no desktop

[[digitt]]

i hav windows xp sp2..
whenever i start my computer i reach till the welcome screen....
then it shows the wallpaper and not the desktop ....
i can open task manager ..see all the processes there..
when i start the explorer.exe process manully i get the desktop on my screen..
One more thing i have ..i also hav WIN98 whenevr i boot 98 i hav started gettin explorer.exe has performed illegal operation or systray.exe has performed illegal operation
and same wid loadqm....get a diff process every time i boot up

[it_waaznt_me]

Please post your HijackThis Logfile for better assesment of your problem.

[[digitt]]

Logfile of HijackThis v1.98.2
Scan saved at 11:01:07 AM, on 12/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\mysql\bin\mysqld-nt.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Virtual CD v4\System\vcdsecs.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\essspk.exe
D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\mayank\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [WSAConfiguration] svchostt.exe
O4 - Global Startup: 24Online Client.lnk = D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Microsoft WFC Forms Designer - file://E:\VISUAL~4\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VISUAL~4\VJ98\vstudio6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098018509743
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99BD0830-2D6F-4CDE-9333-79C997F6667E}: NameServer = 172.16.0.1

[techno_funky]

hey well iam no pro at this but this is what i got let batty reply though he is a pro in hijack this

Quote:

O4 - HKLM\..\RunServices: [WSAConfiguration] svchostt.exe

WORM_AGOBOT.ZT
Virus Type: Worm
Destructive: Yes

Quote:

This worm propagates through network shares, and drops a copy of itself as SVCHOSTT.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.

It acts as a server program controlled by an Internet Relay Chat (IRC) bot, thus capable of certain backdoor activities.

It is also capable of stealing the CD keys of popular Windows-based applications and terminating certain programs.

This worm is also capable of modifying the HOSTS file, which prevents the user from accessing certain antivirus and security Web sites.

It runs on Windows NT, 2000 and XP.

for more info

Quote:

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [WSAConfiguration] svchostt.exe

delete the ones in color red
but before you do delete them and before batty says
put the hijack.exe in a dedicated folder
like D:\program files\hijackthis\hijack.exe
because then if anything goes wrong which i hope wont
hijack this can backup and restore it back

[[digitt]]

i was infected by this virus a year ago ..i removed it then ...think its only the registry entry that is left
mybar has been thr for quite some time now, guess adaware took care of that, but som files r still there, will surely delte thm.......

[it_waaznt_me]

Remove these entries ...
Atul had done already a good job .... I got my successor ...

Quote:

Originally Posted by [digitt

]
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\RunServices: [WSAConfiguration] svchostt.exe
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab

[[digitt]]

did wat u said but its still the same..
i hav to start explorer.exe manually everytime to reach desktop......
and when i shut it down the end program window for explorer.exe comes up...

[klinux]

- are u able to get the desktop when u use safe mode for both 98 / xp ?
- check event viewer in xp to see if u get any errors

[it_waaznt_me]

Hmmm.. Try extracting Explorer.exe from your Windows cd ..

Start > Run > MsConfig <Press Enter>

On the General tab, Click on Expand File
Pop in your Win XP cd ..
In the File to Restore, Put Explorer.exe .. and in th Restore from, select your CD drive ..

Maybe that will fix it ...

[[digitt]]

i m able to get to the desktop in safe mode.....
i don hav the xp cd i hav the set up....
tried to expand file chose explorer.exe in the file to restore...
in restore to chose desktop...
in restore fromtried all the cab files but didnt get any file....
i hav also tried system restore didnt work out

[klinux]

since ur able to the desktop , might be a prob with some device / driver or startup prog . so try eliminating them one by one

ok try these

- check device manager for any device which has yellow or red marking . if u have installed any new h/w , try 2 uninstall from add/rem prog or simply remove from device manager and reboot .
- run the system on bare minimum
remove all devices/cards : modems , ethernet , cdrom , floppy etc only , hdd attached

for 98
- if u have 98 cd , remove all options from win98 add/rem setup . remove communications dial up and stuff . remove everything except essentials from msconfig startup and reboot
- uninstall virtual cd
- in win98 , go to boot menu by holding the ctrl key during boot and choose logged boot . once ur at the desktop and still have the error pres Ctrl+Alt+Del and choose restart . in win98 safe mode open the file in root partition called bootlog.txt , and see if any file has failed

for xp
- try booting into xp also with min h/w and see if ur able to enter the desktop

- if u r able to get into the desktop . use system restore to make a restore point and run scanregw in 98 .
- add each device one at a time and reboot each time
- run a thorough updated virus scan in both 98 and xp

[beyondthegracefgod]

Try disabling all ur start up files in msconfig

[[digitt]]

i wil surely perform ur steps ..i m able 2 get to the desktop in 98...
in xp i can see the wallpaper but only tht nothin else....
do u still think it has somthin to do wid hardware