Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Vista Recovery Tool + missing desktop icons, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby twirlystache » October 14th, 2011, 5:08 pm

Hi,

A program called Windows Vista Recovery Tool appeared on the computer and started wreaking havoc. I used MalwareBytes to do a cleaning and the main program doesn't come up anymore, however, my desktop icons are still missing and many programs from the start menu are still gone. This problem has affected both user accounts on my computer. First we were able to just log in to the other account on the computer, and the Vista Recovery Tool seemed to be inactive. Eventually, it started affecting both user accounts. I think I've cleared out some of the problems, but I'd like to be sure this is completely gone. Your help would be greatly appreciated.

Here are the DDS Logs:

DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_23
Run by Meri at 17:02:01 on 2011-10-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1865 [GMT -4:00]
.
AV: McAfee VirusScan *Enabled/Updated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: McAfee VirusScan *Enabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *Enabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\consent.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=1080305
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=1080305
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [<NO NAME>] OSK.exe
StartupFolder: c:\users\meri\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04288BE1-55E0-4EC7-8AC0-D0FD068EA484} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\meri\appdata\roaming\mozilla\firefox\profiles\lhi4cbo7.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-4 201288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-4 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-4 35240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-3-4 40488]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2007-6-8 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2007-3-5 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2007-7-20 235616]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-4 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-4 19008]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-3-4 33800]
.
=============== Created Last 30 ================
.
2011-10-14 02:38:41 -------- d--h--w- C:\$AVG
2011-10-14 01:54:39 -------- d-----w- c:\users\meri\appdata\roaming\AVG2012
2011-10-14 01:48:05 -------- d--h--w- c:\programdata\Common Files
2011-10-14 01:47:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-14 01:47:05 -------- d-----w- c:\programdata\AVG2012
2011-10-14 01:45:59 -------- d-----w- c:\program files\AVG
2011-10-14 01:37:37 -------- d-----w- c:\programdata\MFAData
2011-10-12 16:16:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
.
==================== Find3M ====================
.
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 17:03:11.24 ===============


Attach.log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/4/2008 3:43:31 PM
System Uptime: 10/14/2011 4:54:42 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 349.625 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.768 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0168
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0168
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0407
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0407
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell Getting Started Guide
Dell Support Center
Dell Webcam Center
Dell Webcam Manager
Download Updater (AOL LLC)
EarthLink Setup Files
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Mouse Suite for Desktop Computers
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NVIDIA Drivers
NVIDIANetworkDiagnostic
Presto! PageManager 7.15.16
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone V3
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 3.8
Sonic Activation Module
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User's Guides
Viewpoint Media Player
W Photo Studio
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/14/2011 4:57:39 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
10/14/2011 4:56:43 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/14/2011 4:55:19 PM, Error: EventLog [6008] - The previous system shutdown at 4:53:22 PM on 10/14/2011 was unexpected.
.
==== End Of File ===========================
twirlystache
Active Member
 
Posts: 5
Joined: October 14th, 2011, 4:52 pm
Advertisement
Register to Remove

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 16th, 2011, 2:36 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG Anti-Virus Free Edition 2012
    McAfee VirusScan
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove AVG Anti-Virus Free Edition 2012.

While you are in Add/remove programs uninstall the following also.
Ask Toolbar
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 23
McAfee Security Scan Plus


Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.
    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby twirlystache » October 17th, 2011, 11:53 pm

Thank you.

Here is the log from ComboFix:

ComboFix 11-10-17.02 - Meri 10/17/2011 23:03:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1923 [GMT -4:00]
Running from: c:\users\Meri\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
SP: McAfee VirusScan *Disabled/Outdated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponAlert_2pEI
c:\users\Niko\AppData\Local\{C8583A42-3A06-4B3E-878E-39D94AC0B1BD}
c:\users\Niko\AppData\Local\{C8583A42-3A06-4B3E-878E-39D94AC0B1BD}\chrome.manifest
c:\users\Niko\AppData\Local\{C8583A42-3A06-4B3E-878E-39D94AC0B1BD}\chrome\content\_cfg.js
c:\users\Niko\AppData\Local\{C8583A42-3A06-4B3E-878E-39D94AC0B1BD}\chrome\content\overlay.xul
c:\users\Niko\AppData\Local\{C8583A42-3A06-4B3E-878E-39D94AC0B1BD}\install.rdf
c:\users\Niko\Documents\~WRL0947.tmp
c:\users\Niko\Taskmgr.exe
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 03:16 . 2011-10-18 03:17 -------- d-----w- c:\users\Meri\AppData\Local\temp
2011-10-18 03:16 . 2011-10-18 03:16 -------- d-----w- c:\users\Niko\AppData\Local\temp
2011-10-18 03:16 . 2011-10-18 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 23:54 . 2011-10-17 23:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5239C5-72BC-4BFF-BA81-85E26E39EB43}\offreg.dll
2011-10-17 23:54 . 2011-09-21 13:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5239C5-72BC-4BFF-BA81-85E26E39EB43}\mpengine.dll
2011-10-14 02:57 . 2011-10-14 02:57 -------- d-----w- c:\programdata\WindowsSearch
2011-10-14 01:48 . 2011-10-14 01:48 -------- d--h--w- c:\programdata\Common Files
2011-10-14 01:37 . 2011-10-17 23:23 -------- d-----w- c:\programdata\MFAData
2011-10-12 16:16 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-04-30 15:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 06:53 . 2011-10-14 01:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-14 20:46 . 2010-06-14 20:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... f96877af81" [?]
.
c:\users\Meri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-05 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 235616]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-17 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=1080305
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Meri\AppData\Roaming\Mozilla\Firefox\Profiles\lhi4cbo7.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-AIM_7 - c:\program files\AIM\uninst.exe
AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 23:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Meri\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-17 23:28:51
ComboFix-quarantined-files.txt 2011-10-18 03:28
.
Pre-Run: 375,326,040,064 bytes free
Post-Run: 375,535,034,368 bytes free
.
- - End Of File - - D91A0B068EC70B605B2395AE57B2E694


When removing Ask toolbar, I received the following message:
Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

Under the account named Niko, there is an error when starting: C:\Windows\system32\rundll32.exe - This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel.

Under the account named Mari, it says: Windows will not finish installing software from the manufacturer of this device: NVIDIA GeForce 6150SE nForce 430. I chose ask me again later. It also asks to update Adobe Reader to 8.1.2, which I also chose remind me later. I also get a notice that Windows has blocked some startup programs.
twirlystache
Active Member
 
Posts: 5
Joined: October 14th, 2011, 4:52 pm

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 18th, 2011, 5:42 am

Hi,
my desktop icons are still missing and many programs from the start menu are still gone.

Do these problems still exist, are your desktop icons still missing, and are the programs still missing from the start menu ?

Please run DDS again and post the resulting logs.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby twirlystache » October 18th, 2011, 8:58 pm

The desktop icons and missing items from the start menu seem to be there again now. Thanks.

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Meri at 20:55:17 on 2011-10-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2215 [GMT -4:00]
.
AV: McAfee VirusScan *Disabled/Outdated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
SP: McAfee VirusScan *Disabled/Outdated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\OEM05Mon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\wuauclt.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=1080305
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0EtSzZIVTk"&"inst=NzctNzc2ODI1Njk1LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c593fb10281d47d1aab5d1578f8518f4-bc0f208cc2f7986638ddf42349db34f96877af81
StartupFolder: c:\users\meri\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04288BE1-55E0-4EC7-8AC0-D0FD068EA484} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\meri\appdata\roaming\mozilla\firefox\profiles\lhi4cbo7.default\
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-4 201288]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-10 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-4 144704]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-30 2280312]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-10 24652]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-4 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-4 35240]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2007-6-8 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2007-3-5 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2007-7-20 235616]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-4 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-4 19008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-3-4 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-3-4 40488]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-4 695624]
.
=============== Created Last 30 ================
.
2011-10-18 14:39:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aa8ee0e-3a8e-4352-8261-2c579051cfcc}\offreg.dll
2011-10-18 14:39:24 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aa8ee0e-3a8e-4352-8261-2c579051cfcc}\mpengine.dll
2011-10-18 03:29:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-18 03:16:17 -------- d-----w- c:\users\meri\appdata\local\temp
2011-10-18 03:02:10 98816 ----a-w- c:\windows\sed.exe
2011-10-18 03:02:10 518144 ----a-w- c:\windows\SWREG.exe
2011-10-18 03:02:10 256000 ----a-w- c:\windows\PEV.exe
2011-10-18 03:02:10 208896 ----a-w- c:\windows\MBR.exe
2011-10-14 01:48:05 -------- d-----w- c:\programdata\Common Files
2011-10-14 01:37:37 -------- d-----w- c:\programdata\MFAData
2011-10-12 16:16:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
.
==================== Find3M ====================
.
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 20:55:34.16 ===============


Attach.log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/4/2008 3:43:31 PM
System Uptime: 10/18/2011 5:16:03 AM (15 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 349.776 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.749 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0168
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0168
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0407
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0407
Service: tunnel
.
==== System Restore Points ===================
.
RP2271: 9/14/2011 1:52:29 PM - Scheduled Checkpoint
RP2273: 9/16/2011 2:43:41 AM - Scheduled Checkpoint
RP2275: 9/16/2011 3:00:11 AM - Windows Update
RP2277: 9/17/2011 12:02:33 AM - Scheduled Checkpoint
RP2279: 9/18/2011 1:03:33 AM - Scheduled Checkpoint
RP2281: 9/18/2011 5:58:33 PM - Scheduled Checkpoint
RP2283: 9/19/2011 11:37:25 AM - Scheduled Checkpoint
RP2285: 9/20/2011 12:00:07 AM - Scheduled Checkpoint
RP2287: 9/20/2011 10:41:50 PM - Scheduled Checkpoint
RP2289: 9/22/2011 12:57:52 PM - Scheduled Checkpoint
RP2291: 9/24/2011 12:24:14 AM - Scheduled Checkpoint
RP2293: 9/25/2011 3:46:38 PM - Scheduled Checkpoint
RP2295: 9/26/2011 1:13:09 PM - Scheduled Checkpoint
RP2297: 9/27/2011 1:28:13 AM - Scheduled Checkpoint
RP2299: 9/28/2011 12:58:19 AM - Scheduled Checkpoint
RP2301: 9/29/2011 12:00:15 AM - Scheduled Checkpoint
RP2303: 9/29/2011 10:52:33 PM - Scheduled Checkpoint
RP2305: 10/1/2011 11:46:34 AM - Scheduled Checkpoint
RP2307: 10/2/2011 12:12:03 AM - Scheduled Checkpoint
RP2309: 10/3/2011 12:00:12 AM - Scheduled Checkpoint
RP2311: 10/4/2011 1:10:45 AM - Scheduled Checkpoint
RP2313: 10/5/2011 12:21:13 AM - Scheduled Checkpoint
RP2315: 10/6/2011 12:26:12 AM - Scheduled Checkpoint
RP2317: 10/6/2011 8:42:39 PM - Scheduled Checkpoint
RP2319: 10/7/2011 3:25:57 PM - Scheduled Checkpoint
RP2321: 10/9/2011 7:57:08 AM - Scheduled Checkpoint
RP2323: 10/10/2011 10:37:34 AM - Scheduled Checkpoint
RP2325: 10/11/2011 12:43:57 AM - Scheduled Checkpoint
RP2327: 10/12/2011 12:05:49 AM - Scheduled Checkpoint
RP2329: 10/12/2011 6:45:52 PM - Scheduled Checkpoint
RP2331: 10/13/2011 3:00:24 AM - Windows Update
RP2333: 10/13/2011 9:45:38 PM - Installed AVG 2012
RP2335: 10/13/2011 9:46:42 PM - Installed AVG 2012
RP2337: 10/14/2011 6:01:48 PM - Scheduled Checkpoint
RP2339: 10/15/2011 1:28:36 PM - Scheduled Checkpoint
RP2341: 10/17/2011 12:42:47 PM - Scheduled Checkpoint
RP2343: 10/17/2011 7:19:59 PM - Removed AVG 2012
RP2345: 10/17/2011 7:22:10 PM - Removed AVG 2012
RP2347: 10/17/2011 7:23:47 PM - Removed Ask Toolbar.
RP2349: 10/17/2011 7:27:16 PM - Removed Java(TM) SE Runtime Environment 6
RP2351: 10/17/2011 7:28:42 PM - Removed Java(TM) 6 Update 23
RP2353: 10/17/2011 7:54:05 PM - Windows Update
RP2355: 10/18/2011 10:39:14 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell Getting Started Guide
Dell Support Center
Dell Webcam Center
Dell Webcam Manager
Download Updater (AOL LLC)
EarthLink Setup Files
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Service Offers Launcher
iTunes
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Mouse Suite for Desktop Computers
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NVIDIA Drivers
NVIDIANetworkDiagnostic
Presto! PageManager 7.15.16
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone V3
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 3.8
Sonic Activation Module
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User's Guides
Viewpoint Media Player
W Photo Studio
.
==== Event Viewer Messages From Past Week ========
.
10/17/2011 7:34:15 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
10/17/2011 7:33:29 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/17/2011 11:16:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/17/2011 11:02:53 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
10/17/2011 11:01:53 PM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/14/2011 4:55:19 PM, Error: EventLog [6008] - The previous system shutdown at 4:53:22 PM on 10/14/2011 was unexpected.
.
==== End Of File ===========================


Should I still leave my antiviruses inactive as required by the step before using Combofix? At the moment they are still turned off. Again, thanks for all the help.
twirlystache
Active Member
 
Posts: 5
Joined: October 14th, 2011, 4:52 pm

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 19th, 2011, 5:39 am

Hi,
thanks for all the help.

You're welcome.
The desktop icons and missing items from the start menu seem to be there again now.

Good, we still have some work to do so stay with me.
Should I still leave my antiviruses inactive as required by the step before using Combofix? At the moment they are still turned off.

I need you to run another scan for me see below, you should turn your AV on again after that scan.

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "EF99BD32-C1FB-11D2-892F-0090271D4F88"=-
    "2318C2B1-4965-11d4-9B18-009027A5CD4F"=-
    
    :Files
    C:\Program Files\Ask.com
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE 7, (JRE) Java SE 7.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • OTM log.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby twirlystache » October 20th, 2011, 12:40 am

OTM

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\EF99BD32-C1FB-11D2-892F-0090271D4F88 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\2318C2B1-4965-11d4-9B18-009027A5CD4F not found.
========== FILES ==========
File/Folder C:\Program Files\Ask.com not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Meri\Desktop\cmd.bat deleted successfully.
C:\Users\Meri\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Incomplete

User: Meri
->Flash cache emptied: 162799 bytes

User: Niko
->Flash cache emptied: 1994226 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Incomplete
->Temp folder emptied: 0 bytes

User: Meri
->Temp folder emptied: 155474 bytes
->Temporary Internet Files folder emptied: 4017365216 bytes
->Java cache emptied: 4942659 bytes
->FireFox cache emptied: 197175259 bytes
->Flash cache emptied: 0 bytes

User: Niko
->Temp folder emptied: 32344 bytes
->Temporary Internet Files folder emptied: 2265518308 bytes
->Java cache emptied: 476094 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7866 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14408939 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,199.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10192011_201306

Files moved on Reboot...
C:\Windows\temp\mcmsc_x8munKKRvhdLO4t moved successfully.
C:\Windows\temp\sqlite_h0FChOSU4mWLhMH moved successfully.
C:\Windows\temp\sqlite_lFybclQbULApJB6 moved successfully.

Registry entries deleted on Reboot...


ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=36f2e707a57a4049b6163031ede93147
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-20 02:42:59
# local_time=2011-10-19 10:42:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16776893 100 96 14199123 132854687 0 0
# compatibility_mode=5892 16776573 100 100 0 155683913 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=107889
# found=0
# cleaned=0
# scan_time=2194
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=36f2e707a57a4049b6163031ede93147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-20 04:17:08
# local_time=2011-10-20 12:17:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16776893 100 96 14202249 132857813 0 0
# compatibility_mode=5892 16776573 100 100 0 155687039 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=205475
# found=0
# cleaned=0
# scan_time=4716


Under the account "Niko", it says C:\Windows\system32\rundll32.exe - This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel.

Under this account only, I am unable to launch any other programs, like Firefox or iTunes - I get the same message.

I also still get the notice to install NVIDIA GeForce 6150SE nForce 430 drivers, but I have held off.

I should say I am doing all of these fixes from my other user account, "Mari".

Thanks.
twirlystache
Active Member
 
Posts: 5
Joined: October 14th, 2011, 4:52 pm

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 20th, 2011, 6:03 am

Hi,
Please delete the copy of ComboFix on your desktop the download a fresh copy from Here.
Then log on under the problem account "Niko", run ComboFix again as you did previously.
Post the resulting log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby twirlystache » October 20th, 2011, 9:04 pm

I cannot run Combofix under Niko. I get the same message I've been getting: "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel. "

Also : Now that I notice, Recycling Bin is still missing from the Mari and Niko desktops. Also, under Mari: "recent items" are missing on the left of the start menu.
twirlystache
Active Member
 
Posts: 5
Joined: October 14th, 2011, 4:52 pm

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 21st, 2011, 10:59 am

Hi,
I cannot run Combofix under Niko.

Please download ExeFix.reg and save it on the root of the system drive (usually C:).

  • Important: boot in to the problem account "Niko".
  • Double-click it and confirm the prompt to allow it to merge.

Once done see if you can run Combofix on the "Niko" account.
If successful post the ComboFix.txt in your next reply
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Windows Vista Recovery Tool + missing desktop icons, etc

Unread postby Cypher » October 24th, 2011, 10:51 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 342 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware