No desktop

R

remoulton

New Member
I'm working on a friend's compaq laptop running Vista Home Basic 32-bit. It is experiencing the same problems detailed in the 2007 post 'No Desktop on Vista Startup'. I have tried all the solutions suggested there to no effect. In the process, I noted some oddities in the registry...

1. HKLM/SOFTWARE/Microsoft/Windows NT/Winlogon
Under Shell, it shows C:\Windows\system32\ax2qlr3o.exe
There is another line item, Shelly, which points to explorer.exe

2. The same dual entry shows up in HKLM/SOFTWARE/Microsoft/Windows/explorer

3. HKLM/SOFTWARE/Microsoft/Windows/Current Version/explorer/BrowserHelperObjects shows several entires for which the value are not set Among these is {02478D38-C3F9-4efk-9B51-7695ECA05670} (value not set) with a subfolder titled NoExplorer. Name: Default, Type: D_Word, Value: 0c00000001 (1)
Yesterday, while trying the solutions from the previous post, I came across a similar file elsewhere, but I cannot locate it today

any ideas?
 

My Computer

System One

Just an idea. . . Have you tried re-opening Explorer.exe in the Task Manager? Go into Task Manager, and in File section, select New Task (Run). Type explorer.exe (or C:\Windows\explorer.exe) in the Run box (it may be there already).
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv5t (Gen. 1)
    CPU
    Intel(R) Core(TM)2 Duo Processor T9400 (2.53 GHz)
    Memory
    4GB DDR2 System Memory (2 Dimm)
    Graphics card(s)
    512 MB NVIDIA GeForce 9600M GT
    Monitor(s) Displays
    15.4" diagonal WSXGA+ High-Definition HP BrightView Widescreen Display
    Screen Resolution
    1680 x 1050
    Hard Drives
    320GB 5400RPM SATA Hard Drive with HP ProtectSmart Hard Drive Protection
    Mouse
    built in - Synaptics TouchPad V6.5 on PS/2 Port
    Keyboard
    built in - HP
    Internet Speed
    max
    Other Info
    ~ Intel Next-Gen Wireless-N Mini-card w/Bluetooth ~ Blu-Ray ROM DVD+/-R/RW ~ Integ. HDTV Hybrid Tuner ~ 12 Cell Battery ~ MS Office (Home Premium) 2007 ~
Yes, I have tried opening explorer from task manager, as noted in my original post. To clear up any misunderstanding, as directed by the 2007 post, I have...
-- Tried booting in safe mode
-- disabled Comodo firewall
-- Run security scans with Avira Antivir (detected and quarantined Trojan/Dldr.JavaAgent.AH.1), IOBit Spybot, Security 360 and Malewarebytes
-- Updated Windows
-- Uninstalled Cool Chaser and MakeMeBabies toolbar (probable spyware)
-- Run regedit to check the 'shell' entry in HKLM\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (I did NOT change the value to explorer.exe as there is another entry, 'Shelly' which directs to explorer)
-- Checked to see that Windows Defender is not blocking the desktop
-- Ran SFC
-- Disabled IE plug-ins
-- unable to roll back to a restore point because none had ever been created

None of this has worked. Vista boots to the login screen, but when the password is accepted, all that comes up is a blue screen (black in safe mode). No icons, no taskbar
 
Last edited:

My Computer

System One

Your last post suggests that there is still corrupt files that the Malware software missed, that you have to remove manually.
Regards,
Gil777t
 

My Computer

System One

  • Manufacturer/Model
    Hp c3307c slimline
Hi again Gil, good commenting so far.
Has the trojan just been quarantined or totally removed?
I have done some research on ned Trojan/Dldr.JavaAgent.AH.1 and found that it is in fact a worm, filling up your computer uneccasairily slowing it down and not changing system files (or at least not as it's main objective). If this has been court sooner rather than later you should be able to remove it without a problem. However as it is a worm this would no account for your system not being able to display the desktop.

Have you tried using another user account and seeing if there is any change?
Have you tried using a system restore point?

I hope this isn't too rambly and that it will be able to assist you.

Oli
 

My Computer

System One

  • Manufacturer/Model
    Apple MacBook, 5,1
    CPU
    Intel Core 2 Duo 2.4Ghz
    Memory
    4GB DDR3
    Graphics card(s)
    Nvidia 9400m
    Monitor(s) Displays
    13.3" Apple MacBook LCD Screen + 22" HannsG DVI LCD + 21.5" Samsung USB Lapfit Monitor LD220
    Screen Resolution
    1280x800 + 1920x1080 + 1920x1080
    Hard Drives
    SATA Internal 2.5" 500GB (305GB HFS+, 195GB NTFS) External USB 3.5" 1TB (HFS+)
    Case
    Aluminium Unibody
    Mouse
    Apple Magic Mouse
    Keyboard
    Apple Late 2009 Wireless Keyboard (US)
    Internet Speed
    6.33Mb/s up. 0.36Mb/s down.
    Other Info
    Harman Kardon Soundsticks II Speakers
osholt --
Have tried with both available accounts. As noted in the edit of my previous post, there was no restore point to which to roll back
Rescanned with antivirus to make sure trojan was deleted and not just quarantined.

Another anomaly: in control panel, every icon I've tried works EXCEPT Taskbar and Start menu. As gil says, there is probably malware that must be deleted manually but i cannot seem to locate it.

Also, when performing Windows Update, the update console says the update installation has failed. But when I shut down, i receive the standard message that updates are completing installation.
 

My Computer

System One

Hi remoulton,
Here is a link where you can go and get help with removing it manually..Here. Follow all of the instructions and be patient. they will help remove all existing corrupt files.
Regards,
Gil777t
 

My Computer

System One

  • Manufacturer/Model
    Hp c3307c slimline
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:28 PM, on 3/25/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=C:\Windows\system32\ax2qlcr3o.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: STK02N 2.0 PNP Monitor.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9267 bytes
 

My Computer

System One

You must log in or register to reply here.
Back
Top