only desktop wallpaper appears on startup

[gelo136]

i think this is a malware or virus or whatever.. this only happened twice and the first was fixed with a restore point. however, it happened again and when i tried to restore to a previous system settings, it wasnt fixed. help me! attached is a hijackthis log

[wyrmrider]

google this clsid
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Angelo\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
this is in temp but google UIUCU.EXE anyway

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
and

O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

show desk fix???  does this happen with you clean up program? Norton PC Checkup?
ShowDeskFix ?
User 'NETWORK SERVICE'  ?
Unknown
   O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

never seen those before any idea what they are?

DO not FIX anything till we get some more eyes on this

start with
rt click avast ball and update>programs
then open avast and schedule a boot time scan

then Scan with Malware Bytes Anti Malware and Malware Bytes Rogue Remover (both free)
with MBAM update and put a checkmark next to any hits and then click REMOVE SELECTED
POST THE LOG

run the Trend Micro anti rootkit scan

download SuperAnti Spyware  update Clean and Quarantine do not delete/remove
post the log but edit out cookies

BTW  HAVE YOU EVER HAD NORTON ANTI VIRUS (SYMANTIC) SUITE on this machine?

[wyrmrider]

a quick google will find crap

here is a start from one of them
"You need to remove some stuff from add/remove programs first. Look for some type of codec that may be installed or any other program that you know you did'nt install and uninstall them. An example would be View Point Media. Remove what you can now, then reboot in safemode and remove the remaining entries."

I like to run the anti spyware/malware scans first and an on line AV scan like Dr Web Cure it
also a trend micro anti rootkit scan

then go ahead and FIX those 04 entries with HJT
make sure HJT is installed to a named folder and NOT TEMP and NOT DESKTOP
scan,
take a peek and see if any of the scanners removed any of the 04 entries- if any left
put a check mark next to the bad entries

close ALL open programs and ALL browser windows including this one and FIX

(have a nice weekend)
post back

[gelo136]

Hello. I have a question, would it be okay if my system had comodo firewall and then have super antispyware? would it have any clashing or something like that?

The only norton installed (but I already removed it) is the norton pc checkup. no norton suites installed ever.

I also don't have any idea on the 4 entries you mentioned.

Will post the logs soon. Thanks!

[gelo136]

I tried to run rogueremover and there was an error:

Run-time error '372':

Failed to load control 'ProgressBar' from COMCTL32.OCX. Your version of COMCTL32.OCX may be outdated. Make sure you are using the version of the control that was provided with your application.

How do I fix this? Thank you

[Lisandro]

Hello. I have a question, would it be okay if my system had comodo firewall and then have super antispyware? would it have any clashing or something like that?

No, both software work together without conflicts.

The only norton installed (but I already removed it) is the norton pc checkup. no norton suites installed ever.

Anyway, I suggest you use Norton Removal Tool for Windows 2000/XP/Vista or Norton Removal Tool for Windows 98/Me. Boot.

The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.

[Lisandro]

I tried to run rogueremover and there was an error:

Hmmm... RogueRemover is not an updated tool anymore.
Maybe you should use MBAM instead (http://www.malwarebytes.org/mbam.php).

[gelo136]

yeah i have MBAM and will use that as well. thanks for the clarifications!

[Jtaylor83]

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Angelo\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
this is in temp but google UIUCU.EXE anyway

I googed it and it appears to be a device driver.

[gelo136]

i did the super anti spyware scan, mbam scan, rootkit scan and nothing was found. i'll attach the logs anyways. so do i do what you said regarding fixing the entries with hjt? i ran a scan again and these entries are still there.

in the super anti spyware only cookies were found

[gelo136]

i just found out i didnt have the latest mbam software. i updated it and did the scan again and 1 was found to be infected attached is the log file.

[ardvark]

I tried to run rogueremover and there was an error:

Run-time error '372':

Failed to load control 'ProgressBar' from COMCTL32.OCX. Your version of COMCTL32.OCX may be outdated. Make sure you are using the version of the control that was provided with your application.

How do I fix this? Thank you

Hi...

This site may help...

http://www.afreeocx.com/ocx/info/comctl32_ocx.html

There are also instructions on where to place the file upon download. I did check to make sure the file was malware free and it appears to be fine. Hope this helps.

Best Regards...

[gelo136]

thank you ardvark

[polonus]

Hi gelo136,

With hjt I suggest that you fix this line
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,test.bat,

then with the regular search and find function find and delete test.bat]


polonus

[gelo136]

i used dr. web cureit to scan and there were infected files found. attached is the log file. also, i was able to use the rogueremover and nothing came up. rootkit also did not have any detected items. i ran hjt again after these scans and the entries mentioned by wyrmrider is still there..

polonus:
the entry you mentioned is not in the hjt log anymore. i'll be posting that as well.

I converted the mr web logfile to .txt since it was originally .csv which opens in excel and it cannot be uploaded here fyi
thanks for everybody's help!