Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP Hanging 1

Status
Not open for further replies.
estevez9999

estevez9999

Technical User
Jun 7, 2003
10
0
0
GB
Hi Guys,

When my laptop is just about to get to desktop it hangs and no icons appear. If I do ctrl-alt-del and goto task manager and end explorer.exe and then - file - new task - explorer it gets back to the normal desktop. Any idea what the cause and resolution are?

Any advice would be greatlyu appreciated.

Cheers
Stephen
 
Sort by date Sort by votes
Is it just Icons that are missing or everything?
330170 - Your Desktop Icons Are Missing in Windows XP


See if System Restore will get you back to a restore point before your problem with Windows.

Try Safe Mode (Do you have this problem in Safe Mode?).

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.


It might be possible that your profile for your username has become corrupted. This article would assist in repairing it.

Error Message: Windows Cannot Load Your Profile Because It May Be Corrupted (Q318011)


Desktop missing!
thread779-613953
 
Upvote 0 Downvote
some shareware program may be preventing

the authentication

 
Upvote 0 Downvote
I tried the new account fix with no luck. How could I determine which shareware programme is causing this?
 
Upvote 0 Downvote
Do the Trend Micro Housecall and Panda antivirus online scans, both of which can be found in smah's FAQ: faq760-3862

There is at least a 50% chance that this behavior is viral.
 
Upvote 0 Downvote
Could it be that you have mapped drives (from work) and the
laptop connected at home network when starting it?

syar
 
Upvote 0 Downvote
Just ran the housecall and it said the drive was clean. Im sure i have a virus called Backdoor.orion although its not being detected.
 
Upvote 0 Downvote
Do the Symantec and Panda online scans from smha's FAQ.
 
Upvote 0 Downvote
310353 - How to Perform a Clean Boot in Windows XP



316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP


Spybot

Ad-aware

Will check your computer for spyware and adware.

Hijack This.

Will produce a logfile you can copy and post here.
 
Upvote 0 Downvote
Hi Guys,

I had already sun the spybot. Tried the clean reboot and it was still the same. Here is the Hijack output -

Logfile of HijackThis v1.97.7
Scan saved at 05:02:15, on 27/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\progra~1\ddm\sysu.exe
C:\WINDOWS\explorer.exe
\hcc-pc034\c$\My Music\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Internet Optimizer] "c:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [@driversdegb-htm] RunDll32 UDConn.dll,RunAsIcon @driversdegb
O4 - HKLM\..\Run: [53852480.exe] C:\WINDOWS\System32\53852480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
 
Upvote 0 Downvote
Upvote 0 Downvote
1. Turn off System Restore. right-click My Computer, Properties, System Restore and check the box to stop System Restore on all drives.

2. Bring up Task Manager, and end the process sysu.exe

3. Have Hijack This! remove:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll (file missing)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [@driversdegb-htm] RunDll32 UDConn.dll,RunAsIcon @driversdegb
O4 - HKLM\..\Run: [53852480.exe] C:\WINDOWS\System32\53852480.exe

O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) -
4. Bring up Task Manager, File, New task and type with the quotation marks RD /s "C:\progra~1\ddm\"

5. Reboot and test.

6. Re-enable System Restore.
 
Upvote 0 Downvote
Hi Guys,

Thanks so much for all your help on this. The last thread solved the problem. What a relief to finally get this one resolved.

Take it easy.
Stephen
 
Upvote 0 Downvote
The problem is that the "sysu.exe" malware was not added to antivirus scans until (in my case from Symantec Norton Antivirus, 12/26/2003). I do not know how many others have included a scan for this recent piece of garbage.

Fortunately, it is relatively easy to remove by hand. If Task Manager shows sysu.exe running, kill the task, remove the registry RUN key with Hijack, and delete the c:\Program Files\ddm\ folder.

Make sure you disable System Restore prior to removal, reboot, and re-enable System Restore.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

terrytype
  • Locked
  • Question
Windows XP-Prof validation code.
Replies
10
Views
107
terrytype
terrytype
Keyboy
  • Locked
  • Question
Windows Update just hanging 1
Replies
6
Views
57
Keyboy
Keyboy
krabban
  • Locked
  • Question
Dell OptiPlex 330 + SATA SSD + Win XP 2
Replies
11
Views
97
goombawaho
goombawaho
goombawaho
  • Locked
  • Question
No communication from XP machine to other network over PPTP VPN 1
Replies
11
Views
107
kjv1611
kjv1611
kjv1611
  • Locked
  • Question
Control Panel Window opens at Windows XP Pro Startup 1
Replies
4
Views
53
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top