Start Menu / Icons disappearing , windows clo

having the SAME problem, pls help. thx


hello... i'm new to these forums so please forgive my geneal ignorance about some issues...

ok, i'm getting married in 3 days and all my info in on THIS computer but THIS computer is also having a slightly, kinda big problem.

The desktop, and icons, and start menu all disappear when i boot up. When i boot my comp it boots to the desktop then as the start up programs start to load the screen goes 'blank' meaning no icons, no start menu, just wallpaper... then the icons flash on the screen for about 5 sec.... the go blank to wallpaper. After about 2 or 3 sessions of this the comp 'loads' to just the wallpaper and nada.

I can use ctril-alt-delete to access the task manager, where i can acces the 'run' new tasks to execute a variety of apps/services including iexplore.exe.

In fact I am trying this email on the very 'broken' machine. This comp uses a linksys wireless pci card for internet connectivty and it's working. but i still have NO start menu, no icons, and when i execute explorer.exe from the 'run' option in the task manager the computer continuely 'refreshes' the desktop but never loads the start menu or icons.

so far i havie tried using the selective start up... disableing all the start process (process system, process win, and load startup items), i've tried system restore, i've tried safe start.. and nothing helps.

I can access all my drives, including external usb free agent drive, as i mentioned earlier I can access the internet, and can even launch apps like Word, and Hijack this. Which leads to my next question. Is this a virus? I have posted my hijack this log in this email... please review and assist if possible. I really need to accessm my comp for the next 3 days then it can crap out after the honeymoon.

this just isn't my week... first aloah airline goes outta business (which was the airline taking me and my fiancee to hawaii) now this.


Thanks again forum.... your help is really appericated.

Logfile of HijackThis v1.99.1
Scan saved at 3:39:16 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Lewis\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

OOoolalaaaa!!! :)
i noticed the same problem few days ago..

Thank you very much kioskea and all the users..

Yeah im having the same problem but i went to my add/remove programs and removed internet explorer 7 because didn't need it and it popped up with a message saying if u delete this then you will delete the following programs well because im a dummy i ignored it. and i used Ctrl+Alt+Delete and did the New Program and stuff. But when i started my computer it said Explorer exe. could not run and with a send error report to microsoft thing but now my computer goes to a Unmountable Boot Volume Blue screen i cant do anything about it ?? please hlp me and i dont really understand computer stuff so if u can put it in easy words. this is not my computer its my brother s byt the way

i am having the same exact problem if anyone can help and give us the steps to fix this problem, i'm sure we will all appreciate it. Thanks a lot!

I have a problem that all tool bars, favorites, address bar, back forward too on my Internet Explorer desapeared and i dont know how to turn them back.

Edin

I'm having the same exact problem. I ran CCleaner and did everything I could last night, and I could suddenly access everything on my computer...but when I logged in today it was back to square one. I tried CCleaner again...to no avail. I would just reboot windows and start fresh but my window's xp disc was thrown away by my parents by accident, so for now I can't do anything until I either go out and buy XP again or find my serial code and use a friend's disc...or use the unbuntu CD that I have lying around, which is definatly a last resort.

Please help someone! This is probably the most annoying problem I have had on my computer...and I have had many problems in the past.

Thanks,
Ryan

I'm having this same problem. I'm currently trying to run spyware & anti-virus programs but it's not working out. I think it was something I downloaded yesterday... After I tried running the setup; my desktop went blank with only the wallpaper and afterwards; the setup was gone and new icons were appeared which I deleted thinking they were viruses and trojeans. Today my desktop keeps going blank everything 5 seconds. The start menu and icons disappeared and all that's left is the wallpaper. Please help me! Thanks in advance.

I, too, have the same problem and it's driving me crazy! I haven't installed anything, it just happened out of the blue. When I log on explorer.exe starts and then crashes and this continues every five seconds or so ad infinitum. Is it fixable? I've searched this for hours and there doesn't seem a fix. Microsoft help suggests repairing Windows, but I don't want to lose anything I have on this computer and I'm under the impression it won't fix it anyway. Any suggestions?

I think I found the fix!
http://forums.techguy.org/...

hi friends,


in my pc i instaled windowsxp service pack 2 . but i have no mother board drivers . that's way i download some intel graphics drivers and instaled them. here one problem occuring. when i put internet connection 1 hour or 2 hours working properly then desktop icons and start up menu also disappear. what is my system promble.
plz tell me

ok,
have a nice day

This is how I solved the problem on 2 computers. I did not determine for certain where the problem came from. I offer these findings in hopes that someone can fill in the blanks. As always, any action taken as a result of my notes is done so at your own risk.
First off, I have worked on Windows since MS introduced the Win 3.1 version. I supported corporations for years and now I own a business rebuilding and servicing old computers. I have never been to this site before so I apologize if I break any rules here. Mimi, you did some nice detective work. The Tech Forum staff is on the right track.
The flickering is caused by a couple DLLs accessing Winlogon, a legit program that controls logins and logouts. You need to disable then remove the DLLs; NOT Winlogon and NOT the Winlogon registry control. The tools I used were TaskManager (www.neuber.com), HiJackThis, DreamLinux live CD and Regseeker (www.systernals.com). On the first computer, I went too far and needed to reload the backup I did so I could start over.

TaskManager identifies the risk factor and ownership of whatever is running. It does not need to be installed but you must store the folder on a hard drive in order to use the all-important Undo feature. Store it where you can access the executable (taskmgr17e.exe) quickly before everything disappears. Use another computer to get all the tools you'll need or use a Linux live CD, like DreamLinux which has NTFS write access, to place them on the hard drive.
HiJackThis shows the processes that start when Windows starts and when Internet Explorer is accessed.
Regseeker is a quick registry search. Note: By default, Regseeker wants to delete what you find, so use it carefully.

Here's what I did in normal mode, timing my steps between the disappearing acts. TaskManager listed two DLLs having over 90% risk factor and unknown ownership. They were in the c:\windows\system32 folder. They were called rQRKaYQj.dll and geBrolLB.dll. Most likely, these names change all the time. The similarity is that they were created at the time the problems began. A search of the system32 folder will possibly indicate that clkcnt.txt and a few other program were also created. The clkcnt.txt was associated with earlier versions of Virtumundo. Once you know what you are looking for, use DreamLinux to rename the DLL extensions to DL~. Warning: If you simply delete the DLLs, your system may not restart. That is the mistake I made the first time around. At this time, sort the system32 folder so that you can see all the files that were created around the same time. On the second case, there were 6 or 7 other files created around the same time so I renamed them all. Restart Windows and run HiJackThis to remove anything that has (file missing) and any Winlogon that references files created at the same time as the DLLs. Restart.
By this time, you have control of your system again but you are not finished. Use Regseeker to search for the DLLs you found in TaskManager. You want to delete each of these entries except those of Winlogon, whose binary code refers to other valid programs. Before I did the first delete, I backed up (Exported) the entire registry.
Now restart the computer and if all works well, delete the renamed DLLs, delete the registry backup, turn off the System Restore and restart again. Finally, turn System Restore back on, create a restore point and get a fresh good backup of the registry. And while you are at it, check to see if your antivirus is running properly.

I am amazed that nobody wants to call this a new version of Virtumundo, particularly since it kicks Symantec and MS butt so easily. By the way, the icon and toolbar problem is not present when you use the Linux CD.

ok, just download SUPER Anti-spyware (google it) and remove vundo adware

I spent about 12 hours figuring this out. Hopefully this will take you only 2 or 3 hours. Either that or have fun re-installing! BTW - inplace upgrade or SP2 reapplication didn't work here either so don't waste your time. You need to get your hands dirty and prepare to make some notes in the process.

I'd like to give a heartfelt F*CK YOU to Symantec (SAV10), Pest Patrol, and Webroot Spy Sweeper for not keeping this, whatever it was, off my system. All my defs were up-to-date as were my XP SP2 patches. I never clicked on anything except going to a webpage and got slammed, although SAV was picking them up, something got through. What exactly do we subscribe / pay for anyway??? -- end of sermon

First off, if your desktop icons disappear, you can still run apps using TaskManager (taskmgr) and using New Task to spawn some stuff to help you out. First thing to do is to download all the SysInternals apps you can -- most important is Filemon and Process Explorer for now. Fortunately I have them in a folder that was simple enough to get to via command line as I had no desktop.

Using Process Explorer and Filemon, I was able to see what files, handles and processes were executing when I'd run explorer from the task command line. I saw Filemon output using the strangely named files such as: khfdvvUM.dll, yayvwMMj.dll, urqpgeBT.dll, etc. when I would execute Explorer....

Some you can delete as others cannot due to being used by another process -- all that happens is that explorer stays ups for a bit and then crashes again.

There's a file that's retained in C:\windows call Wininit.ini. It has a rename command in there to rename a file called urqpgeBT.dll.

If you check the regisry, there are also rougue reg entries that refer to the strange file names. The processes refer to LSASS.exe and WINLOGON.exe. Do not stop LSASS or WINLOGON as it will reboot your system and you will have to start over as the files get renamed.

First step is to see what's hosing you. So boot up windows and after things stabilize and your desktop disappears, do the CTL-ALT-Del and type taskmgr at the line to bring up task manager.

You should be able to execute iexplore (Internet Explorer) and get out to the Internet. If so, go get Filemon and Process Explorer