Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Desktop Icons and Start Menu Taskbar


  • Please log in to reply
1 reply to this topic

#1 TitliestMan

TitliestMan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 January 2009 - 05:27 PM

I have tried to run the Kelly Tweaks on the desktop icons and start menu. I can restart the machine (IBM R51 laptop), but it always goes to a complete blank desktop other than the backgroudn. Using Ctrl-Alt-Del I can get the explorer to open, but it closes within a minute. I am able to execute programs and run IE as such I am using this machine now to generat this topic. I am at a loss. I though hijack had an auto-clean mode, but I can't remember how to do this. I hope this is enough. Below is the DDS report and I have attached the report as well. Thanks for your help.


DDS (Ver_09-01-18.01) - NTFSx86
Run by jhorne at 17:14:09.71 on Mon 01/19/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.580 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aptify 4.0\Services\Object Repository\AptifyObjectRepositoryService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jhorne.HORNEJ-CONF-000\Local Settings\Temporary Internet Files\Content.IE5\4P8NQ3WP\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {58f666ed-641b-48f0-89e9-e8602f389dbf} - c:\windows\system32\urqOEuSk.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJBULfg.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [S3TRAY2] S3Tray2.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Logitech Utility] LOGI_MWX.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: vlsp.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: mlJBULfg - mlJBULfg.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJBULfg.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqOEuSk
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jhorne~1.hor\applic~1\mozilla\firefox\profiles\6lkyiw26.default\
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-6-9 59520]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-6-9 4608]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-6-9 16384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090119.004\naveng.sys [2009-1-19 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090119.004\navex15.sys [2009-1-19 876112]
R3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2008-9-8 55344]
R3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2008-9-8 9200]
R3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2008-9-8 89936]
R3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2008-9-8 9472]
R3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2008-9-8 69632]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2005-11-21 28160]
R4 AptifyObjectRepositoryService;Aptify Object Repository Service;c:\program files\aptify 4.0\services\object repository\AptifyObjectRepositoryService.exe [2007-1-25 36864]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-5-26 1799408]
R4 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2008-10-31 325480]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2006-7-10 10368]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2006-11-29 10256]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [2000-10-19 411244]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-5-26 115952]
S3 TEST;TEST;c:\program files\putty\putty.exe [2006-3-14 421888]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-12-22 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-12-22 44928]

=============== Created Last 30 ================

2009-01-19 15:51 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 14:29 91,365 a--sh--- c:\windows\system32\kSuEOqru.ini2
2009-01-19 14:29 91,543 a--sh--- c:\windows\system32\kSuEOqru.ini
2009-01-19 14:29 302,592 a------- c:\windows\system32\urqOEuSk.dll
2009-01-19 14:24 47,104 a------- c:\windows\system32\qoMcbawt.dll
2009-01-19 14:23 36,352 a------- c:\windows\system32\mlJBULfg.dll

==================== Find3M ====================

2008-12-14 08:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-17 09:32 1,901 a------- c:\windows\panose.bin
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-08-27 13:00 60,744 a------- c:\documents and settings\jhorne.hornej-conf-000\g2mdlhlpx.exe
2008-05-01 11:06 38,984 a------- c:\docume~1\jhorne~1.hor\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:15:59.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:19 PM

Posted 30 January 2009 - 08:27 AM

Hello TitliestMan

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users