Windows Recovery

**josax** · 2011-05-07, 06:42

Windows Recovery came up about a week ago. It has hidden everything.
I ran stop zilla and "removed threats" a few days ago.

Thanks in advance for your help.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by josh at 22:16:34.05 on Fri 05/06/2011
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.394 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFPCNF2F\dds[1].com
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://qwest.live.com
uWindow Title = Windows Internet Explorer
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - ?p=ZUxdm486MQUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl389b8864;MpKsl389b8864;c:\programdata\microsoft\microsoft antimalware\definition updates\{0c28424a-14cb-4099-9db6-4470ecf4d6c7}\MpKsl389b8864.sys [2011-5-5 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-2 13384]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-2 77896]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-1-20 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2010-2-2 120832]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-1-21 111104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-3-19 552448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-2 4096]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-1-21 209408]
.
=============== Created Last 30 ================
.
2011-05-06 02:26:35 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0c28424a-14cb-4099-9db6-4470ecf4d6c7}\MpKsl389b8864.sys
2011-05-06 02:25:41 7071056 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0c28424a-14cb-4099-9db6-4470ecf4d6c7}\mpengine.dll
2011-05-04 04:38:29 -------- d-----w- c:\program files\Safer Networking
2011-04-24 22:11:45 -------- d-----w- c:\program files\STOPzilla!
2011-04-24 22:11:43 -------- d-----w- c:\program files\common files\iS3
2011-04-24 22:11:41 -------- d-----w- c:\progra~2\STOPzilla!
2011-04-24 15:50:14 -------- d-----w- c:\users\josh\appdata\roaming\AVG10
2011-04-24 15:49:06 -------- d--h--w- c:\progra~2\Common Files
2011-04-24 15:44:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-24 15:44:34 -------- d-----w- c:\progra~2\AVG10
2011-04-24 15:43:52 -------- d-----w- c:\program files\AVG
2011-04-24 14:59:09 -------- d-----w- c:\progra~2\MFAData
2011-04-24 04:33:03 -------- d-----w- c:\users\josh\appdata\local\PackageAware
2011-04-21 01:45:54 7071056 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-20 02:10:50 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-04-20 02:10:49 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-04-20 02:10:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-04-20 02:09:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-19 23:38:56 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-19 23:38:56 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-19 23:38:54 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-19 23:38:54 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-19 23:38:54 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-19 23:38:54 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-19 23:38:54 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-19 23:38:52 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-19 23:38:52 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-19 23:38:52 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-04-19 23:38:52 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-19 23:38:52 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-19 15:00:42 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2eefd220-75f2-4520-a1df-b334489846ec}\gapaengine.dll
2011-04-19 14:55:47 -------- d--h--w- c:\program files\Microsoft Security Client
2011-04-19 06:00:33 -------- d--h--w- C:\zzzzz
2011-04-19 05:55:13 -------- d--h--w- c:\progra~2\SUPERAntiSpyware.com
2011-04-19 05:55:04 -------- d--h--w- c:\progra~2\SASCORE
2011-04-19 05:55:01 -------- d--h--w- c:\users\josh\appdata\roaming\SUPERAntiSpyware.com
2011-04-19 05:55:01 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-04-19 05:54:45 -------- d--h--w- c:\program files\common files\Wise Installation Wizard
2011-04-19 05:26:59 -------- d--h--w- c:\users\josh\appdata\roaming\wsInspector
2011-04-19 05:18:56 -------- d--h--w- c:\program files\Startup Inspector for Windows
2011-04-19 04:11:13 172032 ---ha-w- c:\windows\system32\igfxres.dll
2011-04-16 03:28:38 -------- d--h--w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-02-18 22:36:58 4184352 ---ha-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 22:17:22.30 ===============

**Blade81** · 2011-05-14, 18:36

Hi,

If help still needed post fresh DDS logs.

**josax** · 2011-05-14, 22:40

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by josh at 14:33:55.96 on Sat 05/14/2011
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.172 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\mobsync.exe
C:\Users\josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4BPEUD9\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://qwest.live.com
uWindow Title = Windows Internet Explorer
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - ?p=ZUxdm486MQUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb246f354;MpKslb246f354;c:\programdata\microsoft\microsoft antimalware\definition updates\{b81e465d-41e7-4c9f-a6a6-9b30567c7845}\MpKslb246f354.sys [2011-5-13 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-2 13384]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-2 77896]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-1-20 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-11-2 22016]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2010-2-2 120832]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-1-21 111104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-3-19 552448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-2 4096]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-1-21 209408]
.
=============== Created Last 30 ================
.
2011-05-14 00:25:31 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b81e465d-41e7-4c9f-a6a6-9b30567c7845}\MpKslb246f354.sys
2011-05-14 00:24:51 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b81e465d-41e7-4c9f-a6a6-9b30567c7845}\mpengine.dll
2011-05-09 00:43:57 735142 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-04 04:38:29 -------- d-----w- c:\program files\Safer Networking
2011-04-24 22:11:45 -------- d-----w- c:\program files\STOPzilla!
2011-04-24 22:11:43 -------- d-----w- c:\program files\common files\iS3
2011-04-24 22:11:41 -------- d-----w- c:\progra~2\STOPzilla!
2011-04-24 15:50:14 -------- d-----w- c:\users\josh\appdata\roaming\AVG10
2011-04-24 15:49:06 -------- d--h--w- c:\progra~2\Common Files
2011-04-24 15:44:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-24 15:44:34 -------- d-----w- c:\progra~2\AVG10
2011-04-24 15:43:52 -------- d-----w- c:\program files\AVG
2011-04-24 14:59:09 -------- d-----w- c:\progra~2\MFAData
2011-04-24 04:33:03 -------- d-----w- c:\users\josh\appdata\local\PackageAware
2011-04-21 01:45:54 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-20 02:10:50 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-04-20 02:10:49 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-04-20 02:10:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-04-20 02:09:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-04-19 23:38:56 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-19 23:38:56 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-19 23:38:54 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-19 23:38:54 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-19 23:38:54 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-19 23:38:54 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-19 23:38:54 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-19 23:38:52 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-19 23:38:52 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-19 23:38:52 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-04-19 23:38:52 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-19 23:38:52 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-19 15:00:42 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{2eefd220-75f2-4520-a1df-b334489846ec}\gapaengine.dll
2011-04-19 14:55:47 -------- d--h--w- c:\program files\Microsoft Security Client
2011-04-19 06:00:33 -------- d--h--w- C:\zzzzz
2011-04-19 05:55:13 -------- d--h--w- c:\progra~2\SUPERAntiSpyware.com
2011-04-19 05:55:04 -------- d--h--w- c:\progra~2\SASCORE
2011-04-19 05:55:01 -------- d--h--w- c:\users\josh\appdata\roaming\SUPERAntiSpyware.com
2011-04-19 05:55:01 -------- d--h--w- c:\program files\SUPERAntiSpyware
2011-04-19 05:54:45 -------- d--h--w- c:\program files\common files\Wise Installation Wizard
2011-04-19 05:26:59 -------- d--h--w- c:\users\josh\appdata\roaming\wsInspector
2011-04-19 05:18:56 -------- d--h--w- c:\program files\Startup Inspector for Windows
2011-04-19 04:11:13 172032 ---ha-w- c:\windows\system32\igfxres.dll
2011-04-16 03:28:38 -------- d--h--w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-02-18 22:36:58 4184352 ---ha-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 14:35:44.69 ===============

My computer won't let me zip the attach file. Sorry.

**Blade81** · 2011-05-15, 10:56

Hi,

It's ok to copy-paste attach.txt contents.

**josax** · 2011-05-15, 19:31

Thanks. I will wait for instruction to do that.

**Blade81** · 2011-05-15, 19:53

Open attach.txt file and just copy-paste its contents in your reply like you did with the dds.txt file above.

**josax** · 2011-05-16, 01:59

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 1/20/2008 7:50:36 PM
System Uptime: 5/14/2011 4:03:10 AM (10 hours ago)
.
Motherboard: Dell Inc. | | 0WP007
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | Microprocessor | 1067/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 40.36 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_05AC&PID_1265&MI_00\000A270020B026DC&AAPL0
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_05AC&PID_1265&MI_00\000A270020B026DC&AAPL0
Service: USBSTOR
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2000 National Plumbing & HVAC Estimator
2010 National Plumbing and HVAC Estimator
2010 National Plumbing and HVAC Estimator License
Actiontec Gateway
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced Audio FX Engine
Advanced Video FX Engine
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conexant HDA D330 MDC V.92 Modem
CutePDF Writer 2.8
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Intel(R) Matrix Storage Manager
iTunes
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Map Button (Windows Live Toolbar)
MediaDirect
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
OutlookAddinSetup
PhoTags Express
Picasa 3
Product Documentation Launcher
QuickTime
RunAlyzer
Safari
Seagate Manager Installer
Search Assistant Trueads
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
STOPzilla
SUPERAntiSpyware Free Edition
TestDrive Client
The National Estimator
Uninstall Startup Inspector
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VoiceOver Kit
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 8:12:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/9/2011 8:12:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/9/2011 8:11:28 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5/9/2011 7:42:36 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7022] - The Secondary Logon service hung on starting.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/9/2011 7:42:36 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/9/2011 7:03:55 PM, Error: EventLog [6008] - The previous system shutdown at 12:27:21 PM on 5/9/2011 was unexpected.
5/8/2011 11:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================

**Blade81** · 2011-05-16, 09:52

Hi,

Please download and run this tool. It should make your files visible again. Let me know about the result and then we'll go forward.

**josax** · 2011-05-18, 02:09

All of my files are visible again.

**Blade81** · 2011-05-18, 06:58

Good. Then we can continue.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Thread: Windows Recovery

Thread Tools

Display

Windows Recovery

Posting Permissions