Windows 7 icons and programs missing

The customer has a Win7 Pro system.  He called in saying that his icons and programs were gone, and he was getting a bunch of crazy errors on the screen and a scan running that looked like one of those bogus scana programs that often infect systems.

I am on-site now, and the only icon I see is recycle bin, and if I go to Start> All Programs, there is nothing on the list.  Also, there is no icon for 'Computer', but if I type 'Computer' in the search box, it shows me the drives, but no files or folders are visible.  Note that if I go to the search box and type in a few letters of the content of some of his Word docs, for example, and click on it, it comes up just fine in Word.  It's as if everything is there, but I can't see it.  Same with his emails that I can search on in the search box.

I booted up in safe mode with networking and installed/updated spybot and malwarebytes, and while they found about a dozen trojans and other bad stuff, cleaning those did not solve my problem.  I have tried to restore multiple restore points, but each time it comes back and says it cannot do it becuase the restore point is damaged or missing.  I have run spinrite, but it found no physical problems on the drive.

I am thinking about removing his drive and connecting it to a different computer, to see if I can save his files, and then reformat his computer and reload Win7, etc.  But I obviously don't want to do all that to him if there is an easier fix.

Has anyone seen this problem in the past and has an easy fix?  TIA
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AdrienneSperberTech Support CoordinatorCommented:
This virus has taken me hours to get rid of, I think reloading windows is a faster solution.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
This is a bad virus, i found most documents are hidden. i have seen issue return even after removal. i agree reloading is most likely faster. at very least show hidden files and you should be able to recover data.
you can try Malwarebytes, smitfraudfix, and ccleaner. may help remove, but again issue may return.
Try utilizing the Unhide utilitly.  It was written by a Microsoft MVP, and it will reset the "hidden" attribute that the malware may have changed, while leaving it in place for the appropriate system files:

Unhide.exe - Download

Unhide.exe - Tutorial
Sean ScissorsProgram Analyst IICommented:
Try utilizing the Unhide utilitly.  It was written by a Microsoft MVP, and it will reset the "hidden" attribute that the malware may have changed, while leaving it in place for the appropriate system files:

Unhide.exe - Download

Unhide.exe - Tutorial


After running that most everything should be back. I have dealt with this issue myself plenty of times and never had to reformat. After running the unhide don't restart. Run a program like Malware Bytes or Hitman Pro, or if you really want to you can run Combofix for something like this. Then after the av software runs then you restart and it should be normal. Only way it will come back is if you left a piece missing that duplicates it or if it's a root kit in which you should run something like TDSS Killer to check for that.

MalwareBytes -
Hitman Pro - 32-bit -
Hitman Pro - 64-bit -
Combofix -
TDSSkiller -

P.S. No files were ever deleted(not in my cases at least), simply hidden from the user. All files should be recoverable.

This Article by EE Expert 'rpggamergirl' might have information you need:

Many current variants of malware require some kind of rogue process stopper before the scanning tools can be effective.

Please read these EE Articles about that process:

Regarding your "Safe Mode" scan, there are a number of reasons why that is often no longer effective. Details here:
Malware Fighting – Best Practices
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.