Can not open programs or folders (or anything) XP.

Dear all,

please help my g/f has problem with her XP based laptop (which kind of means I have a problem with her laptop).

She tells me her laptop became very slow and after a reboot she was not able to open any programs. She can not open the start menu or any folders or other desktop icons.
She also can not access the task manager. She can right click on icons, the menu appears as normal yet nothing happens when trying to open anything.

We have booted into safe mode where all programs seem to function as normal. Task manager tells us the cpu is practically 0% busy.

I have been reading around online and found lots of threads which describe similar scenarios, on similar operating systems. But most are either very old or different enough for me to think it is worth a new thread. I apologize if I may be mistaken on that.

In the similar solutions most people seem to regard the problem as virus related and say the first thing to do is a scan (something about disabling executables or something).
We have tried downloading AVG or similar through safe mode, but it crashes whenever we try. Even if we were to succeed I dont know how we would run the file if *.exe are corrupted. As I said we cant run a thing in normal mode, so no access to AV software

I have also tried to run a system restore from the safe mode with command line. We got to selecting a recent file but whenever we hit next nothing seemed to happen. No indication of loading or processing, so we gave up after around 5 mins.

In safemode she was able to open regedit and we checked for the .exe class in HKEY_LOCAL_MACHINE\software\classes ( i am remembering the path from memory, i may be not quite right) either way the .exe entry appeared fine. (compared with my LT which is working ok)

These are the main options I have found on other forums and none seem to quite work. I understand the first step has to be to run spyware, virus software and malware, yet we can't run anything.

Sorry if this sounds easy or trivial to anyone, but it is all new to me and I am doing my best!


Any advice what so ever ranging from just something to try to a "forget it, format it" is welcome. Although I am hoping you guys can help us avoid the latter option.


Many thanks in advance,

Dave and Marie

Restart in Safe Mode with Networking.

Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32

ok, thanks for your reply. Sorry mine has been delayed, but it was night time here and i got some sleep while waiting.

I am going to post all the details in case some is relevant. Sorry for all the junk, if it is not.



Here is the output she receives for explorer.exe


a-squared     4.5.0.18     2009.07.03     -
AhnLab-V3     5.0.0.2     2009.07.03     -
AntiVir     7.9.0.204     2009.07.03     -
Antiy-AVL     2.0.3.1     2009.07.03     -
Authentium     5.1.2.4     2009.07.02     -
Avast     4.8.1335.0     2009.07.02     -
AVG     8.5.0.386     2009.07.03     -
BitDefender     7.2     2009.07.03     -
CAT-QuickHeal     10.00     2009.07.03     -
ClamAV     0.94.1     2009.07.03     -
Comodo     1538     2009.07.02     -
DrWeb     5.0.0.12182     2009.07.03     -
eSafe     7.0.17.0     2009.07.02     -
eTrust-Vet     31.6.6595     2009.07.03     -
F-Prot     4.4.4.56     2009.07.02     -
F-Secure     8.0.14470.0     2009.07.03     -
Fortinet     3.117.0.0     2009.07.03     -
GData     19     2009.07.03     -
Ikarus     T3.1.1.64.0     2009.07.03     -
Jiangmin     11.0.706     2009.07.03     -
K7AntiVirus     7.10.782     2009.07.02     -
Kaspersky     7.0.0.125     2009.07.03     -
McAfee     5664     2009.07.02     -
McAfee+Artemis     5664     2009.07.02     -
McAfee-GW-Edition     6.8.5     2009.07.03     -
Microsoft     1.4803     2009.07.03     -
NOD32     4212     2009.07.03     -
Norman     6.01.09     2009.07.03     -
nProtect     2009.1.8.0     2009.07.03     -
Panda     10.0.0.14     2009.07.02     -
PCTools     4.4.2.0     2009.07.03     -
Prevx     3.0     2009.07.03     -
Rising     21.36.43.00     2009.07.03     -
Sophos     4.43.0     2009.07.03     -
Sunbelt     3.2.1858.2     2009.07.02     -
Symantec     1.4.4.12     2009.07.03     -
TheHacker     6.3.4.3.360     2009.07.03     -
TrendMicro     8.950.0.1094     2009.07.03     -
VBA32     3.12.10.7     2009.07.03     -
ViRobot     2009.7.3.1818     2009.07.03     -
VirusBuster     4.6.5.0     2009.07.02     -
weitere Informationen
File size: 1036288 bytes
MD5   : 64d320c0e301eedc5a4adbbdc5024f7f
SHA1  : 31e7d89607ba519b1473f6449f5e638282feb6c 6
SHA256: 7db5fea62544b169e31860576b3a269f25822bd 267551d3f7f330fbd2320e821
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1A8CE
timedatestamp.....: 0x466FC588 (Wed Jun 13 12:23:04 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44AD9 0x44C00 6.36 7de882aa0da62b155286cb91c8f0fbd9
.data 0x46000 0x1DB4 0x1800 1.30 25fdde5ea7a06e94390eb8773b825a55
.rsrc 0x48000 0xB2F60 0xB3000 6.64 9dee16dfefe80f1cfe38f9bcf325c5fb
.reloc 0xFB000 0x3720 0x3800 6.76 924c25a2a1584ac973811d65894c44fa

( 13 imports )

> advapi32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> browseui.dll: -, -, -, -
> gdi32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> kernel32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> oleaut32.dll: -, -
> shdocvw.dll: -, -, -
> shell32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> shlwapi.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> user32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> uxtheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=64d320c0e301eedc5a4adbbdc5024f7f
ssdeep: 12288:lRFHBdIwCDrA6hWVz0v/dGM+sNzabYEoJpaz/g/J/vWyM:lzhOwCDE6hCOlj+sNEYraz/g/J/uy
PEiD  : -
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=64d320c0e301eedc5a4adbbdc5024f7f
RDS   : NSRL Reference Data Set




and for windows\system32\svchost.exe

a-squared     4.5.0.18     2009.07.11     -
AhnLab-V3     5.0.0.2     2009.07.11     -
AntiVir     7.9.0.204     2009.07.11     -
Antiy-AVL     2.0.3.1     2009.07.10     -
Authentium     5.1.2.4     2009.07.11     -
Avast     4.8.1335.0     2009.07.10     -
AVG     8.5.0.387     2009.07.11     -
BitDefender     7.2     2009.07.11     -
CAT-QuickHeal     10.00     2009.07.10     -
ClamAV     0.94.1     2009.07.11     -
Comodo     1619     2009.07.11     -
DrWeb     5.0.0.12182     2009.07.11     -
eSafe     7.0.17.0     2009.07.09     -
eTrust-Vet     31.6.6608     2009.07.10     -
F-Prot     4.4.4.56     2009.07.11     -
F-Secure     8.0.14470.0     2009.07.11     -
Fortinet     3.120.0.0     2009.07.11     -
GData     19     2009.07.11     -
Ikarus     T3.1.1.64.0     2009.07.11     -
Jiangmin     11.0.706     2009.07.11     -
K7AntiVirus     7.10.790     2009.07.11     -
Kaspersky     7.0.0.125     2009.07.11     -
McAfee     5673     2009.07.11     -
McAfee+Artemis     5673     2009.07.11     -
McAfee-GW-Edition     6.8.5     2009.07.11     -
Microsoft     1.4803     2009.07.11     -
NOD32     4235     2009.07.11     -
Norman     6.01.09     2009.07.10     -
nProtect     2009.1.8.0     2009.07.11     -
Panda     10.0.0.14     2009.07.11     -
PCTools     4.4.2.0     2009.07.11     -
Rising     21.37.52.00     2009.07.11     -
Sophos     4.43.0     2009.07.11     -
Sunbelt     3.2.1858.2     2009.07.11     -
Symantec     1.4.4.12     2009.07.11     -
TheHacker     6.3.4.3.365     2009.07.11     -
TrendMicro     8.950.0.1094     2009.07.10     -
VBA32     3.12.10.8     2009.07.11     -
ViRobot     2009.7.11.1831     2009.07.11     -
VirusBuster     4.6.5.0     2009.07.11     -
weitere Informationen
File size: 14336 bytes
MD5   : 65a819b121eb6fdab4400ea42bdffe64
SHA1  : 0dfdee2871427e9c40ec82541156884ff9b4bfa 3
SHA256: 1569ba783cec423f6d01f8aded247d60e17b14f 7ade34f58c18b882ab7068bf5
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x41107ED6 (Wed Aug 4 08:14:46 2004)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C00 0x2C00 6.29 420df24e201392421fb0026174c3d87c
.data 0x4000 0x1F0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07

( 0 imports )


( 0 exports )
TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=65a819b121eb6fdab4400ea42bdffe64
ssdeep: 384:ch3iRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:FT/3Ska6Lh8C
PEiD  : -
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=65a819b121eb6fdab4400ea42bdffe64
RDS   : NSRL Reference Data Set

( Microsoft )

Disc 2438.5: svchost.exeMSDN Disc 2438.7: svchost.exeMSDN Disc 2438.8: svchost.exe




and for useinit.exe


a-squared     4.5.0.18     2009.07.08     -
AhnLab-V3     5.0.0.2     2009.07.08     -
AntiVir     7.9.0.204     2009.07.08     -
Antiy-AVL     2.0.3.1     2009.07.08     -
Authentium     5.1.2.4     2009.07.08     -
Avast     4.8.1335.0     2009.07.08     -
AVG     8.5.0.386     2009.07.08     -
BitDefender     7.2     2009.07.08     -
CAT-QuickHeal     10.00     2009.07.08     -
ClamAV     0.94.1     2009.07.08     -
Comodo     1578     2009.07.08     -
DrWeb     5.0.0.12182     2009.07.08     -
eSafe     7.0.17.0     2009.07.08     -
eTrust-Vet     31.6.6604     2009.07.08     -
F-Prot     4.4.4.56     2009.07.08     -
F-Secure     8.0.14470.0     2009.07.08     -
Fortinet     3.117.0.0     2009.07.03     -
GData     19     2009.07.08     -
Ikarus     T3.1.1.64.0     2009.07.08     -
Jiangmin     11.0.706     2009.07.08     -
K7AntiVirus     7.10.787     2009.07.08     -
Kaspersky     7.0.0.125     2009.07.08     -
McAfee     5670     2009.07.08     -
McAfee+Artemis     5670     2009.07.08     -
McAfee-GW-Edition     6.8.5     2009.07.08     -
Microsoft     1.4803     2009.07.08     -
NOD32     4224     2009.07.08     -
Norman     6.01.09     2009.07.08     -
nProtect     2009.1.8.0     2009.07.08     -
Panda     10.0.0.14     2009.07.08     -
PCTools     4.4.2.0     2009.07.08     -
Prevx     3.0     2009.07.08     -
Rising     21.37.24.00     2009.07.08     -
Sophos     4.43.0     2009.07.08     -
Sunbelt     3.2.1858.2     2009.07.08     -
Symantec     1.4.4.12     2009.07.08     -
TheHacker     6.3.4.3.363     2009.07.08     -
TrendMicro     8.950.0.1094     2009.07.08     -
VBA32     3.12.10.7     2009.07.08     -
ViRobot     2009.7.8.1824     2009.07.08     -
VirusBuster     4.6.5.0     2009.07.08     -
weitere Informationen
File size: 25088 bytes
MD5   : d1e53dc57143f2584b1dd53b036c0633
SHA1  : 53f6e0e6130cf9f0177e6d48295ae9d84fb9f8f a
SHA256: 66562aa550338571595975a81654834878c8901 26c8d513141a9903b72f9943d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50E5
timedatestamp.....: 0x41107B78 (Wed Aug 4 08:00:24 2004)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4DB8 0x4E00 6.01 510e211d12a2f009afb5f7a90cff9783
.data 0x6000 0x14C 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0xCE0 0xE00 3.76 8b4bed593db3a5e5efda36f52c878d12

( 0 imports )


( 0 exports )
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:SJDUaxgu5YEVBxkjuv7wbaLa4PU4V4RuIc6:SJHxIEVBvT2aLa4PUe40Ic6
PEiD  : -
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d1e53dc57143f2584b1dd53b036c0633
RDS   : NSRL Reference Data Set

( Microsoft )

Disc 2438.5: userinit.exeMSDN Disc 2438.7: userinit.exeMSDN Disc 2438.8: userinit.exe




OK , sorry if that is too much info. Hopefully this will help, thanks again for your support and time..


Dave

hi guys, just to give you an update.
we finally got to run her existing norton(just updated) in safe mode without it bombing out.
it says the following file is infected with

adware.webprefix-
risk type:AdWare 
risk:high, Status:untreated

in

c:\windows\system32\crtdll32.dll


registry
HKEY_USERS\S-1-5-21-3382458338-2909158342-227402622-1008\Software\Microsoft\Internet Explorer\Main->WebPrefix
HKEY_USERS\S-1-5-21-3382458338-2909158342-227402622-1008\Software\Microsoft\Internet Explorer\Main->Offline Folder
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Offline Folder
HKEY_CLASSES_ROOT\CLSID\{C42ABD0D-8CCB-4E58-8412-482EC67BB346}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C42ABD0D-8CCB-4E58-8412-482EC67BB346}
Browser-Cache
 

I guess any progress is good progress, but that is not the news I was hoping for.
Norton says he can't do anything about it. Does anyone know something that can. I have asked her to try and download Ad-aware , AVG, spyware terminator or anything that will install and try and zap it.

Does anyone know anything about this problem?


Thanks once again , and sorry for all the messages. A little silly when I am poisting more than you guys, but i just to put all the information out there

Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Start new topic here: http://www.computerhope.com/forum/index.php/board,7.0.html
Do NOT post any logs in THIS thread.

Hi !

good news. it is fixed.
In all honesty I am not quite sure what did it. After a couple of restarts and slowly being able to add more scanning software in safe mode we were able to remove damaged files. Turned out there was more spyware on which had also been missed in the original scan.

Eventually we could boot back into normal mode where we ran more scans.

We have now run
malware , ad-Aware, spyware terminator, AVM, CCLeaner and a full norton anti virus and things are apparently taken care of.

Thanks to everyone for all the help.

Thanks again

Dave and Marie

sorry about the log. and posting in the wrong section.

Being you, I'd still go to malware section.