Desktop Icons Missing at startup

  • Thread starter Thread starter jaybe2
  • Start date Start date
J

jaybe2

Guest
This question has been posted before and I would like to know if any other
remedies have been found. At startup, all that is present on my desktop is
the background, no icons or anything. To access any window I have to do the
ctrl-alt-delete combo to get it going. I ran the hijackthis program to try to
isolate the problem. Here is the log from the scan, if anyone can help me
that would be wonderful.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:16 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet
Files\Content.IE5\WPOXDBMX\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- (no file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} -
C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201396208359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201396191875
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5651 bytes
 
Re: Desktop Icons Missing at startup

jaybe2 wrote:
> This question has been posted before and I would like to know if any other
> remedies have been found. At startup, all that is present on my desktop is
> the background, no icons or anything. To access any window I have to do the
> ctrl-alt-delete combo to get it going. I ran the hijackthis program to try to
> isolate the problem. Here is the log from the scan, if anyone can help me
> that would be wonderful.

This one is BAD:

C:\WINDOWS\svchost.exe

svchost.exe is not supposed to be there. That means it's probably a
trojan, virus, or whatever.

I am also suspicious of these:

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
 
Re: Desktop Icons Missing at startup

We do not interpret HijackThis logs in the public newsgroups, primarily for
reasons of privacy.

NB: The fact that you have no anti-virus protection does NOT bode well for
getting this machine cleaned-up!

Protect Your PC!
http://www.microsoft.com/athome/security/computer/default.mspx

Learn how to protect your PC by taking three simple steps
http://www.microsoft.com/downloads/details.aspx?familyid=3AD23728-4973-4DA5-9836-602954130D38

===============================

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an *appropriate forum*.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


jaybe2 wrote:
> This question has been posted before and I would like to know if any other
> remedies have been found. At startup, all that is present on my desktop is
> the background, no icons or anything. To access any window I have to do
> the
> ctrl-alt-delete combo to get it going. I ran the hijackthis program to try
> to isolate the problem. Here is the log from the scan, if anyone can help
> me
> that would be wonderful.
<snip>
 
Re: Desktop Icons Missing at startup

Jerry Baker wrote:
<snip>
> ...I am also suspicious of these:
>
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [MSConfig]
> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

They're all fine.

> O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]
> "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]
> "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

ditto; cf. http://www.castlecops.com/s15110-dwtrig20_exe.html

> O4 - Global Startup: Digital Line Detect.lnk = ?

Nothing to worry about.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
 
Re: Desktop Icons Missing at startup

"Jerry Baker" <jerry@nodomain.invalid> wrote in message
news:%23svO7QSYIHA.4684@TK2MSFTNGP06.phx.gbl...
> jaybe2 wrote:
>> This question has been posted before and I would like to know if any
>> other remedies have been found. At startup, all that is present on my
>> desktop is the background, no icons or anything. To access any window I
>> have to do the ctrl-alt-delete combo to get it going. I ran the
>> hijackthis program to try to isolate the problem. Here is the log from
>> the scan, if anyone can help me that would be wonderful.
>
> This one is BAD:
>
> C:\WINDOWS\svchost.exe
>
> svchost.exe is not supposed to be there. That means it's probably a
> trojan, virus, or whatever.


Nonsense.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email
 
Re: Desktop Icons Missing at startup

From: "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>


>>
>> This one is BAD:
>>
>> C:\WINDOWS\svchost.exe
>>
>> svchost.exe is not supposed to be there. That means it's probably a
>> trojan, virus, or whatever.
|
| Nonsense.
|

Actually,. if SVCHOST.EXE is running from; %windir% and NOT; %windir%\system32 then the
likelyhood that this is malware is EXTREMELY high.

Many examples here...
http://search.mcafee.com/search?cli..._site.AllTopics&as_dt=i&as_sitesearch=&as_lq=

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Re: Desktop Icons Missing at startup

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23XuABZfYIHA.1188@TK2MSFTNGP04.phx.gbl...
> From: "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>
>
>>> This one is BAD:
>>>
>>> C:\WINDOWS\svchost.exe
>>>
>>> svchost.exe is not supposed to be there. That means it's probably a
>>> trojan, virus, or whatever.
> |
> | Nonsense.
> |
>
> Actually,. if SVCHOST.EXE is running from; %windir% and NOT;
> %windir%\system32 then the
> likelyhood that this is malware is EXTREMELY high.


I didn't even see that. Sorry.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email
 
Re: Desktop Icons Missing at startup

From: "Frank Saunders MS-MVP IE,OE/WM" <franksaunders@mvps.org>


>> Actually,. if SVCHOST.EXE is running from; %windir% and NOT;
>> %windir%\system32 then the
>> likelyhood that this is malware is EXTREMELY high.
|
| I didn't even see that. Sorry.
|

No sweat Frank. It makes for good reading for all thread readers.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 

Similar threads

J
Windows 10 Any idea how to solve this issue AppHangB1?
Replies
0
Views
128
Johnny Poh
J
R
Developer command prompt : "Script "vsdevcmd\ext\Invalid" could not be found"
Replies
0
Views
708
realldesperate
R
J
Windows 10 Locating and Deleting Reparse Points (Mounted Volume)
Replies
0
Views
121
JonYKS
J
R
Script 'vsdevcmd\ext\Invalid'; could not be found while trying to compile Cython module
Replies
0
Views
341
realldesperate
R
D
Windows 10 The program explorer.exe version 10.0.15063.332 stopped interacting with Windows and was closed.
Replies
0
Views
133
doclucas
D
Back
Top