Posts by PhilliePhan

Will run through them again, I am using machine in question now as fault is intermittent.

Intermittent is not good - could be a sign of a failing hard drive.... Hope you've backed up any and all important data in the event intermittent becomes permanent.

Is this a PC or laptop? If PC, get another Hard Drive - you can get a 1TB drive for under $100. If you buy retail (not OEM), many include software such as Acronis to allow for easy transfer of data / OS / etc....

A laptop would be a bit more involved...

Best Luck :)
PP

Are there any recorded instances of the dreaded "operating system not found" screen being caused by malware? I understand most likely cause to be creep or software related, apologise if this question already posted.

I do not think a malware cause is outside the realm of possibility. Especially with all the stuff that messes with the MBR these days.
But, I wouldn't put it at the head of the list. I'd look at the hard drive and BIOS first. Maybe recovery console or a bootable rescue CD the poke around and see if HD is functioning....

Best Luck :)
PP

Can it really be this easy?! Wow, That seems, so far, to have done the trick.....
Thank you, thank you, thank you many times over PhilliePhan!

You're welcome - Happy to help!

These days it seems I only have time for these "quick and easy" threads ;)

Anyhoo, I took a quick glance at your Attach.txt. It's good that you updated Java - you should also take a minute and update your Adobe Reader as well. And, you might want to give Limewire the boot - P2P is increasingly dangerous these days.

Other that those, I really didn't have a chance to pore over the logs. Given the MBAM log and lack of symptoms, though, I'd wager you're good to go.

Cheers :)
PP

I am the DIY type and get alot of satisfaction from fixing things myself, but I have gotten so frustrated and have now reached the end of my rope. I hate to admit defeat, but I would appreciate any suggestions.

Hi Rich,

Sorry for the delay - we just don't have many volunteers these days.

Combofix would probably be a good next step. However, given that your logs are for the most part clean, let's try a more direct approach and see what shakes out:

Please download TDSSKiller.zip and Extract TDSSKiller.exe from the ZIP to your Desktop.
-- Click START > RUN and type or Copy&Paste the following command into the Run Box and hit ENTER.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\LogIt.txt -v

Let the tool run. If you get a Hidden service detected message, DO NOT take any action. Just press ENTER and allow the tool to continue.

Once it finishes, please post the C:\LogIt.txt for me. Just copy & paste it into your reply.

Let me know if there are any problems along the way. I'll check back as time permits.

Best Luck :)
PP

But now his Windows mail won't open. Can't initialize the MSOE.dll.

That is a recurring Outlook error. I'd bet you probably have solved it by now.

If not, let me know and we can take a whack at it.

Cheers :)
PP

After running the above that's my processes running, do you think that's still far too many? if so i'm not sure how too stop processes from running!
i was looking at "wmiprvse.exe" and i think more say it's bad than good, so i should get rid of it? Although it could be something used for me running GTA / Windows Update?
Many thanks for your quick replies, i appreciate it

Happy to help!

-- You can easily stop processes via Task Manager, but they all look OK to me. wmiprvse.exe is not a baddie and nothing jumps out at me at quick glance..... Just to be on the safe side, I suggest you update your MBAM and run a scan in normal Windows boot and make sure it shows clean.

You might also be well served to dump Limewire. And make sure no LOP came along with MessengerPlus! (though I haven't seen that in a while).

If you are back up to speed, there probably isn't reason to mess with the processes. However, if you want to tweak and fine tune them, I suggest the tried and true method of visiting Black Viper's Site.

-- And, you might wish to enable System Restore or, better yet, try URUNT.

Cheers :)
PP

The problem i'm having is that when ever i open up the Internet i get 2 pop ups that pop up twice (opening 2 seperate internet windows) See attachments.

If I am not mistaken, that blocked url is indicative of a TDSS rootkit infection.

If it were my machine, I'd wipe it and reinstall Windows.... But, if that is not an option for you, you can try either of these options:

1) Please download TDSSKiller.zip and Extract TDSSKiller.exe from the ZIP to your Desktop.
-- Click START > RUN and type or Copy&Paste the following command into the Run Box and hit ENTER.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\LogIt.txt -v

Let the tool run. If you get a Hidden service detected message, DO NOT take any action. Just press ENTER and allow the tool to continue.

Once it finishes, please post the C:\LogIt.txt for me.

If that fails, try option 2:

2) Download and run Hitman Pro 3
That should detect and remove this.

I'll try to check back as time permits.

Best Luck :)
PP

Installed Comodo Internet Security, which I think is the best option for this person, since it's an all in one. I use Comodo Firewall, so I'm familiar with the interface, etc. Did a full system scan with Comodo, it found 5 infected files. Out of the 5, 3 were not actual virus (Vonage related). 2 were trojan Java exploits, can't remember the file path offhand, but they were in a temp folder. I had Comodo disinfect them and hope all is ok I guess. I can go back if there are some file I need to delete manually. But I just hate to leave it "unfinished". That's just not me. Thanks again for all the help and I'll wait to either here from someone further, or post that all is actually well for this pc.

Sorry for the wait - we have very few volunteers and it's a busy time of the year for most away from the compy.

Anyhoo, Comodo is solid. No worries there.

-- Make sure all older versions of Java have been uninstalled via Add / Remove Programs.
If you are not at Version 6 Update 20 , then you'll need to update.
Also, run ATF-Cleaner after updating. This will flush the Java cache, among other things.

-- The logs look OK. If you are not having any more issues, you're probably good to go. You can "fix" these entries with HJT, just to tidy things up a bit:

R0 - …

Hi,

I want to learn about md5.please tell me how i can calculate md5 of a file
Waiting for your kind answer

Thanks

There are a number of tools available to do this. I have used these, among others:
md5sum.exe
md5deep.exe
md5summer.exe

Cheers :)
PP

]I do not have the faintest clue on how to remedy these malfunctions. I would appreciate any help offered. I am using XP, and my browser is Firefox.

Please have a look at the linky below and post the requested scanlogs.

With any luck, somebody will be able to assist you further.

http://www.daniweb.com/forums/thread134865.html

Cheers :)
PP

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected
Restored copy from - Kitty had a snack :p

S3 IRLSSZY;IRLSSZY;c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\IRLSSZY.exe [?]

S3 YPARRTSJMFN;YPARRTSJMFN;c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe --> c:\docume~1\HP_Owner\LOCALS~1\Temp\YPARRTSJMFN.exe [?]

Looks like something is reinfecting intelide.sys.

Also, did you check those iffy files YPARRTSJMFN.exe & IRLSSZY.exe? They might be baddies - certainly look the part, but who knows these days...

Wish I had more time to help you guys out, but it's back to the salt mines for a bit.

Cheers :)
PP

Well, I am stumped and I hate saying it :(. I will see if I can get some help here.

Hey guys,

Looks to me like a persistent re-infection of the MBR. This might be a newer version of this popular affliction.
Lots of logs and little time, so I may have missed something, but I'd focus on the MBR.

-- A reinstall might be faster and certainly most effective, as our scanners just may not see this yet....

You could try this:
Please download mbr.exe and place it in your C:\ Drive
-- Click START > RUN > type cmd ENTER
At the prompt, type or Copy and Paste: mbr -t > C:\Logit.txt
Let it run and please post the Logit.txt for us.

-- Also, go ahead and delete your current combofix and then DL a fresh copy and run another scan as you did before. Let's see if it replaces another infected .sys file.....

Best Luck :)
PP

this thread is 3 years old that poster is long gone in future check post date. Later---

They were just spamming a link to their forum.

It was poor etiquette, so I fixed it for them :)

GMER Two:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 23:04:36
Windows 5.1.2600 Service Pack 2
Running: 7qxco86v.exe; Driver: C:\DOCUME~1\Shelly\LOCALS~1\Temp\uxroypod.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

Hey Judy - I'd suggest skipping ahead to a run of Combofix and making sure it addresses the infected atapi.sys.

Cheers :)
PP

Phillie,

If a computer is infected with a virus, would it not be useless to use Acronis to back it up? You would be copying the virus along with it.

As Omol noted, I read the original poster's question to be " What would be the best Anti-malware solution for a business." And I stand by my answer.

If the poster's friend were starting a Malware Removal Business, then my answer would be that he'd need a familiarity with ALL the tools available to him.
Again, MBAM and the like / Combofix / OTL / various ARK tools such as GMER.

-- Also, if you were to go to a client's house, bear in mind that some of these scans can take hours and you'd need to run 2-3 different tools to start. Not too practical - better to have the client run the scans, I would think...

Also, I would still say that the best solution to today's malware (which often has rootkit components) is to wipe the HD and reinstall the OS. Of course, this is not often a practical solution for numerous reasons - Important data not backed up regularly / no viable copy of OS for reinstall / etc . . .

As for your question about what repair technicians would do - that all varies. A shop specializing in malware removal would use all of the tools I mentioned. Still, I doubt they could guarantee their work - again, rootkits …

Welcome to daniweb, Not horrible, not wonderful either but have certainly seen worse.

Hey Judy,

Is this still considered malware?
Sophos says this:
MyWebSearch is an adware application which, when initially analysed, was observed to display advertisments when the browser was active. Analysis of recent versions of MyWebSearch show that this functionality is no longer present. MyWebSearch sends non-confidential data to mywebsearch.com on submitting search queries and clicking through to corresponding search results.

I just love these huuuuge logs from MBAM that look as though there is some big infection when it is really mild adware.... ;)

PP:)

However, it got me thinking. What are these medium - large sized businesses using for virus removal. I imagine the larger businesses are either partnered with one of the main virus removers apps or they use proprietary software.
Does anyone know of decent software for detection/removal of virus that has commercial license available?

On a business scale, it is really not practical to try to remove malware. Today's malware can really "dig in" with rootkits and the like.

Reformat and reinstall of OS is best.

My ideal solution would be backed up / cloned hard drives. Or use a disk image solution such as ACRONIS and save yourself the hassle and headache.....

If you are still set on trying to remove malware, there really is no one single solution.
MalwareBytes' Anti-Malware is good for a lot of active infections. But, additional tools such as combofix / OTL / GMER are often needed to clean up tough infections.
If you are not comfortable in the usage of those, then again I recommend and Acronis type solution.

Cheers :)
PP

Please update your MBAM and then follow the steps in the linky below and post those logs for us and somebody ought to be able to advise you further:

http://www.daniweb.com/forums/thread134865.html

Let us know if any of the steps give you trouble.

Cheers :)
PP

Hi Judy,

Thanks for jumping in :) - I've been a bit preoccupied with work lately.

-- I did not see any evidence of the MBR infection in previous scanlogs. Did not want to get in the way of the Stop Sign people ( and vice versa ).

If Janet is still having trouble with this baddie, there are a couple relatively painless avenues we can follow to try to remove it once and for all.

I, too, would like to see the latest logs.

PP:)

ShellExView was the tool! Found and disable adobe drive item. Couldn't remove it, but my windows exporer works just fine now. Thanks Cap'n!

Glad to hear you got this mess sorted out!

Cheers :)
PP

I'm in que with Adobe tech support, they promise to get back to me within 3 days. . . .

Good - hope they can offer a viable solution.

If not, happyrock's post re: ShellExView would be a good next step before hacking the registry.

Keep us in the loop :)

PP

I don't use CS4, just tried a trial of Dreamweaver and then uninstalled it through remove programs, which called up the Adobe removal tool. Not only doesn't VersionCue.dll exist, nothing exists below the \common files\Adobe level!

Given the state of this problem, and Apple and Microsoft's recent critique of Adobe, maybe this should be moved into the malware category?

Perhaps malware is a bit harsh, but it is certainly a pain in the ass . . . .

The fact that it can bork a machine is distressing.

Worst case scenerio, I suppose we could hack the registry. That is if a complete uninstall / reinstall fails.

Cheers :)
PP

I have tried this fix from the Adobe forums, but the result was only a different fatal error message. (Not certain of the wording, but nothing worked any better.) The primary difference may be that all of the posters at the adobe forum were installing CS4. I got rid of it. . . . .

I am sorry to have troubled you all.

No trouble at all :)

The thing is, when we move away from malware and into proprietary software such as Adobe, you'd probably have better luck with their tech support - Speaking only for myself, I don't know much about it other than a few select recurring issues....

CS4 shows as being installed in your logs, hence my point in that direction.
If a complete uninstall and then reinstall and/or update of Adobe doesn't clear up the problem, I really wouldn't know how to advise you further.
I am not sure how important VersionCue.dll is. If you are not using CS4, I don't know why that is being called?

Does C:\Program Files\common files\Adobe\Adobe Version Cue CS4\client 4.0.0\VersionCue.dll exist? Maybe there is an updated version?

I don't know - Though, I'm fairly certain your problem lies wholly with Adobe and not malware.

Cheers :)
PP

Appreciate your help, but how about giving someone else a shot?

Hi Brian,

I think happyrock is approaching this issue in much the same way I or the other regulars here would do so - these are kind of hard to ferret out.

I do believe this is a known issue with Adobe and that bloody VersionCue.dll.
Have a look here and see if replacing the .dll helps ---> http://forums.adobe.com/thread/419427

Best Luck :)
PP

I sent the following web address to StopSign because it explained my problem much better than I can:
http://social.answers.microsoft.com/Forums/en-US/xpsecurity/thread/41c1d91e-a661-4209-9641-7e352822fecb

Right - this is a well known issue. That link illuminates it well.

On May 1, StopSign contacted me again and requested that I do another ComboFix which I did and now I am waiting to hear back from StopSign. I am attaching the May 1 ComboFix log.txt to this post also in case it found part or most of the problem.

A few things ( and please bear in mind that this is solely my opinion ):
I am not particularly enamored with StopSign. You can do a lot better. Especially if you are going to spend money on protection (though there are free options that perform better than StopSign...).

Since you are dealing with them, it would be counterproductive for me to jump into the middle of the mess - too confusing.

-- It looks as though combofix has addressed the MBR issue. Likewise, the GMER scans are clean - I don't see anything there.
We'll see what the fresh run of combofix does (BTW - combofix should be run from Desktop), but I'd like to hold off while StopSign is advising you.

-- You have a number of security risks showing. Risky programs and legit items that need updating (Adobe Reader / Java / etc...).
Again, I'll wait until StopSign has spoken before jumping in.

Cheers :)
PP

Eventually I found a database which contains around 1000 virus names, however none of the virus names has the extension .exe . Is this extension neglected? Or does the virus have various filenames?

What you have listed are not viruses. Rather, they are Trojans.
These tend to come in "families" - different variations on a theme.

You will find multiple executables (and other file types) associated with the various families. Often, these files are randomly named (though their size and signature stay static) and can be hard to pin down.

But, to address your question - There are a number of good databases. Sunbelt is good. Also, there are a number of sites where you can obtain samples of malware for analysis - but, you'll need to establish your credentials before they allow you access to these files.

Best luck to you :)
PP

Any ideas? Thanks.

Please follow the steps in the linky below and post the requested scanlogs.
We'll have a look and go from there.

http://www.daniweb.com/forums/thread134865.html

Cheers :)
PP

okay... i am back in to town now sorry for the delay

i have a new issues.. i changed the administrator password to something my kids wouldn't figure out and not i cannot remember what it was.. any suggestions..?? *smacks head*

Well . . . There are a number of ways to address this (using legal and illegal software), but, since you should still have your Ubuntu Live CD, I suggest following the steps HERE.

Cheers :)
PP

hi guys just an observe reading and noticed this ,[Alright, I got them burned to ISO! Ready for the next step.]the not booting to cd could be caused because you didn't burn them correctly ,maybe you just copied the iso to the disk instead of using a iso burn software to correctly burn the iso to disk .
like this one .
http://www.freeisoburner.com/

That is an interesting point....
But, I discounted it due to the Windows Disk having the same problem.
Could be worth verifying with teeandee should they post back.

Cheers :)
PP

When tapping F12, it asks if I want to load the CD/DVD drive first. I choose that, and the same thing happens...black screen, blinking cursor, then it goes to the same "Windows didn't load properly" page. :(

It sounds to me as though there is a hardware / memory problem in play here.
Ubuntu should load and run in memory with no regard to Windows. Windows should not be loading at all.

At this point you may be better served by taking the machine to a local shop and having them test it. There is nothing we can do in a forum setting given the issues you are having.

Best Luck :)
PP

Im using Eset smart security now..

Why would you want to switch? ESET is a pretty solid Security Suite - I think it and Kaspersky are two of the better ones.
If you want a smaller footprint, try Avira. 'Course then you'll need to add firewall and malware protection that you should already have with ESET.......

Cheers :)
PP

Hey PP!

Okay, so sadly, it doesn't let me get to the Ubunto page. As it did with the windows restore disk, it very clearly reads the CD (the CD rom light flashes and it makes the noises that shows it's reading it), but all i get is a black screen with a blinking tab for about a minute, then it moves to the "Windows encountered an error" screen. I even tried it with the second ISO, but got the same result. Halp!

On reboot, tap F12.
Do you get the option to boot to CD? If so, do that and choose the first option to "try Ubuntu..." and see if it loads and if you can do the rest of my previous post.

PP:)

I updated a new spyware version and ran a check. It told me to disable some stuff and restart. When I restarted, it froze on "turning on gate A20". Any ideas?

That's is insufficient information with which to make a recommendation.

What is your OS?
What exactly did you update?
What did it tell you to disable and why?
Can you boot to Safe Mode? (tap F8 on boot)

Let us know.

PP:)

So, based on the screens I posted, what's the final verdict? System file?

There should be version info when you check the properties - that would give you the best answer as to what it belongs to.

If all the scanners employed by Jotti deem it clean, I wouldn't worry about it.
You could rename it REGPLIB.exe.old to keep it from running if you wanted and see if anything is adversely affected. If so, change it back.

But, based on Jotti, I think it's benign.

Cheers :)
PP

I'm not too worried about this one, as I seem to remember it being there for as long as I can remember. I'm just trying to be cautious as I've just come out the other end of a bout of very serious computer issues lasting several weeks.
Thanks for your help.

Happy to help - It is always good to err on the side of caution these days.
Sites such as Jotti are good for checking out those iffy files. I also like the Kaspersky Online scanner as a "backup" to a resident AV app, but I think it is still offline as they are upgrading it.....

Cheers :)
PP

According to the file properties, it was created on Saturday, April 3rd, 2010, the day I reinstalled my sound card, and was last modified back in 2001. A C drive search showed that it (regplib.exe) turned up in the System32 folder and in the Windows prefetch folder.

Sounds to me as though it is legit and SB related.
When you looked at properties, was there Version info? That would probably ease your mind.

If not, upload it here for analysis ---> http://virusscan.jotti.org/

Let us know what you find.

Cheers :)
PP

again, thnx

You're welcome :)

Many thanks for sticking with me on this...I sure didn't want to have to reload this guy. I suppose I should consider a mirror backup or something, any suggestions?

You're welcome :)

-- I don't actually use any imaging software. I just have a number of hard drives that I use back up stuff I can't afford to lose.
I know Acronis is a popular option. You may want to have a look at these options and see if anything appeals to you.

Cheers :)
PP

Here's a fresh run of combofix...

That looks good - apparently iaStor.sys was still the culprit but combofix was able to replace it.

I wonder if it got re-infected after you replaced it the first time or if there was a problem with the replacement...?

Anyhoo, how are things looking now?

PP:)

hello. I have the same problem with the desktop icons as This Thread --> helpscotty... could you be more speciffic about this: ,,Yes, do the Kelly's Korner link first. RightClick the link and save it. It should save as iedesktopshortcut.reg
Move it to the ill machine and DoubleClick on it and Allow it to merge into the registry. You may need to reboot to see results." thnx.

Just download iedesktopshortcut.reg and doubleclick it to run it and allow the merge.
It might not work depending on OS and whether you are infected with malware.

PP:)

i recently installed autorun eater on a laptop with usb security, and eset smart its now refusing to boot whats the matter?

Hard to say - could be a a number of things.

-- Are you able to boot to Safe Mode / Safe Mode with Networking? (tap F8 on boot)

PP:)

Kaspersky found a few files I cannot get rid of...including one rootkit

This one obviously is Avast quarantine - renamed with that .vir extension. You ought to be able to empty the quarantine /delete it with no problem.
C:\Program Files\Alwil Software\Avast4\DATA\moved\iaStor.sys.vir Infected: Rootkit.Win32.Tdss.ai 1

The others don't bother me - HP bundles that Weatherbug and it's merely mild adware.

Your MBR looks OK - I'm not seeing anything in the logs. 'Course, I might be missing something or this particular malware family has evolved yet again.

-- If you are still having issues, perhaps you could try a fresh run of Combofix. If you do that, delete your old copy and download a fresh one to the Desktop and run it from there.

PP:)

for atapi.sys: (it's reporting atapi512.sys but it downloaded atapi.sys)
Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.

Those all look good.
Though, previous scan results for atapi.sys are useless since it is normally a legit file and modifications are case by case. Make sure you scan your copy and get those results - though sometimes even this yields no flags on an infected file....

-- Did you run GMER and TDSSKiller again? Clean? Judging from what you posted, I would imagine that they would be.

Still being redirected? Maybe we can try flushing DNS....

PP:)

Once again I really appreciate you taking time to help me figure this out.

You're welcome!

I recommend keeping MBAM on hand and every week or two updating the definitions and running a scan.

Cheers :)
PP

Ok, so the KAS scan report. I really appreciate your help and I understand you have a life outside of the forum, so feel free to take your time.

Happy to help!

-- That log looks good.
You can manually delete the suspicious file or you could run ATF-Cleaner as directed in the linky below (steps 2&6):
http://www.daniweb.com/forums/thread134865.html

Other than that minor annoyance and if you are having no further problems . . . . I think you are good to go.

Cheers :)
PP

Any further suggestions on diagnostics would be welcome...and thanks again for your patience so far.

Well . .. we may need to backtrack a bit - I wonder if there are more infected files.

Let's cover a bunch of bases at once and see what shakes out:

1) Please download jpshortstuff's GooredFix.exe to your Desktop.
-- Make sure all browsers are Closed and then DoubleClick GooredFix.exe to run it.
A dialog box should pop up:
"GooredFix will automatically check for and remove infection. Click Yes to continue or No to exit."
-- Click Yes and allow the tool to run. It should go pretty quickly.
-- Look for GooredFix.txt on your Desktop and post that log for me.

2) Please download mbr.exe and place it in your C:\ Drive
-- Click START > RUN > type cmd ENTER
At the prompt, type or Copy and Paste: mbr -t > C:\Logit.txt
Let it run and please post the C:\Logit.txt

3) Please run a scan with the Kaspersky Online Scanner 7.0
* Note that you may need to temporarily disable your Anti-virus program for the duration of this scan.

-- Accept the agreement and allow the scanner to load and update its definitions. This may take a few minutes.
-- After the program files are downloaded and the anti-virus database is successfully updated, please select the Scan section in the left …

Here is an AVG log of a scan I just ran, I don't have anything from when it removed the trojans. Now what's interesting about this is that the files listed also froze MBA-M when I was running it. What am I supposed to do with them, though, since there is no option to remove them.

Just navigate to those and delete them manually.
I would imagine you could download those drivers from Dell again if you need to install them again.
No worries deleting them from the downloads folder....

Here's the MBA-M log, I have to look around for the AVG log. I'll change my Java aswell. I also deleted the save points in System Recovery, in case the virus was still in there. Should I run another Virus Scan with AVG to see if anyhting is still on there?

I would recommend running a scan with the Kaspersky Online Scanner 7.0 If you are able to do so.
* Note that you may need to temporarily disable your Anti-virus program for the duration of this scan.

-- Accept the agreement and allow the scanner to load and update its definitions. This may take a few minutes.
-- After the program files are downloaded and the anti-virus database is successfully updated, please select the Scan section in the left part of the main program window.
-- Click My Computer to begin a complete scan of your computer, including critical areas.

So after all that, MBA-M found some nasty stuff but still no internet and still freezes if I use the keyboard. I feel like I really blew it. I hope I posted this correctly.

At very quick glance, nothing jumps out at me from the log. Can you tell us what MBAM found and removed?

-- Do you have a flash drive handy?
-- Are you able to burn an ISO on an uninfected computer?

-- Do you know if you have any viable System Restore Points?
-- Are you able to boot to Safe Mode or Safe Mode with Networking? If so, does your keyboard work OK in Safe Mode?

I'll try to check back as time permits - we're a bit understaffed this at the moment and I'll be away from compy much of the weekend.

Cheers :)
PP

MBA-M fixed it! It was hijack that infected it. 4 files removed. Restarted it and AVG is turned back on, saying that it also removed two trojans.

Thank-you for your help!

Glad to hear it! I was hoping you'd be able to get MBAM to run as 64-bit Vista is difficult to work with.

-- Could you post me the logs from AVG and MBAM? Sometimes there are hidden components that do not get removed.
I did not see it in the DDS log.

-- You should update your Java. Use Add/Remove Programs to remove Java(TM) 6 Update 11 and any other old versions.
Then, please go to http://www.java.com/en/ to download and install the latest version of Java. This will help avoid malware such as Vundo that exploit Java.....

Cheers :)
PP

I honestly have no idea about computers so anything is helpful. I'm on a different computer at the moment, turned my laptop off. Afraid to turn it on again until something can actually be done about it.

Sounds like quite a mess!

-- Do you have a flash drive?
-- Are you able to run the MBA-M step in the linky below? What about DDS and posting that scanlog?

-- Do you have your Windows Vista disk?

http://www.daniweb.com/forums/thread134865.html

PP:)