Hi there.

Once again pc problems have appeared, although on my girlfriends machine this time. The desktop is now blank and no amount of rebooting and adaware scanning will correct it. Anyone have any ideas? I'll post a hjt log below in case that shows up any problems. Thanks in advance for any help.

LPS

Logfile of HijackThis v1.97.7
Scan saved at 11:55:14, on 27/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\Dit.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\VideoCall\VideoCall.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Programme\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [saap] c:\programme\kiwi alpha\partner\saap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [VideoCall] "C:\Programme\Logitech\VideoCall\VideoCall.exe" -minimized
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Programme\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07da2559ce9cb54e7005/netzip/RdxIE601_de.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Sounds like the joke I play on my customer from time to time :E

Right-click somewhere on the desktop (not over an icon) and somewhere in that drop-down list there should be a "show desktop" option (it might in sub-menu - haven't got a copy of XP in front of me, could be something like arrange icons or similar).

It could also be a problem with the registry but it's worth checking the above first.

In WinXP, right click on desktop.

Select 'Arrange Icons By'

Tick 'Show Desktop Icons'

After a few seconds you should hopefully get them back.

(PS, If it works, tell your girlfriend that it took you hours to sort out and you'd like some extra special thanks...... ;) )

Well unfortunately your advice didn't work. The full story is that for a while the icons are there, but neither they, nor the start bar work, and then after a while the icons all disappear. The only way to achieve anything with the pc is to ctrl-alt-del and run things from there. Once the icons disappear right clicking doesn't work. Any ideas?

Out of interest, when you press the Windows key on your keyboard (bottom left usually, next to the L Alt), does the start menu appear?

At work I had a similar problem with NT4.

It was when Explorer crashes. If you go to Start/Run and type Explorer does everything come back ok?

this advice could be absolute rubbish but I'm interested so I though I'd throw in my 2p.

DeepC

Do you know how much RAM the laptop has?

Your hijack log looks ok to me (except that it's unusual to have a proxy host set to localhost for a laptop - not sure what that means/implies, but if it's sometimes networked then that would be ok).

Can you try starting the PC in safe mode and see if the icons appear then (F8 just before the Windows splash screen, then choose first option). That would useful to know since safe mode excludes loading of drivers and would therefore make more memory available to the display of icons) - this would be a useful exercise to diagnose the problem.

Secondly, I guess that your anti-virus is up-to-date and is scanning clear of any viruses. As a precaution I'd download stinger (http://vil.nai.com/vil/stinger/) from mcAfee to check for the worse viruses that are around these days, or if you got ADSL run an online check such as Trend Micro (http://housecall.trendmicro.com/housecall/start_corp.asp)

Finally I'd suggest a re-install of Windows - as it is possible something's got corrupted along the line and is causing a memory leak somewhere along the line thus depriving the graphic display driver from operating correctly.


Cheers
Charles

LPS500,

It looks like you were hit by 180solutions (http://www.mediapost.com/dtls_dsp_news.cfm?newsID=259401)

You will want to have HJT! Fix:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [saap] c:\programme\kiwi alpha\partner\saap.exe

O4 - Global Startup: hp officejet 4100 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

Since you have SP2 installed, I would uninstall Google Toolbar.

Take Care,

Richard

Thanks for the suggestions. For info the pc is a desktop, P4 3.0 ghz with 512 meg of ram.

We've deleted as you suggested Richard, and are now running the trend micro and stinger scan as amanoffewwords suggested. After your suugestion Richard the pc sped up quite a bit. After a safe boot the icons appeared, and after a lot of deleting, and a reboot, the pc let on 'registry data not found'. From here we will load windows again, but the machine seems to be running ok after the creation of a new profile.

I'll keep you informed.

Thanks so much for the help!

LPS

I forgot the new profile trick - noted for future use, thanks, Charles

LPS500,

Glad to hear things are running better. :ok:

Take Care,

Richard

All fixed now thanks guys. The problem turned out to be with the keyboard driver?!?! 'Apparently' the number pad on the keyboard had stopped working as well, but she failed to mention that one:rolleyes:

Once again thanks for the help.

LPS

LPS500,

That is great news! Glad to hear you are all set. :ok:

Take Care,

Richard

Richard - fantastic personal title mate, nice pic too :)

mazzy1026,

Thank you. I just thought I would have a little fun with it. ;)

Richard