Pop Ups Called Windows XP Restore & File Called Hido.exe Causes All Files & Folders On C: Drive To Be Hidden. Please Help !

Ok, here goes nothing i suppose.

Just come across a major problem guys.
A few hours ago i decided to install a game i got a loan of (Command & Conquer Generals & Zero Hour) & i kept getting pop ups.
The pop ups said something along the lines of: Hard Drive Failure.
I went to my computer & both drives (D: & F looked fine.
However going into my C: drive, i noticed that EVERYTHING was missing.
So i decided to try going into folder options & showing hidden files.
It worked, until i clicked ok & it just hid everything again.
I decide to reboot the pc & for some reason it wouldn't boot up...
Only way i could get it to boot up was to do the following:-

Attach another HDD which has Windows 2000 on it.
Select this drive as priority in BIOS & when asked what OS to use i selected XP Pro.
It booted up fine, but i kept getting the pop ups & my desktop had changed to just a blue screen & all my icons are missing.
If i go into C:>Documents & Settings>My User Name>Desktop, all my icons are still there.

If i go to start, then all programs, it comes up empty.
I ran Malwarebytes' Anti-Malware & it found 3 thigs.
They were called hido.exe, XbseryrwdJUlo.exe & 21552932.exe.
I was also unable to use any browser, Task Manager & also right click the desktop.

I removed everything Malwarebytes found, & deleted all trace in my registry which seemed to stop all the files from being hidden & let me use my browsers again, but im still unable to access task manager or see my icons on desktop or right click desktop.


If anyone can help, please do !!
Here is a screen grab of 1 of the pop ups.

Any help is greatly appreciated.
Thanks

 

a hijack this log would probably help at this time.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:02, on 10/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ABD3EA4-480E-4D2F-85D4-CCC4C234AD1B}: NameServer = 217.171.132.1 217.171.135.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4904 bytes



P.S i managed to fix most things.
I can now see my icons on desktop, can use task manager & right click on desktop.
Only thing that seems messed up is that i'm still unable to boot up from this drive.
Only way i can boot up is by using the drive with Windows 2000 as priority in BIOS & selecting Windows XP Pro when asked which OS to use.
This is no good as i have removed the hard drive where all my games are installed to do this.



Thanks for the help

 

The pop-up is a fake program which will eventually hijack and infest your machine, use ccleaner to go into start up programs and delete or stop offending pop-up, then run malwarebytes, you might have to do this in safe mode using admin, hope this helps as i have dealt with a few these lately under different disguises.

 

Ok i just ran Ccleaner & it said that in the following location there was a log file that was almost 4gbg !!!
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson
I also used msconfig & removed everything apart from my firewall from startup.
All that's left to do is run Malwarebytes again & see if it finds anything.

Just found this topic online & its the exact same thing that happened to me.
http://www.techspot.com/vb/topic166259.html

Thanks

 

Is the pop-up still there after you restart the machine, also stop the restore point so as to prevent it coming back later.

 

Just ran Malwarebytes & it says the system is clean.
But i still have the problem of starting up using only the C: drive.
Also if i go to start>all programs & select a program, it comes up as empty.
This happens for the majority of programs.



EDIT: When i restart the pc the pop up is gone & everything seems fine.
I can access the internet, my task manager is fine, all files/folders on C: are visible, i can right click the desktop & my icons are all there.
Only thing left is to fix it so that i can remove the drive with Windows 2000 & put back the drive with all my games & be able to boot up as normal.
Usually when i got a BSOD i could attach the Windows 2000 drive, boot up from it & it would automatically run chkdsk & repair the XP Pro drive.
I could also remove the Windows 2000 drive & attach my other drive & boot as normal.
But for some reason that's not possible now. :/

Thanks

 

Try the unhide program that is mentioned in the link you provided.


Strike last comment as i didnt notice you edited post, unsure how to help with the drive problem , but glad the pop-up and programs issue has gone, will check my notes and maybe get back to you about this or someone else on here may have a solution.
Mon the bhoys....lol