Member Panel

gmsdrmmrboi · 05:14 AM

Hey my friend is having a problem....his desktop wont display icons at all. Does anybody know what the problem is? HJT log attatched.

P.S. it does show desktop background. On C:\Documents and Settings\User\Desktop , it does have the icons...

joe5 · 09:09 PM

Hi Gmsdrmmrboi , you should know better then to post this in the XP section. I'll move it to the rightplace..

First have a look in add/remove programs for E2give Plug-in, and uninstall it if present.

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\iexplorer.exe
%Windir%\pi1.exe
%System%\pruttct.exe
%System%\skytown.exe
%System%\prutpct.exe
%System%\ptech.exe
%System%\prutsct.exe
%System%\ptech.exe
%System%\askearth17.exe
%UserProfile%\Desktop\filgmo.exe
%UserProfile%\Local Settings\Temp\ei.exe
C:\WINDOWS\SYSTEM32\windwl32.dll
C:\WINDOWS\SYSTEM32\inicfg32.dll

Folders to delete:
C:\Program Files\winupdates
C:\Program Files\E2G

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Then boot youre pc in safemode and fix these with hjt:
(if still present)

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [MyVBApp] C:\iexplorer.exe
O20 - AppInit_DLLs: inicfg32.dll
O20 - Winlogon Notify: windwl32 - C:\WINDOWS\SYSTEM32\windwl32.dll

And reboot to normal mode.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by Attaching it.

Computwiz

If you go to your desktop and right click in some free space and then go to Arrange Icons By. Is Show Desktop icons ticked or un-ticked??

Computwiz

Pancake

This will assist you in removing a lot of those E2G files

Please download E2TakeOut from here:
http://www.malwarebytes.org/E2TakeOut.zip

Extract the file to your Desktop
Double click E2TakeOut.exe
Click the Begin Removal button
Wait until the program is finished scanning
Once done, it will produce a popup stating that the infection has
been found and you need to reboot you computer to complete the removal
Reboot your computer
Once your computer has rebooted E2TakeOut will open and produce a
report
Please copy/paste that report into your next reply