Desktop reverted back to factory default + some icons missing after boot up

When I booted up my computer this morning the desktop wallpaper had reverted back to factory default, plus all the settings. Some of the icons on the desktop were missing as well. When I opened IE8 all its settings were back to default like it had only just been installed. And I could not connect to the internet. I also could not find my documents, so decided to turn on 'Show Hidden Files and Folders'. Thankfully the folder showed up in documents and settings. I did a system restore from the 6th July and this seemed to fix the problem with my desktop back to normal. Could this be hardware related?

I was afraid of going through the clean up process as I have to disable the CD emulation drivers using DeFogger, as you then need to re-boot your PC. Should I back up all my files, then do the malware removal process and report back? Thanks in advance.

XP (SP3) 32-bit

 

Hello Billy32

Yes please do

 

Okay, after I've backed up my files I'll follow the malware removal process and report back with logs tomorrow. Should I post the logs in this thread or start a new one?

I haven't turned off or re-booted my computer since I did the system restore, as I was worried that it might happen again, and if it does, should I do a system restore again? I would assume that I need to re-boot the computer after running Defogger.

Sorry for all the questions, just want to make sure I do this right.

Thanks thisisu.

 

This thread.

Couple of things to point out here.
1) You do not have to run DeFogger if you do not have any disk emulation software. e.g. Daemon Tools, Alcohol 120%.
2) I'm not sure what exactly you've done with the computer. Malware would NOT put the system into factory defaults. However, malware has been known to hide your desktop icons, documents, favorites, etc.
I will know what type of infection you have once I review some logs.
In fact, you may just want to start out by running MGtools as this does not require a reboot and will give me a lot of information right away. Read: Using MGtools
You can skip the other steps for now until further notice.

 

Hi thisisu

I managed to re-boot wih no problems and ran all of the malware removal tools with the logs in the attachment. I'm not sure if RogueKiller ran correctly because Comodo reported a virus and asked me to run a scan with Geekbuddy (?). So I waited for the window to close then disabled Comodo Firewall.

I also ran a SUPERAntiSpyware scan last night and it picked up a Trojan.Agent/Gen-RoboNanny virus. This is an application program called VirtosStereoprocessor11 which is a VST plugin I use in Magix Audio Cleaning Lab. I've had this on my computer for a couple of years with no problems so decided to ignore it. I also ran a Malwarebytes Anti-Malware scan and it came up clean.

 

Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

__

The rest of your logs are clean. What problems are you experiencing?

 

Thanks thisisu. I've done what you suggested.

That's strange the tools didn't pick up anything. I also forgot to mention there was a power outage the day before the problem. Maybe that caused the issue of the PC not booting up correctly. My computer is almost 10 years old :-o, so maybe the problem was hardware related. Time to invest in a new PC.

Apart from the intial problem, everything else seems to be running smoothly, touch wood. How do I get rid of all the malware tools on the desktop and in C drive? And should I toggle system restore and re-boot? I'm a little reluctant to do so, because if the desktop problem happens again, I won't be able to restore my computer to an earlier time.

Thanks again for the help thisisu.

 

You're welcome and yes probably time for a new PC

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe