My daughter asked me to take a look at her Gateway laptop yesterday and when I saw the "Windows Vista Recovery" window after booting, I suspected it was malware but have been a little surprised at its resiliency. I've been to the Windows Vista Recovery self-help page located at http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery and that page ultimately led me here. I cannot launch any programs (or even see them) by clicking on an icon or file in Windows on her system in either standard or safe modes. The system comes up with a blank desktop except for Internet Explorer and I've not bothered testing that. I *can* get to a command prompt and was able to run rkill as well as tdsskiller. Tdsskiller acted initially as if it had done something useful but all indications from a usage standpoint tell me it wasn't enough. I was also able to run rkill and each time it runs, the report is blank in terms of naming what it says was stopped (if anything). It's worth noting that while rkill doesn't effectively report names of programs or processes halted, it DOES manage to make the otherwise unstoppable "Windows Vista Recovery" window go away.
I can get Windows Explorer to launch but it's not permitted by the beasties to show me any folders or files -- which was what sent me to the command line. I've been using a Knoppix Live-CD to do actual file transfers with a USB stick so I could load and run defogger.exe, dds.scr and gmer.exe. I'm posting this from my own PC while the laptop rests between bouts.
It's also worth noting that I was able yesterday to install MalwareBytes but have NOT been able to get it updated as all such attempts are promptly shut down by the malware. It will run and scan but reports not having found a problem.
Per the instructions on this page -> http://www.bleepingcomputer.com/forums/topic34773.html, I'm attaching the logs from dds.scr and gmer.exe.
Any guidance will be most appreciated ...