Desktop icons, task bar totally gone---HJT etc. logs included

[Ruu]

Hey all,

The story is that I was 1) downloading something with my virus protection turned off and 2) trying to get rid of Google Toolbar in Firefox by playing in the registry. Probably both were very very bad ideas, and now I'm paying for it, because the desktop is totally blank---no icons, just the wallpaper, and the taskbar is missing, too.

Running Last Known Good Config doesn't solve the problem, and Safe Mode displays the task bar for about two seconds before it disappears again. No icons either way. I haven't tried System Restore, and I'm not entirely sure it's a virus, but it certainly doesn't hurt to be careful.

Am currently accessing all programs and internet through the Task Manager. It's a terrible pain. Everything seems to work, though. Running explorer.exe doesn't even make the task bar flash up---explorer.exe shows up on the processes list for a split second and then disappears.

Followed all the instructions on Howard's sticky and have included logs for HJT, Combofix, and AVG Anti-spyware (can't seem to figure out how to make HJT a .txt instead of a .log, but it seems to open the same way [sorry if this is a noobish thing to comment on or to do]). AVG rootkit scan said that there were no hidden files.

If it's not a virus, could someone talk me through how to fix things anyway?

A thousand thank-yous in advance. You guys are incredibly generous to contribute your time and effort this way!

 

[momok]

Hi Ruu and welcome to techspot. =)

No worries about the .log extension, it is still acceptable. Good job on the logs.

I'm surprised, but your logs apear to be clean. However, your AVG logfile shows "Timer deletion failed, Value: 000003E5"

I'd like a fresh AVG antispyware logfile please.

With regards to your missing taskbar, does it appear when u press the little windows key on your keyboard?

Right click in desktop and go to properties > Desktop tab. Click on customize desktop. Does everything display correctly there?

You mentioned that you were deleting registry keys. Did you save your registry settings before you started deleting stuff? If you did, please try reloading the previous settings and let me know the results.


Regards,
Your friendly momok =)

This thread is for the use of Ruu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Ruu]

Oops, I think I may have posted the wrong AVG Anti-spyware log previously. So here is a proper one (I suspect the last one I posted is some sort of half-finished log that the program generated when I was scanning the first time and then canceled before it got done scanning).

Neither the taskbar nor the icons show up when I press the windows button. Right-clicking has absolutely no effect; neither does normal clicking. In fact, keyboard and/or mouse mashing while the blank desktop is up has no effect on anything, it seems.

I'm not sure how to navigate to desktop properties using just the task manager. :/

I've restored everything in the registry back to the way it was before I started poking around in it, and it doesn't seem to have helped anything. Granted, I may have not done the registry backup correctly, but then again, I didn't do anything extremely radical while poking around, either. I realize that it takes very little to unbalance a machine when the registry is concerned, but it is my very unprofessional and apparently useless opinion that maybe the problem is something not-related to registry issues? Ha ha....

Thanks again for your help, everyone!

 

[momok]

Hi,

Please download and run CCleaner via step 9 of the instructions HERE.

I noticed that your AVG log displays 'No Action Taken' for all the files detected.

I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

With regards to the cause of your problems, I must admit that I'm not fully sure myself the reason. However just to check if it is not some process which is causing this, please try the following. If all else fails, I would conclude that somehow your system files are damaged.

Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Download AVG Antirootkit from the link in my signature and run it. Perform a deep scan. Let me know if anything is detected.

Attach the fresh AVG Antispyware and autoruns log in your next reply. Thanks.


Regards,
Your friendly momok =)

This thread is for the use of Ruu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Ruu]

I ran CCleaner a couple of times, ran AVG again, ran Autoruns, and ran the AVG Antirootkit scan. Phew!

The last log I posted of the AVG anti-spyware was definitely on quarantine, but then again, maybe I was being absent minded and didn't set it correctly? This most recent scan I'm sure was set to quarantine; hopefully the log shows it, too!

The Autoruns log is posted, too. The antirootkit came up clean on a full/deep scan.

Any ideas on how to repair damaged system files if indeed I've damaged them? It can't be irreparably bad, can it? Everything still works, more or less, just in a severely hobbled form. Of course, given the choice between keeping things this way and a reformat, I think I'd have to choose reformat. But only as an absolute last option....

Maybe I should try a repair using the XP disc? :/

Anyway. Looking forward to hearing back from you guys. Thanks especially to Momok; you've been super helpful!

 

[momok]

Hi,

Your logfiles are clean. The AVG log shows no action taken still, I think you need to click save log after performing the actions. I'll go with the fact that you've quarantined but forgot to save the log after that.

Please see HERE on how to repair windows.

After you are done with that, let me know the results.


Regards,
Your friendly momok =)

This thread is for the use of Ruu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Ruu]

Hm, different issues now---the problem laptop in question is a Toshiba, and I guess they don't provide XP reinstallation/recovery/repair discs? Am I going to have to make my own? Is there any way I could just "borrow" a random XP disc for the repair, or is this illegal? (It seems that this would be legal enough, since technically I own the rights to the OS I've got, and using another's disc to fix mine doesn't seem like stealing or anything... but then again, EULAs give me headaches. )

Very glad to hear that the machine is clean, though. Out of curiosity, what're you guys looking for when you go through HJT and ComboFix etc logs? Is there a specific database of malware that you're checking for? Or is everything that isn't a process of a healthy system deemed suspect? I'm just wondering how one gains proficiency in dealing with these logs---and if I could ever learn to troubleshoot my system on my own.

Thanks again, Momok. You've been very diligent and patient, and I really appreciate it!

 

[momok]

Hi,

Since you do not have the discs, I would recommend that you contact your distributor/retailer/whoever sold you the system for a copy of the disc. Alternatively you could request that they do the system repair for you, although I do not know if that would cost money.

With regards to HijackThis logs, you can find some very basic information from the program author's site HERE.
To fix entries generally requires some experience, as with all logs. A good place to check whether an entry is valid/nasty is to visit google and search. Online databases like processlibrary, liutilities, bleepingcomputers will usually have information on files.

If you'd like to learn more, I would recommend you start reading the HijackThis tutorial HERE. It is comprehensive and certainly useful to further your understanding of the entries.

For ComboFix, the explanation is a little lengthy. I do have a link, but it requires membership with the Malware Removal University Forum where I learnt quite alot from reading. In summary, the program provides a list of recently created files and folders where processes are executed from, as well as a list from the last 3 months, with an inbuilt rootkit detection program.

Becoming proficient at these logs require some time as experience really helps alot. Generally I do not recommend fixing entries without supervision, other than perhaps O9 and O16 which are really add-ons for your browser and largely upto user preference (do note that some entries are also nasty and you'll need a reference source for fixes).

Hope the information helps.


Regards,
Your friendly momok =)

This thread is for the use of Ruu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.