Unbootable PC after downloading - help!

Hi there good folks,

Against my better judgement (on the recommendation of a "friend") I downloaded some software from a torrent site and ran it - since then my desktop PC is now unbootable.  The desktop background appears but no icons, taskbar, clock etc.  With ctrl-alt-del I can get the task manager and it shows a small fraction of the usual processes present.  In particular I notice that explorer.exe keeps terminating and restarting.

I have a copy of the Ultimate Boot CD for Windows and that boots OK - I've ran several scans using various virus/spyware/malware checkers and they found nothing.  I tried booting into safe mode but that also gives my just the desktop background and then hangs.

I have run HijackThis and will attached the log...any help or advice would be greatly appreciated.

Many thanks...James.

HijackThis log...



[saving disk space - old attachment deleted by admin]

WOW! That must be one of the worst HJT logs, I've seen for a while.

Firstly, I don't see any firewall running, unless you have Windows firewall up. Please, update me on this.
Secondly, you run HJT from temp folder: C:\Temp\HijackThis.exe. Before you run any fixes, create C:\HijackThis folder, put "hijackthis.exe" in that folder, and run it from there.

Now...

Download the program HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) which gives you the ability to restore the default host file back onto your machine. To do so, download the HostsXpert program and run it. When it opens, click on the Restore Original Hosts button and then exit HostsXpert.

Post new HJT log.

OK - I ran the HostsXpert utility and restored the hosts file.  Attached is the new HJT log.

Many thanks.

[saving disk space - old attachment deleted by admin]

Much better.
What about that firewall question, while I'm looking at your new HJT log?

Yes, with regard to the firewall, I only have the Windows firewall running.  Sounds like that's not enough?

1. Print this post out, since you won't have an access to it, at some point.

2. Download, and install Spybot (if you don't have it) from here: http://www.download.com/3000-2144-10122137.html

3. Close all windows, except for HJT.

4. Put a checkmark next to the following HJT entries:

- O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

- O4 - HKLM\..\Run: [Application Layer Services] avrsvc.exe

- O4 - HKLM\..\Run: [Application Layer Scheduler] agtsvc.exe

- O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)

- O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)

- O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)



5. Click on "Fix It" button.

6. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)

7. Run Spybot (check for updates, first), and fix whatever it asks you to fix.

8. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".

9. Delete following files (if they still exist):

- EmpirePoker folder from C:\Program Files

10. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

11. Restart in Normal Mode.

12. Turn System Restore on.

13. Run HJT again, and post back its log back here.

Yes, with regard to the firewall, I only have the Windows firewall running.  Sounds like that's not enough?

Yeah, but better, then nothing. We'll take care of it later, along with tens of your startups, where some of them are not necessary as startups. They just clog your system.

Ok - I have spybot and I also have the latest updates for it.  I did as you specified with HJT - ticking the listed entries and clicking on the fixit button - all ok. 

However, when starting up in safe mode I was unable to get access to start spybot.  The safe mode desktop background appeared with the windows cursor but clicking or using ctrl-alt-del did nothing at all.  Both keyboard and mouse were completely unresponsive.  (Itried booting into safe mode several times with the same result)  I used the power button to re-boot back into normal mode and that at least allows me to use ctrl-alt-del to get the task manager working. (I get no start button and right click does nothing).  With task manager I can then do: "File - New task(run)" and execute spybot.  Spybot is now running...

Hope this makes sense.

It's OK...Let's see what Spybot will come up with.
There may be some other issues involved.

Spybot found and fixed 10 problems - proceeding to next step...

Opening Windows Explorere is a challaneg as I don't have access to the start button, right click menus or any icons.  Also if I run explorer.exe from inside Task manager it starts for a few seconds and then terminates (see above).  So I ran Xplorer2 from my UBCD4WIN cd and looked for the EmpirePoker folder in Program files but it is not there. 

How do you suggest I turn off System Restore?

Many thanks.

Latest HJT log...

[saving disk space - old attachment deleted by admin]

Anything serious found there?

No not really - spybot found just tracker cookie's

Your HJT log is now clean.

How do you suggest I turn off System Restore?

It doesn't seem to be that important now to play with it.

I'd like to ask you to try Safe Mode one more time, and see if you can execute "explorer.exe" from Task Manager command.

spybot found just tracker cookie's

This is what I thought.

I'm sorry to say that Safe Mode is still unresponsive - just a black screen with "safe mode" in each corner.  No response from the keyboard or mouse clicks.  The mouse pointer moves - though nothing to click on or select!  Can't get ctrl-alt-del to do anything.

It's pretty sick isn't it!

Sure it is. I'm not even sure what to do next, because your computer seems to be clean, but I believe, that bad guy(s) you caught might have done some damage to system/boot files.

Do you have Windows XP CD, Recovery CD? How important is your computer data?

Yes, I have a windows XP cd and the UBCD4WIN which is also bootable. 

I'm pretty sure all my important data is on an external hard drive (now attached to my laptop - the one I'm posting this from)  I also have a second hard drive in the desktop with data on that I'd like to keep.  The c: drive is pretty much just the OS.  I use Google for email/contacts/calendar/favourites so no problem there.

In that case, I think, our best option would be to try XP repair option.
Nice tutorial here:
http://www.techspot.com/vb/topic8356.html

OK - I'm trying that right now.  The XP CD I have is definitely not the original installation cd, so not sure if that will trip me up but I'll give it a shot!

It should install, but later in order to download updates, you'll have to call M$ to get activation code...
Eh, I'm even not sure how it works in case of repair installation.

Hmm...well the setup keeps getting stuck on 33 minuties to go while "installing devices".  I've re-started it several times now after having disconnected everything external (printers, etc) and it gets stuck at the same point each time.

Any further thoughts?

[Moderator]

Yes. You need an official XP CD to do a repair install.
You can use another one but it needs to have flashy holograms and have Microsoft written all over it.

P.S. You want to find one that includes SP2 otherwise you will need to slipstream it into the one without it in order for it to work.