Computer Security & Viruses/Disappearing Desktop Icons

Advertisement

Expert: - 1/4/2009


Question
Hi Brian,
I allowed my son access to my laptop, after he shut it down when I restarted it my desktop icons + taskbar disappeared then reappeared, then went on for several minutes then they completely disappeared. I noticed a new desktop icon "etoro.exe" so I ran task manager and did my best to uninstall it but though it seemed to uninstall i'm not too sure it did. I have tried numerous "fixes" from the net but so far nothing has worked. I have my laptop 2yrs now and I have no idea where my windows xp or recovery discs are. I can get on the net via task manager and can also open documents etc using this method but it's so frustrating, can you please help me?
Thank You
Alan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:26, on 04/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWS snpstd2.exe
C:Program FilesCOMODOFirewallcfp.exe
C:Program FilesIObitAdvanced SystemCare 3AWC.exe
C:Program FilesKontikiKHost.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesCOMODOFirewallcmdagent.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32o2flash.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesBT Home HubWireless ConfigurationWirelessDaemon.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32imapi.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs...
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.sear...
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs...
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.sear...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SNPSTD2] C:WINDOWS snpstd2.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [COMODO Internet Security] "C:Program FilesCOMODOFirewallcfp.exe" -h
O4 - HKCU..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h
O4 - HKCU..Run: [Advanced SystemCare 3] "C:Program FilesIObitAdvanced SystemCare 3AWC.exe" /startup
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:PROGRA~1Yahoo!Commonyiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32
wprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs:  C:WINDOWSsystem32guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriverE0Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: KService - Kontiki Inc. - C:Program FilesKontikiKService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:WINDOWSsystem32o2flash.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:Program FilesBT Home HubWireless ConfigurationWirelessDaemon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:WINDOWSsystem32YPCSER~1.EXE

--
End of file - 6957 bytes


Answer
Hi Alan

I'd be happy to help.  First thing I need you to do is flush out your System Restore Points by turning by Restore off.  After the cleanup is complete and all is good you may turn it back on again.  If you are unsure how to do this, look here:
http://support.microsoft.com/kb/310405
Next, I need you to clean up temporary files.  Click Start->Run->type cleanmgr and then hit Enter.  
When cleanup is done, please follow the steps below:

Download Malwarebytes' Anti-Malware to your desktop from here:

http://www.besttechie.net/tools/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
o Update Malwarebytes' Anti-Malware
* then click Finish.
* If an update is found, it will download and install the latest version.  Do not run a scan yet.

Restart the computer in Safe Mode by continuously tapping the F8 key on boot until a black screen with a menu appears.  Choose to Start Windows in Safe Mode.  Log on as usual.  Open Malwarebytes and run a Full Scan.

* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.  Save that log and reboot normally.
* After rebooting, copy and paste to me the Malwarebytes scan and a new HJT scan log.

Brian  

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.