Can't open SFC, msinfo32, no safemode

I'm using XP Home sp1. Clicking Help and Support from the start menu (Run > SFC or msinfo32 makes the cursor flicker for a moment then nothing. Nor can I boot into safemode.

I restored to a point where I knew H&S was working, but it didn't hlep. I haven't used a reg cleaner and I have tried XP Help restorer VB script from Doug Knox to no avail. I've run AdAwareSe, S&B, AVG, CWShredder - all ok.

Any ideas?

 

Hi Debi, and welcome.

Since you're so badly crippled, I would recommend doing a repair install. You'll need the full retail install cd for MS XP. No Restore disk will do.

Nice instructions here. This type of install will preserve all your personal files and settings. That's the way it's supposed to work but I would still suggest making a current backup if possible. You will need to get SP2 installed after the repair completes. I wish I could offer something easier but with sfc inoperable and no Safe Mode, there isn't much you can do.

Edit: Incidentally, does everything else except what you mentioned work OK?

 

<sigh> I was afraid of that... Means I'll have to reinstall updates, doesn't it?

The only other thing (so far) is just one shortcut (metapad) in the SendTo folder. Every time I try to use it, it says that it has been moved or changed and would I like to fix it. A minor thing, but annoying.

BTW - I have XP over 98SE. Would I just run the repair install XP?

Thank you for your time and advice. And the link.
Debi

 

Yes, you would still do it the same way as is outlined in that link. But first...

I think it would be a good idea to do a very thorough check of your drive for virus, worm, and trojan infectors. I recommend using an on-line service rather than your resident AV program.

I'll paste some links in that I have handy on my clipboard. I think they are still good links:

HOUSECALL http://housecall.antivirus.com/ (free scan)

SYMANTEC http://security2.norton.com/ssc/home.asp?langid=ie&venid=sym&plfid=23&pkj=QRPSFCSGFZVDTPSOERZ (free scan)

FOR TROJANS:

PANDA http://www.pandasoftware.com/ (free scan)

Update AdAware and run it again too.

It would be a shame to go to all the trouble of a repair install and it not do any good due to some virus or other gremlin being resident. Take the time to run all those free scans and let's see what it reveals. If nothing, forge ahead with the repair.

 

Got to admit this sounds suspiciously viral but what about logging in as different user or on the Administrators account? Is this possible? Is xp still broken?

 

Good idea Goddez1 It could be id corruption.

Then also I think it would be a good idea to run HiJackThis so we can eyeball some of what is going on in there. Debi, do that after doing all the on-line tests.

You can get the latest version of HiJackThis here if need be.

Download and unzip it to its own folder somewhere of your choice. Then run it > press SCAN > wait for completion > Press Save Log > Press Save again > Edit > Select All > Edit > Copy > File > Exit > Then close HJT and come back here and paste the Clipboard contents for all to see.

If you already have HJT and it's not version 1.98.2 (like mine wasn't), then I suggest you update. Unzip the update to its own folder and copy/paste the executable file it creates into the folder where your old version resides. Allow the over-write.

 

I've got the latest HJT and housecall already 'installed'.
I'll let you know asap.

 

Sorry this took so long, but I'm on a rural dial-up and Sunday was so full.

I ran all 3 scans and the only problem was that Symantec found
C:\DD\Programs\Done\Spybot DSO Stop.txt is infected with XMLid.Exploit
which I deleted, then ran the scan again.

I ran AdAware - no problems. Same with S&B.
I then tried a new user profile - no change.

The IE blank page (HJT) is just that - blank. I have to hit 'home' on the rare occasions when I use IE.


Logfile of HijackThis v1.98.2
Scan saved at 12:27:14 AM, on 11/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Tools\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm
O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O12 - Plugin for .3dml: C:\Program Files\Flatland\NProver.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093024975591
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

Debi, That looks clean to me. I'm no true expert on HJT so you might want to hang for someone more versed in it to be sure. I'm reasonably sure it OK though. The Panda scan you did would have caught any real threat. It's very critical.

To me, it looks like you run a fairly clean start up list so you should be good to go. I hate it that we can't pinpoint a specific cause but you don't have many tools left to work with. Oh well, the repair install isn't all thatbad anyway. Let's hope it does the trick so you don't have to do a full clean install.

Good luck.

Edit: Just for laughs, do a full drive search for sfc.exe and make sure it's there in system32 folder and sized at 9,728 bytes.

 

surferdude2,

Yes, it's there, as are the others. Weird, huh?
I do appreciate the time and effort you put in trying to help. We gave it a good try.

Thanks,
Debi

 

Although the Browser Bug you detected with Synabtec is probably cleansed, it wouldn't hurt to check your Registry for the Key mentioned here. If found, delete it as the article recommends.