Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Losing Desktop navigation

Status
Not open for further replies.
drj31

drj31

Technical User
Joined
Jan 29, 2002
Messages
40
Location
US
I have been having some virus troubles that i thought i had fixed today. I have downloaded and ran CWShredder, AdAware and HijackThis to troubleshoot. I thought everything had cleared and been operating fine. I left for about a half hour to come back to my monitors that just had the wallpaper in the background..no bottom nav bar or icons on the desktop at all. I restarted and same thing. I then restarted one more time they came up and then disappeared one by one. As they came up I noticed three new desktop icons (FREE Spyware Scanner, myPC Search, Second Thought). I then started in safe mode and ran AdAware and got rid of some things there...also ran CWShredder and fixed some things there...but still on restart i am getting nothing but wallpaper.
Can anyone help me?
 
Sort by date Sort by votes
Can you open the Task Manager? When at the blank besktop press the key combination Ctrl-Shift-Esc.

If you can then click on File > Then New Task > type the following (without quotes) - " > Click on OK.

This should bringup a file download box. Save the file to an easy location, such as your c:\ drive. When it has downloaded you should be asked if you want to open the file - if so go ahead and open it. If not then you will need to use the File > Newtask option to open the file.

This software will generate a list of all startup items and other Hijacks. We can use this to try and determine exactly what it is that you are infected with.

To generate the startup list do the following - Open the software > Click on the "Do a system scan and save a log file" button > The software will do the scan and then prompt you for a location to save the log > Again pick a location that you will remeber > the log will then be displayed > Copy and paste that here.

You should also try the following:

2 of the online scanners found in
Add the VX2 cleaner to AdAware you have to run it manually from AdAware but full instructions are on that page

Download Giant Antispyware from - it has a full functional 15 day trial. However don't buy it as the company has just been brought by Microsoft and they will be releasing a new product in the comming weeks. They are continuing to provide updates and support though.

This combination should get you sorted, you may need to run several sweeps to be fully cleared. I would do the following:

1. Trend Micro online scanner as suggested in link above
2. Adaware - fully updated
3. Spybot - fully updates
4. Adaware VX2 sacanner
5. Giant Antispyware - Fully updated
6. Restart to Safemode
7. Panda online scanner as suggested in link above
8. Adaware - fully updated
9. Spybot - fully updates
10. Adaware VX2 sacanner
11. Giant Antispyware - Fully updated
12. Hijack This - Post log file here to make sure you a free

Also most importantly make sure you have a working firewall in place. The Windows Xp Sp2 firewall is fine.

Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
Thanks Greg, but I can't bring up anything when booting up normally...no key commands work and there is no navigation. I have been following some steps to take care of all possible virus type problems seen here (except for what requires you to boot up in normal mode...all of my changes have been under safe mode):

After I followed what steps I could I restarted into normal mode and the navigation and desktop icons flashed on 3-4 times and then all went off and I couldn't do anything just like normal (before they maybe flashed once and then everything was off). This computer is only a month old and has been running fine up until this week when I had caught some other viruses that I was trying to correct when all of this happened.

My Hijack file is below:

Logfile of HijackThis v1.99.0
Scan saved at 2:29:39 AM, on 1/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vyvyrv.exe
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", " (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\wkgwnygv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\wkgwnygv.slt\prefs.js)
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: SDWin32 Class - {0385E08F-6C1B-42B6-BD55-D8EBD546819C} - C:\WINDOWS\system32\lrziz.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {36D19E43-D56E-4F9D-BD72-A5C402542C43} - C:\WINDOWS\system32\ivccd.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [ivccdc] C:\WINDOWS\system32\ivccdc.exe
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\adl_dh.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [lrzizc] C:\WINDOWS\system32\lrzizc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server - Unknown - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Alias Wavefront Help Server - Unknown - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
 
Upvote 0 Downvote
There are quite a few infections here. To hopefully allow you to get into Windows normally try the following:

Boot to safemode and fire up Hijack This > This time click on the "Do System Scan Only" button.

Go down the list and tick the following items. There are a couple that I could not find any info on at all so if you recognise any of them then leave them unticked.

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: SDWin32 Class - {0385E08F-6C1B-42B6-BD55-D8EBD546819C} - C:\WINDOWS\system32\lrziz.dll
O2 - BHO: SDWin32 Class - {36D19E43-D56E-4F9D-BD72-A5C402542C43} - C:\WINDOWS\system32\ivccd.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\AdRoar.dll
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [ivccdc] C:\WINDOWS\system32\ivccdc.exe
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\adl_dh.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [lrzizc] C:\WINDOWS\system32\lrzizc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\secure.exe

The following item could be cause for concern

O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing


Follow the instructions below:

Only for people who have this problem with xfire_lsp_8742.dll
Download and run LSPFix from
Use these instructions to remove the bad DLL:
1. Run LSPFix.
2. Check 'I know what I'm doing'.
3. Select 'xfire_lsp_8742.dll'.
4. Click the right-pointing arrow (moves it to the "remove" page).
5. Click 'Finished'.

6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
7. Delete the following file: 'xfire_lsp_8742.dll'
8. Restart your computer and bring it up in normal mode.

Once you have done all of that you should atleast be able to boot into Windows Normally. From here follow the original advice given.

Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
well, i tried the steps above (ran through HiJack and fixed the file..while still in Safe mode I tried to get on with the xifre file and downloaded the fix). I was to the point of restarting to be able to delete it's file and now I can't even boot into Safe Mode.
I'm stuck now....looks like I am reinstalling windows unless anyone else has any other ideas
 
Upvote 0 Downvote
Do you get any errors when trying to boot into safe mode?

If you don't want to do a full reinstall you could try a repair installation - Also called a In-Place Upgrade.

This will restore the core windows files but leave your programs and settings in tact.


Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
I tried the repair before posting here which still leads me to believe that it is something that is happening at start up. I am looking into the kykytk.exe file that keeps showing up even though I thought I got rid of it on the last round with Hijack. Any thoughts?
 
Upvote 0 Downvote
I don't see it in the log file that you posted before. Unfortunatly alot of new viruses will generate a random filename before running so it is very hard to track them.

If you can get back into safemode then take another Hijack This log and post it back.

If you can get hold of a copy of the Giant Antispyware software and get it onto your problem PC while in safemode that could well help you.

Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
Here is HiJack log

Logfile of HijackThis v1.99.0
Scan saved at 1:14:40 PM, on 1/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", " (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\wkgwnygv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jimmy\Application Data\Mozilla\Profiles\default\wkgwnygv.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\system32\vyvyrv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: kykytk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server - Unknown - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Alias Wavefront Help Server - Unknown - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
 
Upvote 0 Downvote
I downloaded the Giant Antispyware, but it will not let me install it in Safe Mode.
 
Upvote 0 Downvote
Also another thing to note here. I had only one User Account and thought that maybe if I made another that it would have some untouched options that maybe it would start up okay. That didn't work. It took a little longer for the icons and Start Menu/bar to disappear, but they eventually did. One thing to note here is that when it did come up a window popped up and as much as I could read before it all went off started like this:
"You have used a System Configuration Utility to make changes to the way windows starts..."

I'm not sure if this is helpful to anyone reading this, but I don't believe I touched anything and don't even know where to look to see if there is something I can change back.
 
Upvote 0 Downvote
Hi There - Well spotted on the message it certainly does help. First lets sort out the Hijack This Log.

Remove the following

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\system32\vyvyrv.exe
O4 - Global Startup: kykytk.exe

The message that you saw lets you know that Windows Did not start with the default options. There is a utility called msconfig that can be used to manipulate the way windows starts.

From safemode > Click on Start > Click on Run > type msconfig > Click Ok

On the General Tab it should be set to Normal Startup

On the Boot.ini Tab you will have one or more lines that look something like this

multi(0)disk(0)rdisk(0)partition(1)\Windows="Microsoft Windows XP Professional"

Highlight each line and make sure none of the tick boxes are ticked.

Also open the c:\boot.ini and paste the contents here if you are still having problems.


Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
I did what you said above, but am still getting the same result. One thing to note about it was that when I went into msconfig and clicked on the Normal Startup and after my restart I am noticing kykytk.exe file under the Startup tab again after it had been deleted. Also there is the vyvyrv.exe file that we had deleted some time ago. Last thing is that I cannot find my boot.ini file under C:
 
Upvote 0 Downvote
But HiJack is not seeing them.
 
Upvote 0 Downvote
The boot.ini is a hidden and system file, those two options must be checked to show this type of file in Folder Options/ View.

If you don't want to reformat and install XP again, other options open to you are transporting your hard drive to another machine and work on it there. Or you can install XP via a Parallel install and use that to work on your sick XP. This would allow you access to the internet and virus scanners etc. (Don't surf without a firewall or as a Administrator user or you'll get a dose of nasties in the clean parallel install).

266465 - HOW TO: Perform a Parallel Installation of Windows 2000

You can do the same with XP. Don't install any unnecessary programs, just keep the parallel installation as simple as possible.

Or the paragraph in this article.

"To install Windows XP to a new folder (to perform a parallel installation):"

How to install or upgrade to Windows XP

You can now look at the procedure here for possible adaption and use.

How to Recover from a Corrupted Registry that Prevents Windows XP from Starting

An easy to follow recovery console description when unable to start computer due to corrupt registry.

This is a layman's version of Q307545 in simple language.





Another lesser choice would be something like this - BartPE which is a mini XP running on just CD but able to access the hard drives.


On second thoughts it might be easier to just reformat and reinstall!
 
Upvote 0 Downvote
I've done a repair on Windows XP and nothing has changed. I can get into Safe Mode, but I still can't get into my Normal windows. I found some threads about other people having the problems...most were a virus that I can't seem to find on my system. Another pointed to a faulty Nvidia driver that I have also uninstalled to no avail. I'm really hoping that it is something simple like that...but it doesn't look like it.
 
Upvote 0 Downvote
Make sure that you have disabled system restore.

Start > Right Click on My Computer > Select Properties > System Restore Tab > Tick "Turn off System restore on all drives" > Click Apply > Click ok

Then run:

1. Adaware - fully updated
2. Spybot - fully updates
3. Adaware VX2 sacanner
4. Hijack This - Remove any nasties

If you have other tools great run them too

Make sure that you clear the recycle bin before restating your machine.

Then repeat the steps above - again clearing the recycle bin before restarting

Then follow the msconfig instructions again:


From safemode > Click on Start > Click on Run > type msconfig > Click Ok

On the General Tab it should be set to Normal Startup

On the Boot.ini Tab you will have one or more lines that look something like this

multi(0)disk(0)rdisk(0)partition(1)\Windows="Microsoft Windows XP Professional"

Highlight each line and make sure none of the tick boxes are ticked.

If none of that helps you out then the only other thing I can suggest before a full format and reinstall would be to try the scanners available on the following disk.


It runs on the same principal as the Barts PE disk that linney suggested but is packed with tools to help troubleshoot situations like this.


Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
The problem with a repair installation as per -

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)

is that it may carry across many already corrupted registry settings and files. The idea behind the repair is that you do not lose your data and programs, but in this situation it is also its Achilles Heel.
 
Upvote 0 Downvote
One thing to add to all of this. I just came home for lunch and started the computer to make some more CDs and I decided to try to log on. Yesterday when I was having some problems I was so convinced that it was something in the Startup that I made another account and had the system go to the screen where you choose the account. I had made another administrator account and a Guest account that had no privileges.
Today I tried the Guest account and everything comes up okay...still took longer than usual to get done booting up, but things look okay.
Any ideas...does this help any...i really don't want to reinstall windows if I don't have to.
 
Upvote 0 Downvote
To delete a user profile" is a searchable article in the Help and Support program.

HOW TO: Delete a User Profile in Windows 2000

313877 - User Data Is Missing After You Delete a User Account

811151 - How to copy data from a corrupted user profile to a new profile
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question Question
Change Icon Image on Desktop
Replies
5
Views
1K
JimSmith02
JimSmith02
Blackybear
  • Locked
  • Question Question
Win10 Impossible to right click from desktop?
Replies
5
Views
590
gbaughma
gbaughma
Leozack
  • Locked
  • Question Question
PC losing user from remote desktop access list
Replies
2
Views
335
Leozack
Leozack
_Larry_
  • Locked
  • Question Question
Cant Start Remote Desktop Services (error 126)
Replies
4
Views
844
_Larry_
_Larry_
techturtle
  • Locked
  • Question Question
Recording Remote Desktop Sessions
Replies
5
Views
414
Nelviticus
Nelviticus

Part and Inventory Search

Sponsor

Back
Top