Hey, guys. My computer started to go screwy late last night, presumably from another of those delightful spyware programs. After a few heartbreaking dead ends, I realized that I couldn't even reboot in normal mode. Fortunately, I was able to get into safe mode. I ran ewido, spybot & ad-aware several times this morning, used cleanup and hijackthis to do what I could. At the beginning, CTRL+Alt+DEL brought up a message about the task manager being stopped by the administrator (odd, as I'm on a personal computer). I was able to get the reg file to fix that. The upshot is, I think I've got myself pretty close. When I boot up in normal mode, the background is there and the Task Manager is accessible, but I can't actually do anything with it. Trying to change a priority setting brings up a dialog box reading, "Unable to change priority" in the top bar and "The operation could not be completed. Access is denied." in the box.

The following processes are running in normal mode:
-csrss.exe (system)
-IEXPLORE.exe (system)
-lsass.exe (system)
-services.exe (system)
-smss.exe (system)
-4 svchost.exe files (2 as system, local service & network service)
-System (system)
-System Idle Process (system)
-taskmgr.exe (owner)

All are list "System" as User Name, but two of the four svchost.exe files and taskmgr.exe.

All CPUs are 00 but System Idle Process is 99.

I feel like the random IEXPLORE.exe is the last problem, but where would I yank it out of the startup? I pulled three files listed on bleepingcomputer as malware from the startup processes.

Basically, there's everything that I know. Hopefully it's clear enough. What should I do to get access to normal mode back? Thanks, guys!

Hi edisonmstie if it is IEXPLORE.EXE, although i doubt it is, usually if you can only boot in safe mode its an IRQ error or recently installed driver conflict but if it isnt first place to look is
START/ALL PROGRAMES/STARTUP
failing that look at the start up procceses

START/RUN then type "msconfig" without quotations and look at the start up tab
!!!!!WARNING!!!!!!
be carefull google each entry to see what it is only deselect one at at time then reboot, some things in there shouldn't be turned off!! then use Mozilla firefox as there are less hacks writtern for that internet browser :)

mmnnn

In Task Manager try to start the process-
explorer.exe
See what happens.

How
to Perform a Clean Boot in Windows XP
To help troubleshoot error messages or other
issues when you cannot determine the cause of
the issue, disable common startup programs,
settings, and drivers to eliminate possible
software conflicts when you start Microsoft
Windows XP. This procedure is known as
"clean booting."
-------------
(Can be done by way of Windows Safe-Mode,
if normal Windows does not work)
A Description of the Safe Mode Boot Options in Windows XP
logon as Administrator,
but where it says RESTART, restart into normal
Windows.)
-------------
How to perform advanced clean-boot troubleshooting in Windows XP

Print the articles for reference.
----------------
To find out what each Startup(or Process) item
does or means, and any recommendation as to if you should close the process:
Task List Programs

The ones that throw me are three startup items in my C: drive: keyboard2.exe, mousepad2.exe and newname2.exe.

Should those be there?

Also questionable: hphmon05.exe and taskdir.exe (both in my System 32 folder & not listed on bleepingcomputer).

There are also two files with no listed name in the startup processes which are located in: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Any of these look like my culprit?

You have it all running fine as it is. You just need to start Explorer. Not IExplorer!

IExplorer = Internet Explorer
Explorer = Desktop and all the icons you have come to love and depend on.

If you can get the Task Manager up, then type Explorer in the New Task slot.

Tomorrow the Stars!

Hmm...I can get to the Task Manager, but I still can't change priority settings. I tried adding explorer and nothing happened. I then tried adding Firefox.exe and it went into the list for a second, then disappeared.

I have a bunch of files created early this morning, all within about a 2 minute span. I think that they're part of the problem, but they're in my c: drive and I hate messing around in there. Thoughts?

Dunk the unit in a tub full of water.

Tomorrow the Stars!

Looks like the problem is a startup program called IEXPLORE.exe. I've been doing some looking into different things and the capitalized version is, apparently, a part of the RBOT-EZ worm. It's supposed to be somewhere in my System32 folder but must be hiding under a different name.

I'm a little closer, but still stumped...

IEXPLORE.exe

Look for this in the regsitry and delete refernces to it.

Once you are up an running in the normal mode, you can repair the rest of things from there.

Larry

Today seems like a good day to chew through the restraints.