Jump to content

How to recover start menu, shortcuts, etc.


Recommended Posts

lease find my logs attached. I used Malwarebytes to clean up infections, but now am missing much of the computer's personalization... like start-up icons, etc. I've un-hidden many directories under the Users directory, cannot find more to un-hide, and while a few icons reappeared most did not. What are my next steps?

Thank you, thank you!

Carolyn K., aka Mrs.Hoagie

(Note, this is a repost because I made the mistake of replying to my own post, then read that I should not do that as it looks like I'm being helped :-( Sorry.

It asked me to attached logs, but looks like folks get faster answers by including logs inline, so...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29

Run by Cathy at 13:47:26 on 2011-12-15

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1013.124 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k wdisvc

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

uRun: [LqTNINJdRtnwrBr.exe] c:\programdata\LqTNINJdRtnwrBr.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1

mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe

mRun: [VAIOSurvey] c:\program files\sony corporation\vaio survey\Vista VAIO Survey.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\users\cathy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\cathy\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

TCP: Interfaces\{A436A863-2DAE-4A82-9FE3-CC838E58DB08} : DhcpNameServer = 68.87.64.150 68.87.75.198

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\cathy\appdata\roaming\mozilla\firefox\profiles\kkxkpnq2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Norton Safe Search

FF - component: c:\users\cathy\appdata\roaming\mozilla\firefox\profiles\kkxkpnq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\cathy\appdata\roaming\mozilla\firefox\profiles\kkxkpnq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKslf10718f6;MpKslf10718f6;c:\programdata\microsoft\microsoft antimalware\definition updates\{5e2b5e73-3197-4b22-8014-3b1393b2e514}\MpKslf10718f6.sys [2011-12-15 29904]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-29 21504]

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-21 1153368]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-12-18 227328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-3-25 745472]

S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2006-12-29 397312]

S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2006-12-29 1089536]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-15 18:29:36 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5e2b5e73-3197-4b22-8014-3b1393b2e514}\MpKslf10718f6.sys

2011-12-15 18:29:33 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5e2b5e73-3197-4b22-8014-3b1393b2e514}\offreg.dll

2011-12-15 16:25:37 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-12-15 14:19:48 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5e2b5e73-3197-4b22-8014-3b1393b2e514}\mpengine.dll

2011-11-21 19:06:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-18 20:31:40 -------- d-----w- c:\program files\Maps4PC_0cEI

.

==================== Find3M ====================

.

2011-12-15 13:59:28 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-26 21:16:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec

2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

============= FINISH: 13:48:52.07 ===============

And the other log...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Business

Boot Device: \Device\HarddiskVolume2

Install Date: 3/24/2007 9:42:30 PM

System Uptime: 12/15/2011 1:29:02 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Genuine Intel® CPU T2250 @ 1.73GHz | N/A | 800/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 106 GiB total, 53.864 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP446: 11/23/2011 3:31:58 PM - Windows Update

RP447: 11/25/2011 8:40:19 AM - Windows Update

RP448: 11/27/2011 1:47:51 PM - Windows Update

RP449: 11/28/2011 8:46:55 AM - Scheduled Checkpoint

RP450: 11/28/2011 7:21:25 PM - Windows Update

RP451: 11/29/2011 8:50:07 AM - Scheduled Checkpoint

RP452: 11/30/2011 1:03:32 PM - Windows Update

RP453: 12/1/2011 4:42:53 PM - Windows Update

RP454: 12/2/2011 8:09:10 AM - Scheduled Checkpoint

RP455: 12/3/2011 8:37:33 AM - Windows Update

RP456: 12/4/2011 10:50:03 AM - Windows Update

RP457: 12/5/2011 9:57:59 AM - Scheduled Checkpoint

RP458: 12/6/2011 11:48:23 AM - Windows Update

RP459: 12/7/2011 8:57:53 PM - Windows Update

RP460: 12/8/2011 7:03:51 PM - Scheduled Checkpoint

RP461: 12/9/2011 8:35:48 AM - Windows Update

RP462: 12/15/2011 9:17:24 AM - Windows Update

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

Alps Pointing-device for VAIO

Business Contact Manager for Outlook 2007 SP2

CCleaner (remove only)

Click to DVD 2.0.05 Menu Data

Click to DVD 2.6.00

Corel Paint Shop Pro Photo XI

Corel Snapfire

Google Toolbar for Internet Explorer

HDAUDIO SoftV92 Data Fax Modem with SmartCP

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java™ 6 Update 29

Java™ 6 Update 5

Java™ 6 Update 7

Java™ SE Runtime Environment 6

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Move Networks Media Player for Internet Explorer

Mozilla Firefox 5.0 (x86 en-US)

Mozilla Thunderbird (8.0)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

OpenOffice.org Installer 1.0

QuickBooks Product Listing Service

QuickBooks Simple Start Free Starter Edition

Realtek High Definition Audio Driver

Roxio Easy Media Creator Home

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Setting Utility Series

SonicStage 4.3

Sony Snymsico for Vista

Sony Utilities DLL

Sony Video Shared Library

Spybot - Search & Destroy

SupportSoft Assisted Service

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

VAIO Azure Float Wallpaper

VAIO Central

VAIO Entertainment Platform

VAIO Event Service

VAIO Floral Dusk Wallpaper

VAIO Help And Support

VAIO Media

VAIO Media 6.0

VAIO Media AC3 Decoder 1.0

VAIO Media Content Collection 6.0

VAIO Media Integrated Server 6.0

VAIO Media Redistribution 6.0

VAIO Media Registration Tool 6.0

VAIO OOBE

VAIO Photo 2007

VAIO Power Management

VAIO Security Center

VAIO Survey

VAIO Teal Whisper Wallpaper

VAIO Update 3

VAIO Video & Photo Utilities

WinDVD for VAIO

Wireless Switch Setting Utility

.

==== End Of File ===========================

Thank you!!

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

After running the unhide tool you may still be missing most of your start menu shortcuts… They can be found in a folder named smtmp inside:

(XP)- C:\Documents and Settings\Username\Local Settings\Temp

(W7)- C:\Users\Username\AppData\Local\Temp

C:\Windows\Temp

Example:

%Temp%\smtmp\1 "%AllUsersProfile%\Start Menu"

%Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch"

%Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"

%Temp%\smtmp\4 "%AllUsersProfile%\Desktop

These will be there unless you have removed temp files / folders

There might be three numbered folders inside C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp folder. The folders will be numbered 1, 2 and 4.

Inside the 1 folder is a folder named “Programs.” This folder should be copied / pasted to (using XP) to C:\Documents and Settings\All Users\Start Menu, which will already have a folder named Programs but it is safe to overwrite it since Windows will replace the subfolders without creating duplicates.

Inside the 2 folder are the quick launch items specific for the user. Select ALL of these shortcuts and copy / paste to (using XP) C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch.

Inside the 4 folder are the desktop items that should be copied to C:\Documents and Settings\All Users\Desktop.

Let me know if everything was there and how it's running now.

For Windows 7 users, the all users start menu is C:\ProgramData\Microsoft\Windows\Start Menu\Programs and the all users desktop folder is C:\Users\Public\Desktop

Also you can use this option With Windows 7 / Vista:

You can restore the Start menu to its original, default settings.

1.Open Taskbar and Start Menu Properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Taskbar and Start Menu.

2.Click the Start Menu tab, and then click Customize.

3.In the Customize Start Menu dialog box, click Use Default Settings, and then click OK.

Link to post
Share on other sites

Instructions were missing for Windows 7/Vista the directory for smtmp folder 2, to restore Quick Launch icons.

For Windows 7 users, the all users start menu is C:\ProgramData\Microsoft\Windows\Start Menu\Programs and the all users desktop folder is C:\Users\Public\Desktop

...this covers folder 1 and 4, but not 2.

Luckily a little searching turned up the right location for the Quick Launch icons.

Everything else worked just as you described, and I very much appreciate the support.

Thank you, thank, you, and did I say... thank you!

Link to post
Share on other sites

You're more than welcome.

Glad we were able to help

Peace be with you wavey.gif

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.