[Sawson Salehpour]

On the right side, under the picture, I only have Computer and Recent Items. Nothing else. Everything else like Documents, Music, and Control Panel, etc. are all gone.

[Advertisements]

I am going to run the rest of your fixes now. I will get back to the start menu after that.

[Sawson Salehpour]

I am going to run the rest of your fixes now. I will get back to the start menu after that.

[Essexboy]

Start from step 2 on the page I linked to and then download the relevant zip file and follow the instructions - that should restore them. If not I may have another trick to play with

[Sawson Salehpour]

So after 30+ minutes of running combofix I have a log file, and my start menu is looking normal again! YAY! Thanks. Here is the log file.

ComboFix 11-10-15.03 - Colin 10/15/2011 10:38:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1545 [GMT -4:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\VPro1000.exe
c:\windows\vspc1000.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 15:07 . 2011-10-15 15:09 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-10-15 15:07 . 2011-10-15 15:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-10-15 15:07 . 2011-10-15 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 13:36 . 2011-10-15 13:36 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\MpKsl1ba61836.sys
2011-10-15 13:36 . 2011-10-15 13:36 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\offreg.dll
2011-10-15 13:34 . 2011-10-15 13:34 -------- d-----w- C:\_OTL
2011-10-15 13:29 . 2011-10-15 13:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-15 03:14 . 2011-10-15 03:14 -------- d-----w- c:\programdata\WindowsSearch
2011-10-15 01:25 . 2011-10-15 01:25 388096 ----a-r- c:\users\Guest\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 01:25 . 2011-10-15 01:25 -------- d-----w- c:\program files\Trend Micro
2011-10-15 01:24 . 2011-10-15 01:24 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2011-10-15 01:24 . 2011-10-15 01:24 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 01:24 . 2011-10-15 01:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 01:24 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 01:12 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\mpengine.dll
2011-10-12 21:33 . 2011-10-12 21:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B38EE5CF-5E68-4EAE-8F70-7EF631B4E892}\gapaengine.dll
2011-10-12 21:32 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:32 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:32 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:32 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:32 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-09-29 02:27 . 2011-09-29 02:27 -------- d-----w- C:\2d32536e854bd063e508598f802c
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-06-22 17:13 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2008-09-22 61440]
.
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-02-03 00:27 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Colin\Program Files\DNA\btdna.exe" [2010-09-02 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-03-31 77824]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-02-19 24576]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Skytel"="Skytel.exe" [2008-01-23 1826816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPro1000.lnk - c:\windows\VPro1000.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.lnk
backup=c:\windows\pss\AOLDDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
R3 cpuz130;cpuz130;c:\users\Colin\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2007-07-12 88320]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\DRIVERS\spc1000.sys [2007-07-12 3033856]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-15 111872]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-30 717296]
S1 MpKsl1ba61836;MpKsl1ba61836;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\MpKsl1ba61836.sys [2011-10-15 28752]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1BA61836
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} - hxxp://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\hrs184uz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-spc1000 - c:\windows\vspc1000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-15 11:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-15 11:25:21
ComboFix-quarantined-files.txt 2011-10-15 15:24
.
Pre-Run: 36,529,963,008 bytes free
Post-Run: 37,001,797,632 bytes free
.
- - End Of File - - CA852558BB59A3C35EF4934BB65BC0CE

[Essexboy]

That looks nice - what problems remain ?

Could you now update and run malwarebytes posting the resultant log

[Sawson Salehpour]

I can do that. The only thing that disturbs me at this point is my Start button has a gap between it and the first program open tab. I never remember seeing it there, before the virus, and I am unable to ask my wife because she is in class, and this is her laptop. Oh and also, none of my pictures preview like they used to. As in the icons are not thumbnails of the pictures themselves. Instead every picture is a specific picture icon. I might be spoiled because I have Windows 7 and this is Vista but I am fairly certain Vista previewed photos on the icons. Sorry I am just nit picking at this point it seems, but I really appreciate your help. I will run and post the logs now.

Thanks again
Sawson

[Essexboy]

Could you take a screenshot of the gap ?

Reset thumbnails in Vista :

Control Panel (Classic view) > Folder Options > View tab, uncheck 1st item (Always show icons, never thumbnails)

Then check to see if they are OK

[Sawson Salehpour]

That fixed the thumbnail issue. Here is the screen shot showing the gap.

Edited by Sawson Salehpour, 15 October 2011 - 10:41 AM.

[Sawson Salehpour]

Here is the Malewarebytes log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7954

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/15/2011 12:54:48 PM
mbam-log-2011-10-15 (12-54-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 300206
Time elapsed: 42 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Essexboy]

Could you now reset the theme from classic to any other and the gap should disappear

Any other outstanding problems

[Sawson Salehpour]

Nope the gap is still there even when I switch themes. But no other real issues I can see.

[Essexboy]

Thank you for the donation 'tis gratefully received

I haven't used Vista for a while now so I am not totally sure as to what the normal size is

Whilst I check that out I will tidy you up now

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.