Win XP home pc in bad shape..How to fix? 500 points awarded..

My home pc (windows xp professional) is in bad shape. Some malware or trojan has gotten into it. Can experts give me direction as to how to fix this?

We ran Hijackthis and removed all the unwanted entries from registry. Ran Adaware (free version) and removed the critical objects. Ran spybot and removed the critical ones.

But now when we retstart in normal mode, desktop screen comes up and later, blue screen with message "Problem has been detected and windows has been shutdown to prevent damage".

We are still able to start the pc in safe mode with networking. Login as admininstrator, then we can run hijackthis etc..

My question is how can we restore the pc? Do I have to reinstall XP? Can we reinstall XP without losing any of the local datafiles? Or is everything already in pc wiped out? Do I have to reformat the harddrive?

Thanks, really need some direction here..
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Below is the Full Monte on XP Repair.
A lot of reading, but worth it.

Before trying another repair, download and ru SuperAntispyware in Safe Mode:

Download and install Superantispyware
Load Superantispyware and click the "check for updates" button.
Re-boot into "Safe Mode" (tap the F8 key during boot cycle and select 'Safe Mode'

* Start Superantispyware.
Click the "scan your computer" button.
Check "Perform Complete Scan" and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click "Preferences" and then click the "statistics/logs" tab. Click the dated log and press view log and a text file will appear.


Insert the Windows XP CD in your drive. Reboot the computer and press "del" (or F2 or F10, or whatever key combo gets you in) to enter the BIOS setup. Look for the boot order of your drives (usually under Advanced Settings). Change the order so that the CD drive is the first boot device. Save and exit.

As the machine reboots this time it will find a bootable CD and prompt you to press any key to boot from the CD. Press a key. XP setup will now start to load - takes a little time before it requires input from you.

Once setup is ready it will prompt you to press 'R' to enter the recovery console or 'Enter' to continue installing Windows. We don't want the Repair Console here so just press Enter. Setup will then prompt you to accept the EULA by pressing F8. Press F8.

The next screen will show you the partition[s]] available and will inform you that Windows is installed (usually on the C: drive). At this screen you will have an option to press 'R' to repair the current installation. Press 'R' and setup will then take over and do the necessary work.
After you perform an in-place upgrade or repair installation, you must reinstall all updates to Windows.
Here are a couple of Microsoft Knowledge Base articles you should read which concern possible data loss when you reinstall/repair XP:;EN-US;312369
You May Lose Data or Program Settings After Reinstalling, Repairing, or Upgrading Windows XP;EN-US;312368
Data Loss May Occur After Reinstalling, Repairing, or Upgrading Windows XP

Note that, from the above articles, the problem of data loss if your Windows XP was installed by the OEM (Original Equipment Manufacturer) has been corrected if your Windows XP has Service Pack 1 installed.

This is another excellent article on how to perform an XP repair:


And check out the following articles.

Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option
InformationWeek, June 19, 2006
Fred Langa shows you how to completely rebuild, repair, or refresh an existing XP installation without losing data, and without having to reinstall user software, reformat, or otherwise destructively alter the setup.

Langa Letter: The OS Inside The OS
InformationWeek, April 30, 2006
Fred Langa shows how a simple tweak turns XP's low-level Recovery Console into a complete, standalone mini-operating system--in effect, an XP DOS!

Langa Letter: XP's Little-Known 'Rebuild' Command
InformationWeek, April 17, 2006
There's an easy fix for "Missing HAL.DLL," "Invalid Boot.Ini," and several other fatal startup errors, Fred Langa says.

How to Repair Windows XP

A system repair is not the same as getting into the Recovery Console.  To perform an XP repair: 

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

I must say. Very thorough. Just thought I'd commend you on your response. Keep up the good work!
Have you tried running a system restore?
Try doing that and restoring back a few weeks or even months and then run spybot and then highjackthis again (in safe mode).
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

LubomirMasarAuthor Commented:
Youngh, thanks so much for the thorough reply..
Before seeing the answer here from youngh, I had already run an XP reinstall. Chose the R option for recovery..went ahead and re-installed..
After this, I am fortunately in  slightly better shape! I am able to succdesfully restart the PC and Windows came back.
Ran adaware, which still found some critical objects again..So I am not clean yet..
ran Hijack this too..Please see below for the hijackthis log. Does anything in it look suspicious? Should I get rid of anything?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:47:05 PM, on 4/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\\agent\mcdetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Anu\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {c04fad3c-6e9b-4c41-a370-2128298b18af} - C:\WINDOWS\system32\kbd(3).dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O10 - Unknown file in Winsock LSP: abcdefgh.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\\Agent\mcupdmgr.exe
O23 - Service: VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\\vso\mcvsrte.exe
O23 - Service: Macromedia Updater (mmupdate) - Unknown owner - C:\WINDOWS\TEMP\27.tmp (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

End of file - 5365 bytes
Paste the log file into and look through the results.
The O10 - Unknown file in Winsock LSP: abcdefgh.dll are definetly a problem and the log analyser tells you what to do (done just try and fix it)
Most of the top Experts around here have switched to SuperAntiSpyware.
It is fairly new on the market, but has outperformed all of the others over the past few months.

Please follow the guidelines in my earlier post and run it in Safe Mode.

I wouldn't recommend using the BETA version of Hijackthis because it has many bugs,(and the log can be confusing)

Your log is showing a variant of SDBot:

Please download LSPfix from here:
Unzip it to the desktop and run it.  Check "I know what I'm doing",
and then select each instance of "abcdefgh.dll" in the left-hand panel and click ">>" to move it to the right-hand panel.  
Then click Finish to allow LSPfix to rebuild the LSP chain

Afterwards only you can delete this dll most probably located in the system32 folder -->abcdefgh.dll

You have a variant of SDBot showing in your logfile:
Download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back
LubomirMasarAuthor Commented:
A big thanks to all of you..I read all your suggestions and now it seems I am much better off.

I did not run a full xp reinstall. I ran only the repair (R) mode. I am too sensitive about the risk of losing data. More than the dat, I did not want to lose the installed applications..

But after xp repair, I followed the recommedations of rpggamergirl. Ran both LSPfix and SDFix.
Like younghv suggested, I did SuperAntiSpyware too.

These two things seems to have fixed my problem. I am very pleased to have discovered SuperAntiSpyware as it seems to be the best of the lot now.

So I am sharing my full points with younghv and rpggamergirl.

Is it a good idea for me to install IE 7? Will my PC be compatible with it?
What is the best free firewall software that I could setup for future protection?

LubomirMasarAuthor Commented:
well, really rpggamergirl solution sshould be the accepted solution, and younghv solution should be the assisted solution. They both should have 250 points and both are very very good answers and should go into knowledgebase..
Hi LubomirMasar,
Thank you for the points split - R'girl and I have shared on many occasions, but I am not sure why one answer gets 'Accepted' and one is 'Assisted'.

Maybe I'll post a 500 point question about that - LOL.

Thanks again.

~rpg - see you around the zones.

Hi LubomirMasar,
Doesn't matter to me if mine is only an assist, glad to know your problem is resolved, :)

I think it must be a bug, I've read somewhere, someone posted that he wasn't given the choice of which one to have the accepted answer. And when he clicked "submit" somehow it auto-pick accepted answer.

Thanks for the points!

See you around, Vic, :)

okay.....NOT a bug apparently,
the first comment selected is automatically picked as the "accepted answer"
and for that feature to change we have to complain to them, and if they receive many complaints about it, then they might change it someday, :)

Please click on the "Feedback" button on the top right of this page and let them know, :)

I knew you would find the answer - I will mention that also.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.