Start menu and Icons Gone... Different Computer

  1. 07-11-2005  #1
    suproducts
    suproducts is offline Junior Member

    Start menu and Icons Gone... Different Computer

    This is a different computer with the same problem... The start menu and icons disapear untill i start a process. Any help would be great

    Logfile of HijackThis v1.99.1
    Scan saved at 417 PM, on 11/7/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\Tom\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    O1 - Hosts: 201.1.6.3 spi2
    O1 - Hosts: 201.1.6.7 spiw2k1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe
    O4 - HKLM\..\Run: [auto__antiav__key] C:\WINDOWS\system32\antiav_exe.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe
    O4 - HKCU\..\Run: [auto__antiav__key] C:\WINDOWS\system32\antiav_exe.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bw+0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {49ABE4F8-CB76-4685-A92A-A82455091936} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

  3. 07-11-2005  #2
    DJNafey
    DJNafey is offline UK site moderator
    Perhaps the most noticeable thing is that your Logitech keyboard/mouse software has gone crazy in the registry. Might be worth un-installing it to see if that makes any difference.

    Also, I don't like the look of these:

    O4 - HKLM\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe
    O4 - HKLM\..\Run: [auto__antiav__key] C:\WINDOWS\system32\antiav_exe.exe

    Anti-antivirus?! Looks suspicious. I don't have time to look into them at the moment I'm afraid but I thought I'd just quickly point them out for you
  4. 08-11-2005  #3
    Neal
    Neal is offline Dedicated Member
    Those things DJNafey pointed out to you are definately very bad, Trojans as a matter of a fact.

    Do this now please:

    Create a new folder in your C: Drive
    Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
    It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
    This way you can undo any changes if something goes wrong

    Then:


    Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  5. 08-11-2005  #4
    suproducts
    suproducts is offline Junior Member
    I removed them manually in msconfig is that enough or do I still have to take all those other steps
  6. 08-11-2005  #5
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    If you disabled them that is not removeing them, suggest you undue that and run the Ewido scan and post the log please.
+ Reply to Thread
« help first highjack log post | please help log attached »