Empty desktop, No explorer, charlie.exe?

Moderator note: If viewing this topic because you have the same problem, please skip to post #32 and read on thru post #35

Hi,

I turned on my comp to find a blank desktop. The wallpaper appears but there is no taskbar and no desktop icons. This is the same for each user on the system. I was able to start the task manager and run a command prompt from there which allowed me to run some programs but not windows explorer. My system restore also seems to have been turned off and all restore points removed.

I managed to run a virus check with AVG free edition which detected an executable file 'charlie.exe' in the my pictures folder for two of the users saying they were trojans 'trojan horse backdoor.generic8.fjs'. AVG deleted these but, as I suspected, did not cure the problem. I have also run adaware but this never detected anything other than a handful of tracking cookies.

I have downloaded Hijack this V2.0.0, but will wait for advice before posting a log. Thanks in advance for your help.

Mark.

 

Hi Mark

See if you can download and run Deckards System Scanner. It will show us a bit more than HijackThis alone.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Thanks Noah,

Managed to download and run that with no problem, main.txt is posted below. I have saved extra.txt in case you need that later.
-------------------------------------------------------------

Deckard's System Scanner v20070826.66
Run by Owner on 2007-08-31 18:31:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-08-31 17:31:45 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-08-30 18:35:34 UTC - RP2 - Software Distribution Service 3.0
1: 2007-08-28 22:42:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 19.09 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-31 18:37:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gcal.ac.uk/student/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
O16 - DPF: Yahoo! Pool 2 () - http://download.games.yahoo.com/games/clients/y/poth_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163464279406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163464429562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - "C:\Program Files\Bonjour\mDNSResponder.exe "
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "
O23 - Service: GoogleDesktopManager - Unknown owner - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "
O23 - Service: KService - Kontiki Inc. - "C:\Program Files\Kontiki\KService.exe "
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe "
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 GT680x (GrandTechICNameNT) - c:\windows\system32\drivers\gt680x.sys <Not Verified; ; USB Scanner Driver>
S3 ids00026 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00026.sys (file missing)
S3 ids0005c - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0005c.sys (file missing)
S3 ids00118 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00118.sys (file missing)
S3 ids0014f - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0014f.sys (file missing)
S3 JL2005 (JL2005A Camera) - c:\windows\system32\drivers\toywdm.sys (file missing)
S3 MTK (Media Technology Kernel Driver) - c:\windows\system32\drivers\mtk.sys (file missing)
S3 ndiscm (Motorola SURFboard USB Cable Modem Windows Driver) - c:\windows\system32\drivers\netmotcm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R0 Nla (Network Location Awareness (NLA)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 KService - "c:\program files\kontiki\kservice.exe" <Not Verified; Kontiki Inc.; Delivery Manager>

S2 spmd (SPM License Server) - c:\spm\spmd.exe <Not Verified; mental images GmbH; Software Protection Management System>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 GoogleDesktopManager - "c:\program files\google\google desktop search\googledesktop.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-31 and 2007-08-31 -----------------------------

2007-08-28 23:46:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-28 23:46:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-27 22:21:30 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-08-27 19:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-26 14:34:08 0 d-------- C:\Documents and Settings\Sophie\Application Data\FloodLightGames
2007-08-26 14:34:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-08-23 00:02:42 0 d-------- C:\Program Files\Bonjour
2007-08-22 23:51:12 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-20 15:19:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-08-19 15:24:30 0 d-------- C:\Documents and Settings\All Users\Application Data\NannyMania
2007-08-18 21:18:04 0 d-------- C:\spm
2007-08-18 21:16:56 0 d-------- C:\Program Files\Common Files\Softimage
2007-08-18 21:11:50 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-08-18 12:43:16 0 d--h----- C:\Program Files\Zero G Registry
2007-08-18 12:42:44 0 d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2007-08-17 11:02:03 0 d-------- C:\Program Files\Kontiki
2007-08-17 11:02:03 0 d-------- C:\Program Files\Channel4
2007-08-17 11:02:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2007-08-17 11:01:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-08-16 08:53:52 0 d-------- C:\Program Files\MSXML 6.0
2007-08-12 23:41:29 0 d-------- C:\Documents and Settings\Sophie\Application Data\Apple Computer
2007-08-05 21:16:01 0 d-------- C:\Program Files\pl


-- Find3M Report ---------------------------------------------------------------

2007-08-30 19:34:38 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-08-28 09:37:53 0 d-------- C:\Program Files\Google
2007-08-27 13:24:25 0 d-------- C:\Program Files\MSN Games
2007-08-23 11:25:12 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-23 00:02:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-22 23:51:12 0 d-------- C:\Program Files\Common Files
2007-08-18 21:18:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-18 13:33:49 0 d-------- C:\Program Files\Opera
2007-08-02 21:46:45 0 d-------- C:\Program Files\MySQL-Front
2007-07-28 08:44:19 0 d-------- C:\Program Files\Common Files\EPSON
2007-07-27 18:44:52 0 d-------- C:\Program Files\PeerGuardian2
2007-07-27 18:39:42 0 d-------- C:\Program Files\NetLogo 3.1.3
2007-07-27 18:29:35 0 d-------- C:\Program Files\Java
2007-07-27 18:26:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 18:26:02 0 d-------- C:\Program Files\IKEA HomePlanner
2007-07-27 18:22:55 0 d-------- C:\Program Files\EPSON
2007-07-27 18:22:36 0 d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2007-07-27 18:16:45 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-07-27 18:15:58 0 d-------- C:\Program Files\AVSMedia
2007-07-17 23:43:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Star-Tools
2007-07-17 23:41:18 0 d-------- C:\Program Files\EasyPHP 2.0b1
2007-07-17 23:36:52 0 d-------- C:\Program Files\PHP
2007-07-15 20:53:51 0 d-------- C:\Program Files\Apache Software Foundation
2007-07-07 22:01:28 0 d-------- C:\Program Files\MySQL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [19/10/2005 09:59]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [19/10/2005 09:59]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"pdfSaver3 "=" " []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/02/2006 23:27]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/08/2007 10:40]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [09/11/2006 16:07]
"4oD "= "C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"kdx "= "C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk
backup=C:\WINDOWS\pss\blueyonder Instant Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyIM]
C:\Program Files\BeeNut\BeeNut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce3d231-61b5-11db-9735-000874c09dd6}]
AutoRun\command- Iexplores.exe




-- End of Deckard's System Scanner: finished at 2007-08-31 18:39:29 ------------

Mark.

 

Hi Mark,

Just wanted to let you know I haven't overlooked you .......... just an extremely long day. I need sleep, so will offer more tomorrow.

Browse to C:\Windows and see if explorer.exe exists. If so, select it and see if it runs.

 

Hi Dave,

I appreciate your help I don't expect your total commitment, I'll keep an eye on the post for when your ready.

I have tried to run explorer already and couldn't get it to go. The exe is in the windows folder but won't run, the computer seems to try to run it and the task bar flashes once. Aside from explorer, the other programs I've tried seem to run ok, eg IE, AVG, AdAware.

Thanks,

Mark.

 

From Task Manager File>New Task (Run) type regedit and hit enter to open the Registry editor. Navigate to the following key (folder).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsft\Windows NT\CurrentVersion\Image File Execution Options

Expand the Image File Execution Options key. If there is a key named explorer.exe and/or iexplore.exe under it, click once on each to select, then right click>delete.

Reboot.

 

Had a look, those keys don't exist in that folder.

Mark

 

See if a command window will open by typing cmd in the Run dialog. If so, paste or type the following command in the command window and hit enter.

dir %Systemdrive%\explorer.exe /a h /s > C:\check.txt

When it completes, browse to and run C:\check.txt
Copy the results and post here.

 

Ok, that worked.

The post is below.

I don't know if this has anything to do with my problem but when I checked to see if that had finished running I had an alert dialog saying there was a problem with cmd, 'no disc'. I have had this problem occasionaly with various apps over the last few weeks.

Mark.

---------------------------------------------------

Volume in drive C has no label.
Volume Serial Number is D888-690E

Directory of C:\WINDOWS

13/06/2007 11:23 1,033,216 explorer.exe
1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$hf_mig$\KB938828\SP2QFE

13/06/2007 12:26 1,033,216 explorer.exe
1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$NtUninstallKB938828$

04/08/2004 13:00 1,032,192 explorer.exe
1 File(s) 1,032,192 bytes

Directory of C:\WINDOWS\system32\dllcache

13/06/2007 11:23 1,033,216 explorer.exe
1 File(s) 1,033,216 bytes

Directory of C:\Documents and Settings\Owner\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\CMap

29/08/2003 14:30 3,778 H
1 File(s) 3,778 bytes

Total Files Listed:
1 File(s) 3,778 bytes
0 Dir(s) 15,793,602,560 bytes free

 

May sound crazy, but from the run dialog type appwiz.cpl and hit enter. Uninstall GoogleDesktopManager and reboot.

If still no explorer, browse to C:\Windows, right click explorer.exe and delete. Now browse to C:\Windows\system32\dllcache, right click explorer.exe and select copy, go back to C:\Windows, right click a blank space and select paste. Try to start explorer.

 

Tried that, but to no avail.

It's funny you should mention the google desktop manager because it was installed with realplayer just before the problem started. I thought I had removed it all but I think there were multiple components.

Still getting exactly the same problem with explorer, it appears to try to start but crashed out immediately.

 

Not something I recommend very often, but lets see if you can do a system restore to a couple days ago. Browse to and select C:\WINDOWS\system32\Restore\rstrui.exe

If the following restore point is prior to the problem, try it.

2007-08-28 22:42:05 UTC - RP1 - System Checkpoint

If that doesn't fix it, see if there's another prior to that date.

 

Unfortunately not,

This was one of the first things I checked when I discovered the problem. The system restore was turned off and the only restore point was for that day. I am fairly certain that I have not turned off system restore and suspected that whatever caused my problem also deactivated this.

I did try to restore to this point anyway, but got issued the message that system restore could not complete because no changes have been made. Since this is the earliest restore point, going back further is not an option.

Mark

 

Copy the contents of the quote box below to a blank notepad. Save it to C: as;

Filename: look.bat
Save as type: All Files (*.*)

Now run look.bat and post the contents of look.txt, which will open when it completes (will be located in C: also).

 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr REG_DWORD 0x0
DisableRegistryTools REG_DWORD 0x0

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91

 

Navigate to the system32 folder and start csrss.exe
Check Task Manager to verify it is running, then try starting explorer.

 

Ok, tried that and got the following error dialogue:

The C:\WINDOWS\system32\csrss.exe application cannot be run in Win32 mode.

 

Paste the following command in a command window and hit enter.

dir %Systemdrive%\csrss.exe /a h /s > C:\check2.txt

Post the contents of C:\check2.txt

 

Paste the following command on the run line and hit enter (include the quotes).

regedit.exe /e c:\subsystem.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems "

Post the contents of C:\subsystem.txt

 

Volume in drive C has no label.
Volume Serial Number is D888-690E

Directory of C:\WINDOWS\system32

04/08/2004 13:00 6,144 csrss.exe
1 File(s) 6,144 bytes

Directory of C:\WINDOWS\system32\dllcache

04/08/2004 13:00 6,144 csrss.exe
1 File(s) 6,144 bytes

Directory of C:\Documents and Settings\Owner\Local Settings\Application Data\Macromedia\Flash MX 2004\en\Configuration\Importers\CMap

29/08/2003 14:30 3,778 H
1 File(s) 3,778 bytes

Total Files Listed:
1 File(s) 3,778 bytes
0 Dir(s) 20,724,097,024 bytes free