# Win XP - blank desktop



## RenZny (Sep 14, 2005)

Similar to the recent post by *pow5*; I also have recently lost ALL of my Icons, the Taskbar, Menu bar, Start button, et.al.

However, unlike POW5, I *don't* get any type of window. Just my background picture.

This happened overnight...the last thing I did before this occurred was running SpyBot Search-and-destroy. Now...after the initial Windows log on screen, no matter which user I click on, the only thing we get is a lifeless background picture.

In order for me to use the computer, I open the Windows Task Manager (CTRL+ALT+DEL) and use the browser under New Task (Run).

I tried the "System Restore" application and chose a restore point from the beginning of August, but it didn't fix the problem.

Help!


----------



## Command.com (Sep 2, 2005)

I don't know if this would help but if you can only use the CTRL+ALT+DEL 
then when you go to browse.. "C:\windows\Explorer.exe" the one w/ the computer ICON Delete it .. wait abut a minute and windows will re-added (part of windows file protection system: WFP) so again at the CTRL+ALT+DEL open/run explorer.exe
or give it a reboot and see if it fixes. its probably worth a try...


----------



## RenZny (Sep 14, 2005)

Thanks...I tried that, but it didn't help.



If it makes any difference, my PC is infected with the *Aurora* virus/trojan/whatever and I've run McAfee, PCDoctor and SpyBot...still can't get rid of it.


----------



## Command.com (Sep 2, 2005)

I like to use www.housecall.antivirus.com it always seems to work great 
if not you can download ewido http://www.ewido.net/en/download/ and updated then run it in safe mode 
but perhaps you should post a Hijackthis log


----------



## RenZny (Sep 14, 2005)

How do you do the Hijackthis log again?


----------



## Command.com (Sep 2, 2005)

download from here run it save log and post the log here 
http://www.spywareinfo.com/~merijn/downloads.html


----------



## primetime212 (May 21, 2004)

RenZny said:


> Similar to the recent post by *pow5*; I also have recently lost ALL of my Icons, the Taskbar, Menu bar, Start button, et.al.
> 
> However, unlike POW5, I *don't* get any type of window. Just my background picture.
> 
> ...


read this

http://www.geekstogo.com/forum/No_Desktop_or_Startbar_Help-t37287.html

it is very possible you have CWSStartPage.O but run HJT first to make sure


----------



## dragjack (Jul 20, 2005)

had exactly the same problem.

the only way I managed to fix it was by
1. downloading and installing ewido security suite in safe mode
2. running a full scan with it
3. rebooting

also disabling the software that was running for my graphics card (Smart Doctor - for an ASUS graphics card)

you have to make sure you can log on normally in safe mode.

you can also try running CCleaner and check for registry issues that might look suspicious...


----------



## RenZny (Sep 14, 2005)

Command.com said:


> download from here run it save log and post the log here
> http://www.spywareinfo.com/~merijn/downloads.html


 OK..here is my log...

Logfile of HijackThis v1.99.1
Scan saved at 9:12:00 PM, on 9/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\My Downloads\HijackThis.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: TChkBHO Class - {D4E1661C-1AEF-48DD-B134-09BAC0255BD4} - C:\WINDOWS\SYSTEM32\wgjlc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] D:\SETUP.EXE 24***
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102121074\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [vcjwgqu] C:\WINDOWS\system32\cnbrxq.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## RenZny (Sep 14, 2005)

I have a new twist to my morbid tale; I cannot run a full viruscan on my PC (McAfee, Spybot, Housecall, you name it...) because when it hits a .dll file in my Intel(?) folder (C:\I386\DGSetup.dll) the PC freezes. It started with c:\I386\dhtmled.oc but I deleted it, then dhcpsapi.dl, then dhcpmon.dl, dhcpcsvc.dl, & dhcp.mi and I deleted them all (kept copy on disk) but the aforementioned one I can't get rid of.

Is there a connection?


----------



## RenZny (Sep 14, 2005)

Anyone have any input...?


----------



## primetime212 (May 21, 2004)

RenZny said:


> Anyone have any input...?


well if your explorer is completely gone..I dont really think there is a way to get it back..because I had the same thing happen to me...but anyways....try sfc \ scannow...if that doesnt work then try repair..if that doesnt work you will have to do a full install again


----------



## RenZny (Sep 14, 2005)

primetime212 said:


> well if your explorer is completely gone..I dont really think there is a way to get it back..because I had the same thing happen to me...but anyways....try sfc \ scannow...if that doesnt work then try repair..if that doesnt work you will have to do a full install again


 explorer.exe is there...I just have to go in, search for it and open it up manually.


----------



## primetime212 (May 21, 2004)

RenZny said:


> explorer.exe is there...I just have to go in, search for it and open it up manually.


google FixO.exe and run that ...it may bring back your desktop


----------



## RenZny (Sep 14, 2005)

primetime212 said:


> google FixO.exe and run that ...it may bring back your desktop


 Seems that it is no longer available...


----------



## Cookiegal (Aug 27, 2003)

Download and *Save Cleandesktop* to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script.

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to.

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Cannot find script file "blah blah blah" then don't worry just double click the cleandesktop.vbs script again as you sometimes get that message when a script blocker blocks the script.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

Another vbs is included to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs.

Open C:\ (Go to *Start*  *Run* and type *C: * Press enter) and Open the c:\desktopclean folder. Double click on *Other Profiles Regfix.vbs*

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your preferred picture press apply & then ok to exit and then press F5.

You will need to do this step for every user account.

*Click here* to download smitRem.exe. 
Save the file to your desktop. 
It is a self extracting file.
Double click the smitRem.exe and it will extract the files to a smitRem folder on your desktop. 
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

*Click here* to download Killbox and save it to your desktop.

Download Cleanup from *Here* 

 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*
 *DO NOT RUN IT YET*

Download the trial version of *Ewido Security Suite* *here*.
Install Ewido.
During the installation, under *Additional Options*uncheck *Install background guard* and *Install scan via context menu*.
Launch Ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click *update*
Click on *Start* and let it update.
*DO NOT* run a scan yet. You will do that later in safe mode.

*Click here* for info on how to boot to safe mode.

*Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.*

Restart your computer into safe mode now. Perform the following steps in safe mode:

Now go ahead and set your computer to show hidden files like so:

Go to *Start*  *Search* and under *More advanced search options*, make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders. *

Next, click on *My Computer*, Go to *Tools*  *Folder Options*. Click on the *View* tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types*. Now click *Apply to all folders. * Click *Apply* and then *OK. *

Run HijackThis again and put a check by these. Close *ALL* windows except HijackThis and click *Fix checked*

*F2 - REG:system.ini: Shell=

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: TChkBHO Class - {D4E1661C-1AEF-48DD-B134-09BAC0255BD4} - C:\WINDOWS\SYSTEM32\wgjlc.dll

O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [vcjwgqu] C:\WINDOWS\system32\cnbrxq.exe r

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe*

Double-click on Killbox.exe to run it. Now put a tick by *Standard File Kill*. In the *Full Path of File to Delete* box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the *Paste Full Path of File to Delete* box.

*C:\WINDOWS\SYSTEM32\wgjlc.dll

C:\WINDOWS\system32\cnbrxq.exe

C:\Program Files\MBKWBar\TManager.exe

c:\windows\SvcProc.exe*

*Note: * It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to 1miss any.

Exit the Killbox.

Locate and delete the following folder(s):

C:\Program Files\*MBKWBar*

Open the *smitRem* folder, then double click the *RunThis.bat* file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

Run Ewido:
Click on *scanner*
Click *Complete System Scan* and the scan will begin.
During the scan it will prompt you to clean files, click *OK*
When the scan is finished, look at the bottom of the screen and click the *Save report* button.
Save the report to your desktop

Go to *Control Panel*  *Internet Options*. Click on the *Programstab then click the Reset Web Settings button. Click Apply then OK.

Run Cleanup: 
 Click on the "Cleanup" button and let it run.
 Once its done, close the program.

Next go to Control Panel  Display. Click on the Desktop tab then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see an entry checked called something like Security info or similar. If it is there, select that entry and click the Delete button. Click OK then Apply and OK.

Restart back into Windows normally now.

Run ActiveScan online virus scan here

When the scan is finished, have it delete anything that it cannot clean. Make a note of the file location of anything that cannot be deleted so you can delete it yourself. - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the Ewido scan*


----------



## RenZny (Sep 14, 2005)

Wow! I've got some work to do.
Will do and let you know how it goes...so long as I don't blow up my PC!


----------



## Cookiegal (Aug 27, 2003)

If you see any smoke, let it rest for a bit.


----------



## RenZny (Sep 14, 2005)

Cookiegal said:


> Download and *Save Cleandesktop* to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe
> 
> It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script.
> 
> ...


STOP right there...
I did the above and nothing seemed to happen.
Explorer did restart....but I did not regain the right click.
Do I continue with the rest???


----------



## Cookiegal (Aug 27, 2003)

Yes please.


----------



## RichTheTech (Apr 22, 2005)

When I have seen this problem, it has been caused by an infection that had "ghosted" itself to the explorer shell. When you start the PC windows attempts to load explorer.exe but is redirected to instead load the infected file. If the infection has been removed, there is nothing to run and no desktop appears.

To find the offending registry entry you must download Autoruns from sysinternals. Use the attached link to get it:

http://www.sysinternals.com/Utilities/Autoruns.html

After downloading the program, double click to run it and click on the "image hijacks" tab. Reply with a list of all the items shown. If I am right, there will be one or more files listed that have been previously removed by scans.

Good Luck and let me know what you find.


----------



## RenZny (Sep 14, 2005)

RichTheTech said:


> When I have seen this problem, it has been caused by an infection that had "ghosted" itself to the explorer shell. When you start the PC windows attempts to load explorer.exe but is redirected to instead load the infected file. If the infection has been removed, there is nothing to run and no desktop appears.
> 
> To find the offending registry entry you must download Autoruns from sysinternals. Use the attached link to get it:
> 
> ...


I tried it and under the "Image Hijack" tab, the following was the only entry;
HKLM\software\Microsoft\Windows NT\current version\image files execution options
(Autorun Entry) Your Image File Name Here without a path
(Description) Symbolic Debugger for Windows 2000
(Publisher) Microsoft Corp.
(Image Path) c:\windows\system32\ntsd.exe


----------



## RichTheTech (Apr 22, 2005)

If explorer.exe is running when you look at processes in task manager, then I am mistaken in offering this fix, but if it is not, then we know what they are doing but not HOW they are doing it. 
I will try to figure out a solution for you, but it is hard to do without direct access to the PC.


----------



## RenZny (Sep 14, 2005)

Thanks RichTT...but I followed through with Cookiegal's procedure...*AND IT WORKED!!!*
:up:  :up: 
THANKS A MILLION COOKIE!!!!!  
I'm actually about to run ActiveScan and post my HiJackThis log...


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## RenZny (Sep 14, 2005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1102121074\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1102121074\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
c:\program files\common files\aol\1102121074\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1102121074\ee\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] D:\SETUP.EXE 24***
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102121074\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?4,0,1323,0
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Please print out or copy this page to Notepad. Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix.[/b]

*Download DSRFIX* from *HERE* onto your *Desktop*.
 *Unzip* and *EXTRACT* the files to your desktop.
 The program creates and names the new folder to house the files.
 *DO NOT RUN IT YET*

*Download Cleanup * from *Here* (Alternate site if the above is not working Go *Here*)
 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*
 *DO NOT RUN IT YET*

*CLOSE INTERNET EXPLORER, if it is open*

*Open the folder dsrfix*
*Double click on the dsrfix batch file* (the one with the little gear in it )
Once dsrfix has completed *it will close on its own*

Please restart HJT, put a checkmark next to the following items, and with all windows closed except for HJT, click *Fix Checked* and *EXIT* the program.

*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
*

*Run Cleanup*
 Click on the "*Cleanup*" button and let it run.
 Once its done, * close the program*.

*REBOOT* your system.

*Please restart HJT and post back a fresh HJT log for review*.


----------



## RenZny (Sep 14, 2005)

Cookiegal said:


> Please print out or copy this page to Notepad. Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix.[/b]
> 
> *Download DSRFIX* from *HERE* onto your *Desktop*.
> *Unzip* and *EXTRACT* the files to your desktop.
> ...





OK...but I do have just one question;
My broadband connection is via Optimum Online, and (even though I still have AOL) my Internet Explorer homepage is set to optimum online. *So*...will the above deletions have a negatove effect on my optonline hookup/homepage?


----------



## Cookiegal (Aug 27, 2003)

Just remove these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

Delete this file (it is from OptimumOnline but it's adware and not needed):

C:\Program Files\Optimum Online\*Netsurf.exe*


----------

