4-5351-4937-A454-CF1A2AE3D8EE}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72DAACF4-5351-4937-A454-CF1A2AE3D8EE}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{72DAACF4-5351-4937-A454-CF1A2AE3D8EE}: NameServer = 192.168.1.1
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera\FileUtility\SFUSVC.exe
O23 - Service: Upgrade Manager (UpgradeManager) - Great Lakes Data Systems, Inc. - C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Telstar/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 5949 bytes
 

Edited by elmkd, 13 January 2015 - 06:31 AM.

[fbfbfb]

Hello, elmkd.

 

My name is fbfbfb.  I will gladly assist you with your concerns.

 

While working to resolve the issues with your machine, please follow these guidelines:

• Please be patient.  Logs are lengthy and can take time to analyze.
• Read and follow my directions carefully, in the sequence they are posted.
• If you are unsure about anything, please ask for clarification before continuing.
• Use only those tools that you have been directed to use.
• Do not install or uninstall any applications or run any other scans without being directed to do so.
• Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
• Stay with me until I tell you that your machine is all clean, otherwise, your computer will most likely still be infected.
• Please reply within 3 days of each posting to avoid closing this topic.  If you need more time to complete tasks, or if you will be away, please let me know in advance.

 

To begin with, please try to download and run the following scans.

 

1.  Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool from HERE, and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to the disclaimer.
• Press Scan.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

2.  aswMBR

Please download aswMBR from HERE.

• Double click aswMBR.exe to run it.
• When asked if you want to download Avast's virus definitions, please select Yes.
• Click the Scan button to start the scan.

• On completion of the scan, click save log, save it to your desktop, and post in your next reply.

 

 

Missing Desktop Icons

 

Your missing desktop icons could be the result of the Show Desktop Icons feature being turned off.  To restore your desktop icons, try the following:

• Right-click the desktop.
• Point to Arrange Icons By.
• Click Show Desktop Icons.

 

CHECKLIST : In your next reply, please post the following:

• FRST.txt
• Addition.txt
• aswMBR log
• Let me know if your desktop icons have been restored.

[fbfbfb]

Hello elmkd.

 

Are you there?  Do you still need help?

[fbfbfb]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic