On Sunday 2/8, my husband saw a messgae that "new hardware had been installed - would you like to install the driver" - clicked "yes" - and all our problems started.
It began with a windows login loop - a windows login window would pop up (this is not the way things used to work - we would just get the page with all our names, you would click on your name and it would load your settings). You hit return (there's no password), it would say it was loading your settings, then immediately log you out again. Also happening in Safe mode.
I was able to use my husband's laptop to look up some information on this and it seemed like I needed to use the Recovery Console to COPY USERINIT.EXE to WSAUPDATER.EXE in the WINDOWS\SYSTEM32 directory. Only problem was, USERINIT.EXE was missing. It was nowhere to be found in any of the other places it was "supposed" to be either (dllcache, etc.). I had an old hard drive that was sort of flaky as a slave in my machine, so I wound up finding it there (packed) in i386 directory and expanded it to c:\WINDOWs\System32 and was able to perform the above. Ok great, winlogin loop solved. Now I am supposed to make a registry change. Guess what. Regedit also missing. As well as CMD. So I move or expand them from the old drive as well.
When I finally get to the registry entry in question, I see something that looks weird : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=c:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\Jim\qot.exe \s
So I remove the second part. Now whenever I login, we get the wallpaper but no icons, taskbar, start menu, etc. I tried putting that second part back but it didn't seem to matter. I try to pull up Taskmgr using CTRL-ALT-DEL. Guess what. Taskmgr is gone too. I expand that from my old hard drive. So now at least I can bring up Taskmgr and run a few things from there - like internet explorer.
Oh, somewhere in here I try to do a few system restores but nothing changes.
I ran a McAfee scan and got rid of everthing that came up with that. That's what gave me the New Win32 virus name anyway. I have tried to figure out what is causing our no icons/no taskbar/no start menu problem. I can't figure it out. Plus I feel like there must be vestiges of this thing hanging around - the first night I was working on it I kept getting some "trojan" blocks from McAfee.
Now, at this point I have resigned myself to getting my data off my hard drive and reinstallng XP. However, when I go to use the CD burner to copy my data, the CD burner executable can't be found. ARRRGGGHH! I put the installation CDs in and try to install it - it looks like it's doing it ( a little too quickly) - but nothing changes. Executable still not found. I figure maybe I need to uninstall Rocio Creator and then reinstall. But because I can only run thing through taskmgr in "regular" mode, and I don't know where to find things to run them (like Add/Remove programs), I go back to safe mode (Where my icons and everything DO appear) and try it. But it says it can't - and I don't know if that's because it's in safe mode or because windows installer is corrupted or what. BTW, when I am in regular mode, and try to run cmd to get a command prompt, the window pops up for a second and then disppears.
I have been poking around on the internet to try and figure out what to do. I could possibly copy my data to my flaky old hard drive, but I don't trust it, because it's well, FLAKY. I worry that if I got an external hard drive I might not be able to install the proper drivers to get it working in order to move my data over. I found this forum and here is what I have done so far. I downloaded and ran the ATFCleaner. I downlaoded, unzipped and tried to use SysRestorePoint but I get the error "The application field to initialize properly (0xc000007b). CLick on OK to terminate the application." I downladed and ran ERUNT. I downloaded and tried to run MalwareBytes' AntiMalware, but got this: while it was extracting files, I got two errors - the first one had "vbAccelerator SGrid II Control) in the header (top bar of the window) and said "Runtime error '0'" and the second one had "Malwarebytes' AntiMalware" in the title bar and said "Runtime error '440': Automation error". This happens again, 2x for each error, as the program is "Finishing installation" - then I get to the "Completing" screen, where the 2 things are checked, say ok and I get the same errors 2x each again. Nothing else.
I ran Ad-Aware at this point and it came up with 3 main (8 total if you include the "subcategories") malwares, which I deleted (stupidly, I did not write down what it said and now can't figure out how to get it back).
I downloaded and ran HijackThis and I do not get a log file window at the end in Notepad - just the main window list. The only way I can figure to get the list to you is from the TrenSecure "Compare your list to others" page. Sorry, don't know what else to do.
Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.
Index % of PCs with item Code Data
1 0.0% F2 UserInit=C:\WINDOWS\system32\userinit.exe.,C:\Documents and Settings\Shayna\yboiogx.exe \s
2 0.0% O14 START_PAGE_URL=http://www.comcast.net
3 0.0% O15 http://*.mcafee.com
4 0.0% O16 {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
5 0.0% O16 {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmai..._downloader.cab
6 0.0% O16 {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://photolab1.lif...PUploader45.cab
7 0.0% O16 {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205345942484
8 0.0% O16 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
9 0.0% O20 GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
10 0.0% O22 jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
11 0.0% O23 iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
12 0.0% O23 McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
13 0.0% O23 McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
14 0.0% O23 McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
15 0.0% O23 McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
16 0.0% O23 McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
17 0.0% O23 WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
18 0.0% O23 Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
19 0.0% O23 Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
20 0.0% O23 Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
21 0.0% O23 IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
22 0.0% O23 Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
23 0.0% O23 Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
24 0.0% O23 stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
25 0.0% O23 Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
26 0.0% O23 NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
27 0.0% O23 Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
28 0.0% O23 MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
29 0.0% O23 Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
30 0.0% O23 Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
31 0.0% O23 COM System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
32 0.0% O23 McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
33 0.0% O23 Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
34 0.0% O23 Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
35 0.0% O23 QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe (file missing)
36 0.0% O23 Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
37 0.0% O23 Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
38 0.0% O23 Media Center Scheduler Service (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe (file missing)
39 0.0% O23 Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
40 0.0% O23 McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
41 0.0% O23 Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
42 0.0% O23 GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
43 0.0% O23 Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
44 0.0% O23 InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
45 0.0% O23 Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
46 0.0% O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
47 0.0% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
48 0.0% O4 [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
49 0.0% O4 [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
50 0.0% O4 [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
51 0.0% O4 [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
52 0.0% O4 [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
53 0.0% O4 Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
54 0.0% O4 [ehTray] C:\WINDOWS\ehome\ehtray.exe
55 0.0% O4 [SigmatelSysTrayApp] stsystra.exe
56 0.0% O4 [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
57 0.0% O4 [Persistence] C:\WINDOWS\system32\igfxpers.exe
58 0.0% O4 [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
59 0.0% O4 [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
60 0.0% O4 [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
61 0.0% O4 [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
62 0.0% O4 [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
63 0.0% O4 [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
64 0.0% O4 [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
65 0.0% O4 ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
66 0.0% O4 [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
67 0.0% O4 [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
68 0.0% O4 [iRiver Updater] \Updater.exe
69 0.0% O4 Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
70 0.0% O4 Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe
71 0.0% O4 [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
72 0.0% O4 [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (User '?')
73 0.0% O4 ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
74 0.0% O4 Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
75 0.0% O4 [MSS_NewsFlash] "C:\Program Files\Blvd2009\blvdnews.exe"
76 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
77 0.0% O4 [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
78 0.0% O4 [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
79 0.0% O4 [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
80 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
81 0.0% O4 [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
82 0.0% O4 [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User '?')
83 0.0% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
84 0.0% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
85 0.0% O9 (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
86 0.0% O9 (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
87 0.0% O9 @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
88 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
89 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
90 0.0% O9 ComcastHSI - {191A27A9-5800-4898-8EF0-4B50C53B3E59} - http://www.comcast.net (file missing) (HKCU)
91 0.0% O9 Support - {CDDFEDC6-DC12-407A-989B-9D0E5C428E33} - http://www.comcastsupport.com (file missing) (HKCU)
92 0.0% O9 Help - {D57B8093-9F95-4688-A9DF-58EB51804BCE} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
93 0.0% P01 C:\WINDOWS\system32\svchost.exe
94 0.0% P01 C:\WINDOWS\system32\lsass.exe
95 0.0% P01 C:\WINDOWS\system32\winlogon.exe
96 0.0% P01 C:\WINDOWS\system32\services.exe
97 0.0% P01 C:\WINDOWS\System32\smss.exe
98 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
99 0.0% P01 C:\WINDOWS\system32\taskmgr.exe
100 0.0% P01 C:\PROGRA~1\mcafee.com\agent\mcagent.exe
101 0.0% P01 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
102 0.0% P01 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
103 0.0% P01 C:\Program Files\McAfee\MPF\MPFSrv.exe
104 0.0% P01 C:\Program Files\Bonjour\mDNSResponder.exe
105 0.0% P01 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
106 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
107 0.0% P01 C:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
108 0.0% P01 C:\Program Files\McAfee\VirusScan\Mcshield.exe
109 0.0% P01 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110 0.0% P01 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
111 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
112 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/sports/mlb/
113 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
114 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
115 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
116 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
117 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
Thanks for any help you might be able to give me to at least get my data off the hard drive.
Shayna Atkinson
Sign In
Create Account
