desktop has no icons or start menu

I have run several scans and found several trojan virus and javabyteverify and html. mhredirr.a virus which cannot be cleaned up. I have Windows XP and have not had desktop icons or start menu for over a week! HELP!

 

Have you done the following per the sticky threads at the top of the forum?

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above if you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

I have followed all steps. (Hard labor).
Unable to run Norton's Security Check, called sister, she was unable to open it, too. (She told me about you guys About Buster had message Runtime Error '53" File not found. Also removed 8 items.
Got to the Hijack This and downloaded it. Closed all windows and browser, tried to pull it up and Windows can not find this file. I saved under Crogram Files. Then I saved under C:. Windows still can not find the file. I still have no desktop icons or start menu. Now what????

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

OK, here is a Hijack This Log. I hope I did it right. It took me forever! I reallly need to learn some more about computers. I saved HJT to Program Files, but when I ran it, it said it was in a temporary folder. Then I saved it to C:. again it said it was a temporary folder. (The only way I was able to open it was by opening up Winzip first..
I hope I did this right.

 

Newbie here. I'll leave the detailed analysis of your log file to the big boys, but I noticed you are running both Norton and AVG anti-virus programs. Although this is probably not the source of your absent icons and start menu, they may conflict with each other....right, guys?

 

You are correct. Running two anti-virus programs is a big no no and will usually result in conflicts, computer crashes/lockups, etc.

 

mquinlan,

Before we procede you need to do two minor things for me.

First, go into Add/Remove programs and uninstall one of your antivirus programs as mentioned previously they will cause conflicts with one another.

After you uninstall one of the AV's programs, procede with the below.


Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

First, I removed Nortons. Then restarted my computer. Next I followed the directions for moving the file Hijack This. Unfortunately, I don't have a start menu.... and when I go into program files, "extract all" is not an option when I right click the zip file. The options are "extract to", "open with", "extract to folder C:/hijackthis" and email to. So, again, I'm stuck. Please help.... Thanks so much for all your help already!

 

Extract to C:\hijackthis and run it from there.

 

Whew! Thanks for being patient! I think I finally got hijackthis saved to the right place. I hope I saved the log the right way!

 

Im not trying to be picky but this log appears to be from Safe Mode. If so please attach a fresh HJT log from normal mode.

The reason all of this needs to be done this way is due to backups and in safe mode not all of the processes are running. With all of them running I can get an idea of what all baddies you have and can tell you to remove.

 

You can be picky. I checked my computer (F8) and it is set for normal operation. I went ahead and ran another hijack this log. I saved it as a hijackthislog2. Thank you so much for all of your help! There's no way I could have figured all of this out myself. And I have learned so much! So, here's the new log!

 

Are you familiar with TrueAssistant?


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
(Keep this if you need it)

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {42A72D7B-97C0-DF8C-21C4-4B2E4F6B1A0A} - C:\WINDOWS\system32\msor32.dll

O4 - HKLM\..\Run: [iptx.exe] C:\WINDOWS\iptx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Microsoft Windows.hta
O4 - Global Startup: Microsoft Windows.RB0

O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ41\Cache\SelectedContextSearch.htm

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1437/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\msor32.dll

C:\WINDOWS\iptx.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

I am not familiar with True Assistant. Should I go ahead with your directions?

 

OK. I did all that you asked except I could not open in safe mode with "viewing of hidden files and folders". I opened in safe mode with networking. Then R3, 04 and 08 were not options for me to check. I continued with the process and ran Spybot, which found nothing. YAY! However, the next step was to go to the START menu and choose "run" and tye in cleanmgr. I don't have a START menu. Still. sigh....
Should I go ahead with another hijack this log?

 

Look in Add/Remove Programs and uninstall the following:

True Assistant

After you uninstall the above program reboot and post a fresh HJT log.

 

I removed the program True Assistant and here is the new log. True Assistant was a program from SBC Yahoo DSL to forward email from my old account. Should I remove Microsoft AntiSpyware?

 

I previously asked you if you knew what the program was and you said you didnt, thats why I requested it be uninstalled.

MSAS is fine to keep, your HJT log is clean!

Are you having any further problems?

 

I still have no start menu or desktop icons.

 

Download the file below to a folder where you can locate it. And then extract the fixdesktop.reg file from the ZIP file. Double click on the fixdesktop.reg file and when prompted to add the changes into registry say yes.

http://forums.majorgeeks.com/attachment.php?attachmentid=17610

After you comlpete this above, reboot and tell me if problem remains.

 

Yes, the same problem. No taskbar, no START, no icons.....just a picture of the beach. I'm about ready to scream. On the upside, my computer runs so much faster since I've done all that you told me to do. Thanks!

 

Your Welcome!

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file desktopfix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the desktopfix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

There should on be the (default) string here. If anything else remains, right click and delete it.

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Only Should have "NoDriveTypeAutoRun". If anything else remains, right click and delete it.

Let me know the results from the above, be sure you reboot after you do the above.

 

Still learning.... How do I navigate to the key you listed HKEY_CURRENT_USER\Software\Microsoft\Windows...

I have access to files and programs through my task manager. I

 

Click Start > Run > Type in regedit

Now navigate to each key as previously requested. If you have any further questions just let me know.

 

I don't have START. I only know how to access task manager and then I have access to programs and files. I have looked in task manager under all users and owner and when I select start under those options, it lists the programs and files only. Help!

 

Oops! I found that key, and went into HKEY_CURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and deleted that "NoDriveTypeAutoRun". There was no string for ActiveDesktop.
I'm dangerous!
Did I screw it up bad?

 

I did not say delete the NoDriveTypeAutoRun key, this is legit and should stay!

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file back.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the back.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

Just a few simple things, go into Control Panel, select Display, click the Desktop Tab, click Customize Desktop, click the Web Tab. Now, uncheck everything in this tab.

 

How do I get to Control Panel without a START?

 

Press the "WINDOWS KEY" and the "R" key at the same time. When the RUN box comes up type in the following command:

control desk.cpl

The Windows Key!
http://its.uwrf.edu/support/apps/internet/eudora/images/windowskey.gif

 

Have you recently installed any windows updates?
a few people have this problem after updating windows or installing another program.
see if you can create another user on the machine, log in using that name and see if you have icons and a start menu.

 

OK. I looked into the desktop settings, nothing was checked. (Thank you for your reply.) Then I created a new account and looked, no icons, no taskbar. I did recently save some Windows Updates (prior to the problem) and I have no clue what an Explorer Shell is or how to have one. I would need lots of help in that area!
Thanks so much for your patience and assistance!

 

Is there anything else I can do?

 

there are two options
one do a repair install of XP or use the recovery console to fix XP.
if you decide to repair install insert your XP CD, boot from CD and one of your options should be repair this windows installation or somthing along those lines. this is what you want. it'll basically copy over all the essential files while saving settings and such.

or the recovery console directions are here

good luck either way

 

Sorry, had to take a vacation from this mess. I looked in the regedit and the data is explorer.exe
Any other suggestions?
I tried to use the Windows XP CD that I received with my computer, but it wouldn't let me boot it, because it says a newer version is on my computer.
Is it time for me to hire someone?

 

You would have to boot off the CD. The BIOS would have to be changed for this to work. I would hang in there and be patient, you may only need a fix to the registry. These guys are great and they will fix you up. Know that doing a repair install you will have to apply all patches and sp

 

I looked and I do have a C:i386. Also found explorer.exe and here is the info I gathered...
company: Microsoft Corporation
file version: 6.00.2900.2180(xpsp_sp2_rtm.040803-2158)
internal name: explorer
language: English
original file name EXPLORER.EXE
Product Name: Microsoft Windows Operating System
Product Version: 6.00.2900.2180

 

I was not aware that you wanted info on C:i386.
I clicked properties and here is the info I got
I386
type: file folder
location: C:\
size: 930 MB
size on disk: 948 MB
contains: 9,104 files, 4 folders
Created: August 27, 2002
read only (is checked)

 

Message 41 referred to the properties of EXPLORER.EXE
When I selected properties of C:i386, there was no information about product version. The different tabs, I belive, were networking and sharing and the information I gave you in the last message.
Now what?

 

I'd be interested in seeing what happens when you try to run explorer.exe as well.

 

Welll...the shell key is correct. So...I suspect a virus in here. I wonder what the event logs show? Let me sift back through this thread, I skimmed the first time.

 

Has the original poster checked in Safe Mode to see if he has a desktop?