Windows XP Pro SP1a - Can log in, but no desktop icons or task bar appear.

Cleaned with CounterSpy and removed 600+ items. Reboot and issue persists. Load ewido security suite 3.0 and reboot. Desktop appears! Update Ewido and remove more detected spyware.

it was funny to see CounterSpy say system is clean of spyware and still see garbage using HiJack This.

ok, now there are three suspicious entries in HJT:

C:\Windows\System32\gomf32.dll
C:\Windows\System32\rpunlm.exe
nicp.exe

the only one that i can find is rpunlm but it won't let me delete it. time to try recovery console !

Man that recovery console is aggrivating. It seems my ATTRIB command is disabled. The gomf32.dll file is marked --r-s--- I used Winternals ERD commander and removed the rpunlm.exe file, but it didn't display the gomf32.dll file at all.

ok, we're getting there. Couldn't locate attrib.exe on the hard drive and several folders gave me access denied. Boot to safe mode and check permissions. Verify attrib.exe is in the Windows\System32 folder. Copy it to the root of the drive for safe keeping. Boot to recovery console and use one parameter at a time:

cd System32
attrib -r gomf32.dll
attrib -s gomf32.dll
del gomf32.dll

Boot and discover a second entry for WinLogon Notify: Reinstall with the file name C:\Windows\System32\mqcms.dll Boot to recovery console and perform the same delete steps as above. I even tried placing a fake file in place of this garbage DLL, but it was smart enough to detect the fake and establish a new file with another random name.

Locate and delete several entries in registry .. more on this later

discover oujsel.dll - the big boss himself !

reboot and the nancy thing returns ! Discover rpunlm.exe has reappeared and set to run next boot. Remove file and startup entry. Refresh list and notice nicp.exe is now set to start up. Remove startup entry, buf fail to locate file for removel. Create dummy files for both and reboot. Startup list looks good for now.

Installed Panda Antivirus trial and clean system very well. Reboot and clean more. System is in great shape. Possibly going to recommend Panda antivirus in the future.

( )

i've found some really good info. it's nice to have some time to dig a little deeper and have some fun researching a problem. unfortunately, my time has run out. problem remains unsolved for now. below are mostly just random notes, but could be handy:

system started out with simple adware infestation. spybot cleaned nearly all, but a few random renaming and reappearing files were left (they are listed further below). i believe all the filth is now gone, but the boot process is taking 20 to 30 minutes to complete. the system seems fine until about 5 to 10 seconds after the desktop shows. at this point, the taskbar freezes. it appears the service database is locked. some programs work fine, but service related or both explorer and iexplore are unavailable. after the strange timeout, everything seems fine.

Windows XP services in detail with recommendations

• BootVis.exe
• clean prefetch folder - empty
• tweapxp (tweakxp)
• StartEd (Win98 tool)
• Boot defrag - or- Perfect Disk
• Blaster virus
• Start Up Mechanic - free - great
• Start-up Cop
• Code Stuff Starter

Stop: 0x8E
Symevent.sys
XoftSpy

ivhykbxx.exe
gterzp.exe
awuhnrx.exe
zgsyrw.exe
xggafdl.exe
zywskb.exe
vmghojk.exe
njmavh
ewphfxb.exe
zaouwm

notes: 1 - 2 - clean - more -

supposed fix - some really good info - manual removal instructions

( )

Solution: Delete Temporary Internet Files.

Symptom: Immediate disconnect when attempting to connect to published application on Citrix server.

notes:
- Question: Client Reset without explanation
- XP Pro client PCs disconnect problems with CSG

 

 

( )

Accent Communications USB V.92 External Modem 56K Analog Connection

Model#: UB1-1001-3101
Part#: OD-EMU-100
HW:A1

Accent.DLink.Com

tech support # 877-453-5465

Windows XP Pro
Windows XP Home
Windows 2000
Windows ME
Windows 98 SE

Office Depot Customer Care Agent 1 800 463 3768 completely useless. The first one provided only the local store's phone number. The local store only said they do not sell the driver CD separate from the modem and that's all they could do (which confused me because they did absolutely nothing). The second time I called the 800 number, the guy actually seemed like he was looking up the product, but ended up recommending I purchase a new modem ('cause they're so cheap these days). Luckily, I happened to notice the phone number on the bottom of the box (duh! should've see that first!) and DLink support was actually very helpful and friendly. Of course all they had to do was point me to the website (accent.dlink.com) and I was set.

 

 

( download )

Some fun Windows Updates came creeping down Thursday evening and kicked off in the wee-hours Friday morning. Norton Internet Security had to throw it's two cents in and voila! CA400 broke and the customer can't log on the the AS/400. No more auto-updates on this puppy. You've been warned!

 

 

( WinXP Windows XP Professional AS/400 AS400 )

These products cause a quite itchy rash on the feet and scalp. For feet, the rash appears as small, clear blisters either on or just below the skin's surface. The blisters generally are found grouped in small patches, but can also be one single blister. The scalp rash resembles a mosquito bite.

 

 

( Public Service Announcement )

Install the software that comes with the drive. Reboot and plug in the USB cable, but the driver doesn't seem to be loaded. Locate a directory on the CD with something that looks to be a driver installation package. Run the program and reboot, but the drive doesn't show up correctly.

If the drive is connected when the system boots, the drive letter shows up, but is inaccessible. If the drive is connected after the system is up, the drive letter doesn't show up at all. Either way, Device Manager shows Iomega USB HDD 2.0 under Other Devices when connected.

Engage in online chat with Iomega support. Technicians seem knowlegeable, but I am in a hurry and just want the fix. After rebooting and trying a few things, the third tech recommended this driver package. It is much smaller than the first download file, but still failed to do the job.

Finally, I got on with the first tech who walked me through adding the driver manually. Unfortunately, the instructions were wrong and didn't work. Fortunately for me, I now had enough information.

Open Device Manager and select the USB device listed under Other Devices. Update the driver by manually specifying it is a Universal Serial Bus Controller. Use the driver for Iomega USB Mass Storage Driver. This driver is not on my test '98 box so I'm assuming some of the installs from Iomega's website actually added the information to the system even though it was unable to figure out the config on it's own.

 

 

( Windows 98 Win98SE )

Open Outlook Express. Select Tools then Options. Click the Send tab and then the HTML button.

Make sure Send pictures with messages is checked. Click OK twice to return.

 

 

( )

I have run across three different systems failing to update AVG today!

WinME, Win2K, and Win98se

 

 

( )

Nice info from a co-worker:

Anytime you receive strange symptoms with TCP/IP including no browsing or pinging, misc errors, no browsing but able to ping, etc.... you can run WINSOCKFIX.EXE to correct this. This has happened to me several times after removing spyware from pc's.

http://support.microsoft.com/?kbid=811259&SD=tech

I thought this may be helpful. Here is a brief overview of what this article contains:

SYMPTOMS
When you try to release and renew the IP address using the Ipconfig program, you may receive the following error message:
An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.

When you start Internet Explorer, you may receive the following error message:
The page cannot be displayed

When you use your computer, you may receive the following error message:

Initialization function INITHELPERDLL in IPMONTR.DLL failed to start with error code 10107

Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.

Check your mail rules. Somehow this rule magically appeared on a system over the weekend:

 

 

( email )

I don't know why I have so much trouble with these silly things.

Under the session configuration, click the Setup button and check Transfor print data to ASCII on iSeries and pick the printer model. I used *IBM2381 for a Lexmark 2381-100 forms printer.

 

 

( Client Access AS/400 AS400 )

If you think this is funny, you should see it on a t-shirt or mug :)

Installed a brand new Tripp Lite UPS model INTERNET350SER and noticed it came with a serial cable, but no CD. After quickly reviewing the 5 or 6 installation steps on the quick reference card, I attempted to download the UPS monitoring software from Tripp Lite's Website. Of course I picked the latest version available for download. After installing, the software didn't seem to do anything right so I called tech support. They directed me to download the 11.x version and select any model ending in DB9 since the unit has a serial interface.

The software seemed to suggest the UPS was satisfactory, but I had to confirm since it had taken so long to install. Right after pulling the power to the UPS, I was satisfied to see a little battery appear in the system tray. Poor little battery only had a little slice of red so I quickly plugged the UPS back in the wall and said thanks! to the support tech.

Overall the installation was not that difficult. Tripp Lite should provide better instructions for installing their software, but most people don't even know these things communicate with the PC. (Heck most are doing good to plug their PC into the battery protected side of the unit!) I'm glad the prices have finally dropped to where everyone can afford one.

 

 

( Windows XP Professional AGBC350LP2LF WinXP Pro )

Customer complained her Dymo label printer software wouldn't scroll properly with the scroll wheel on her mouse. It would continue past the selection for a while after the wheel stopped being moved. After dialing in remotely and looking over settings, I had a hunch Internet Explorer's smooth scrolling feature could be the trouble. Don't bother to look under display settings for this one. It is in Internet Options on the Advanced tab under Browsing.

Funny how a silly setting in Internet Explorer has anything to do with a scroll mouse controlling label printing software. .. but it does!

 

 

( WinXP )

Freshly loaded Win98 system mysteriously stopped booting after Epson printer failed to install. Discover InitComplete=CONFIGMG as last line of Bootlog.txt file. Research briefly and discover these documents:

Err Msg: While Initializing Device CONFIGMG: Windows... Article ID : 187612

WINDOWS SHUTDOWN & RESTART CENTER WINDOWS 98 SECOND EDITION

I ended up pulling the modem and the silly thing works just fine. (There was a faint click sound happening right before the system seemed to lock up)

 

 

( )

your hosts file looks like this..

127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
127.0.0.1 microsoft.com
127.0.0.1 www.virustotal.com
127.0.0.1 virustotal.com
127.0.0.1 www.oxyd.fr
127.0.0.1 oxyd.fr
127.0.0.1 www.t35.com
127.0.0.1 t35.com
127.0.0.1 www.t35.net
127.0.0.1 t35.net

Symantec Corporate hadn't been able to update for about two weeks. The following alert displayed after deleting the fradulent hosts file and running LiveUpdate:

Event:  Virus Found!
Virus name: W32.Mytob.DG@mm
File:  C:\WINNT\system32\We Love Lien Van de Kelder.exe

 

 

( )

Windows Terminal Server 2003 intermittent hesitation with new Dell PC running XP Pro SP2 with Dell wireless b/g USB adapter. After much investigation, discover other wireless devices are using 802.11b while this one appears to be the only one running 802.11g to communicate with LinkSys router supporting both protocols. Manually set NIC to b and performance is much better. Further test by running a standard Cat5 patch cable and discover that not only has the trouble been eliminated, but everything is really-really fast!

Moral to the story: wireless networking still hasn't earned the right to be called a solid bussiness network solution

while researching the slow response issue, these documents brought enlightment:
When you use the Terminal Server client in Windows XP, screen updates may be delayed?

Microsoft Terminal Services Questions

When you run Microsoft Excel 97, 2000, or Microsoft Internet Explorer 4.0 on a Terminal Server client, you may experience very slow response when you scroll.

Can Logon access to a Terminal server be recorded in the event log or a log file easily?

The simple answer is to turn off all the fluff on your remote connections. Disable hardware acceleration, sounds, animation and smooth scrolling. In your RDP client, disable all the options under experience tab as well as the sound. I also removed all client mappings for printers and stuff just to be safe. Good luck!