Blank Desktop? No Icons or taskbar

Was there any particular reason that you did not run combofix?

 

Just try and run Combofix and we'll see what gives.

 

We have a good bit to get through:

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Fcopy::
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe | c:\windows\system32\winlogon.exe
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe | c:\windows\explorer.exe

File::
C:\WINDOWS\0
C:\WINDOWS\system32\0
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\238.tmp
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\239.tmp
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\23A.tmp
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\248.tmp
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\72y548.tmp
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\8my1E3.tmp

DirLook::
c:\documents and settings\Frank.FRANK-222825085\Application Data\7C1ED922CDD11E053E6FCAE53A2A6B33
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Application Data\Windows Server

Folder::
C:\Documents and Settings\Frank.FRANK-222825085\Local Settings\Temp\7zS26DA

Registry::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

IMPORTANT: Let me know how things are running now!

 

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  winlogon.exe
  explorer.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Delete this folder:

Do you have your XP Operating System CD handy?? I have a feeling we are going to need it as it's looking like winlogon.exe and explorer.exe are infected, and so are each of their only back up files in other locations.

let's do this before we move onto the next plan of action, but do answer my question about your XP disk.

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

• Copy the file path in the below Code box:
  
  Code:

  c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe

• At the upload site, click the browse button.
• Use Windows Explorer to navigate to the file(s) we need scanned and click "submit file"
• Your file will possibly be entered into a queue which normally takes less than a minute to clear.
• This will perform a scan across multiple different virus scanning engines.
• Important: Wait for all of the scanning engines to complete.
• Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Then do the same for the below files and also let me know the results:

Code:

c:\windows\system32\winlogon.exe
c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe 
c:\windows\explorer.exe

 

Complete the below in safe mode:

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Fcopy::
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe | c:\windows\system32\winlogon.exe
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe | c:\windows\explorer.exe

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now back to normal mode.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

No, not yet, not if you want to hang on a little longer, I believe we could use the recovery console and your XP CD to correct everything. Bear with me, I will reply back very soon.

 

Try doing this:

Get into your bios and change the boot up order to cd as first device, insert your OS cd and reboot. When you boot to your cd, go into the Recovery console and type this:

cd
D:
cd i386
copy userinit.exe c:\windows\system32 (Enter)
copy winlogon.exe c:\windows\system32 (Enter)
EXIT
After putting in the third and fourth command, you should receive the message 1 file copied which will indicate that the operation succeeded.
Now take out the CD and reboot your computer to normal mode.

Now re-run ComboFix and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

If you have all your data and personal files on partition D, then it may be best to format the C drive and reinstall. Once that is done, I would suggest you go through the Read and Run first instructions again to make sure nothing in the backup partition is infected.

 

You're welcome. Safe surfing.