I just want to let you know that I did search and tried everything I could. But now I need professional assistance and reviewing my available logs.
Edit: Did I post this in the wrong section? Sorry for any inconvenience this may have caused. I was going to repost, but I can't find the delete button on this forum.
This computer is Windows XP Home ver 2002 with Windows SP3
One day, all of a sudden the screen went black, everything became hidden.
I booted to save mode with networking. IE is the only icon visible on the desktop.
I could not open application, so I pressed cntrl+alt+del to get to Task Manager. I noticed an iexplore.exe running under the processes tab. I closed this process, and I could now run applications.
I ran rkill and malwarebytes then restarted to normal and everything was still black and hidden.
I then went to control panel through start button to unhide the files manually.
When I clicked on the CP icon a box appeared "hkey_local_machine software bvrp software inc. modem on hold" in the title, and in the field it said "Key is missing!!!" But after I closed the box, it took me to the CP and I manually unhide the files.
However, that did not work for the desktop, but I would see the files shaded in My Documents.
I booted back to safe mode with networking.
I closed iexplore.exe
I re-ran rkill and malwarebytes.
I then ran UnHide.
Note: I had to run Unhide twice, as it got messed up the first time when the allegedly fake iexplore.exe reopened.
When the iexplore.exe opens, there is a quick application pop-up box that says Windows Installer as the title and in the body says, "Preparing to install...". It only lasts for a 1/4 second or less.
The iexplore.exe then appears under the processes tab. The Mem Usage starts at 22,000K then rises to 226,000K and 00 CPU usage.
Unhide then finished and I rebooted to normal.
Desktop was still black.
I booted back to safe mode with networking.
I ran cmd and checked the directory for hidden virus. Don't see anything running. I've done this with and without the iexplore.exe process running
I then ran SUPER antispyware. I cleaned out a bunch more stuff.
I then ran SpyBot S&D which found some instamedia toolbar malware which was starting to pop up in processes for milliseconds at a time every few minutes.
It said it deleted it.
I finished this phase off by running CCleaner 2-3 times since each scan would find more stuff.
I booted back to normal and the desktop was still black. But things were worse this time. Now the start menu and taskbar does not function and has a hourglass when I hover over it.
I was angry at myself for making it worse.
Out of desperation I used Windows Task manager to find and run rkill in normal mode, and POOF, my desktop was BACK! amazing.
However the startmenu and taskbar still did not function.
I then ran malwarebytes from normal and it found nothing.
I also noticed the instamedia toolbar process was appear for a millisecond again every minute or so. I thought SbyBot S&D destroyed this. I was able to find the location of the process.
It was located in my program files in it's own folder of the same name. It was downloaded on 10/15/2011 somehow.
I deleted it manually.
I then went back to my desktop and notices an application in the middle of my now accessible desktop.
It was called System recovery and uses a default windows app icon.
I went to properties of this app. The real name of the app is:
A google search said this was bad. I deleted manually.
I restarted the comp to normal and my desktop is still there, but the startmenu and taskbar is still not functioning. Also the iexplore.exe is still automatically appearing. Also all my webbrowsers have disappeared. IE, Firefox, and Chrome icons at not on desktop.
I booted back to safe mode with networking, where my start menu works fine.
I cannot run TDSSkiller. I did the renaming tricks to the .zip but the app wont open even after I disable iexplore.exe. No TDSSkiller process pops up at this time.
I then used hippo install checker. I updated IE, Firefrox, I also downloaded a Java update, however I am not allowed to run the Java update. It says I do not have permission, yet I am on the administrator.
I then re-ran SUPER Antispyware and CCleaner and the SUPER scan found a few more files to delete.
I booted to normal and the startmenu and taskbar still does not function and the webbrowser icons are still disappeared from desktop. iexplore.exe still executes.
So I booted back to safemode with networking and decided to give combofix a try. why not...it's worked for me before.
Also ran combofix by dropping a .txt file on the icon with the contents ClearJavaCache::
Combofix ran fine.
I then uninstalled Combofix.
I ran TFCleaner and CCleaner to clean up any mess.
After this, the iexplore.exe still executes.
I booted to normal and the startmenu and taskbar is not functioning and the iexplore.exe still processes.
I am now back in safemode with networking.
I have a HiJackThis log ready to post. However the combofix logs are nowhere to be found, along with any other logs created.
Only the HiJackThis logs and my CCleaner backup files are successfully saving to the safemode desktop.
I have not created an OTM log unless you want me too.
I can run combofix again and screenshot the logs with my cellphone if needed.
sorry for the long post
Edited by Budapest, 26 October 2011 - 07:23 PM.
Moved from XP ~Budapest