[XLTodd]

Hey Grey,

I searched and did not find wp.bmp or any of the .html files you mentioned. I downloaded the reg file and added it to the registry. I rebooted. I still have no icons, I cannot access desktop settings by right clicking the desktop or via control panel. Some programs will now start by clicking start -> all programs -> (program). I started Ewido in normal mode (didn't run it.). I started Spybot and was able to update definitions, but I didn't run it. I tried to open Internet Explorer, nothing happened. I tried to open Control Panel, nothing happened. There is something (a msg box?) that flashes sporadically on the desktop. It's so fast that I cannot make out anything on it. It's bigger than the typical msg/error box. It seems to be about 4 in. X 3 in. After I tried to open IE and CP, about 1 to 2 mins later a "red X" info box opened up with the following:

"Cannot find the file '(null)' (or one of it's components). Make sure the path and filename are correct and that all required libraries are available."

After that, pruter locks up...only task mgr will open. Any other ideas? I REALLY DON"T WANT to do a format/reinstall. Thanks for the help!

[Advertisements]

If you can, update those antispyware programs and Ewido...then run them in Safe Mode and remove what they find. See if they find anything.

[greyknight17]

If you can, update those antispyware programs and Ewido...then run them in Safe Mode and remove what they find. See if they find anything.

[XLTodd]

Hey Grey,

I'm still here. Just been working alot lately and haven't had time to get back down there yet. I'll be going by there monday morning and I'll post the results shortly after. Thanks for hanging in there with me.

[greyknight17]

No problem. I will be here in the evening (after work).

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[greyknight17]

Topic re-opened per user's request.

[XLTodd]

Hey man,

I finally made it back down here. I'm updating and scanning right this second. I'll post the results shortly! Thanks!

[XLTodd]

OK...I'm in safe mode. I updated and ran Ewido. Here is the report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:22:28 AM, 10/8/2005
+ Report-Checksum: 10C6DFF5

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup


::Report End


Spybot found updates but they will not download. I keep getting a "checksum" error. It has finished scanning and found nothing. This is where I stand:

Still no icons on desktop. In normal mode, I have to bring up task mgr and "run" programs that way most of the time. Sometimes, after a reboot into normal mode, I can navigate via the Start button. But that doesn't last long. The button quits responding and I have to do the Ctl Alt Del to get it the puter to do anything. Where do we go from here? Thanks again for all the help!

[greyknight17]

For Spybot, try choosing another download location (you should see a button for it on top, choose it and select a different location...then update).

Try running the smitRem tool again in Safe Mode.

Boot back to normal mode and give me the smitfiles.txt log and also a new HijackThis log.

[XLTodd]

OK...I was finally able to get Spybot to update. It ran fine and found nothing.

Ran Smitrem in Safe mode. Here is the log:

smitRem log file
version 2.3

by noahdfear

The current date is: Sat 10/08/2005
The current time is: 10:23:55.62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!

Here is the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:53 AM, on 10/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\CA\Alert\ALERT.EXE
C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe
C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\Program Files\CA\BrightStor ARCserve Backup\RDS.EXE
C:\Program Files\CA\iGateway\iGateway.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\COMMON~1\CA\SCANEN~1\InoDist.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
D:\IBM\unishared\unirpc\unirpcd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caloggerd.exe
D:\IBM\UV\bin\uvservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
D:\IBM\UV\bin\uvdlockd.exe
D:\IBM\UV\bin\tl_service.exe
C:\Program Files\Common Files\CA\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caauthd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LDBServer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\LQServer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.al.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122405885562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AAB5DCD-1C87-4BE6-817C-4E45A168FD5A}: NameServer = 209.225.8.42,67.97.48.9
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\Common Files\CA\Alert\ALERT.EXE
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\Program Files\APC\PowerChute Business Edition\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\Program Files\APC\PowerChute Business Edition\server\pbeserver.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BrightStor AB Database Engine (CASDBEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: BrightStor Discovery Service (CASDiscoverySvc) - Computer Associates - C:\Program Files\Common Files\CA\BrightStor\CADS\casdscsvc.exe
O23 - Service: BrightStor AB Job Engine (CASJobEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: BrightStor AB Message Engine (CASMsgEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: BrightStor AB Service Controller (CASSvcControlSvr) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: BrightStor AB Tape Engine (CASTapeEngine) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: BrightStor AB Domain Server (CASUnivDomainSvr) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: CA Remote Procedure Call Server (CATIRPC) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iGateway - Unknown owner - C:\Program Files\CA\iGateway\iGateway.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Uni RPC Service (unirpc) - IBM Corporation - D:\IBM\unishared\unirpc\unirpcd.exe
O23 - Service: UniVerse Resource Service (universe) - IBM Corporation - D:\IBM\UV\bin\uvservice.exe
O23 - Service: UniVerse Telnet Service (uvtelnet) - IBM Corporation - D:\IBM\UV\bin\tl_service.exe

There you go. I'm having to go back and forth between safe and normal because Internet Explorer will not work in normal mode. Thanks!

[greyknight17]

OK, we'll have to go with the Windows repair and see if that will bring back your desktop icons and menu. Please visit this site and follow the directions there.

[XLTodd]

Ok..I'll try that next. But, doing those step won't wipe out the existing network settings will it? I can't let that happen because I don't have the time to set everything back up. Thanks again for all the assistance!

[greyknight17]

This shouldn't wipe out any of your network settings or data, unless the corrupted files are associated with files used by your network...

If you want to double check, then ask this in the Windows forum..."will doing a Windows 2000 repair delete any of my existing network settings?"...then continue if it doesn't.

[XLTodd]

I'm going to try and get back down there this Saturday, 10-15. I took your suggestion and posted that question about network settings at MS...I'm awaiting a reply. If the current network settings will not be affected, I will proceed with your instructions. Thanks again for all the assistance and your patience!

[greyknight17]

No problem XLTodd. Tell me how it went.