1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Can't Back-up, Restore, Password effected, Even mouse, keyboard

Discussion in 'Malware and Virus Removal Archive' started by BeverlyG, 2010/08/20.

Page 3 of 5
  1. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O33 - MountPoints2\{7f00b112-1166-11df-8eb2-00256401d0bb}\Shell\AutoRun\command - " " = Setup.exe
O33 - MountPoints2\{f15dad31-4e20-11df-ace7-00256401d0bb}\Shell - " " = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - " " = Setup.exe
O33 - MountPoints2\I\Shell\AutoRun\command - " " = Setup.exe
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #41
  2. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    I'm Baaaack!!

    I didn't see any "extra "s to uncheck... is that possible??
    Anyways see you after restart aye?
     
    BeverlyG,
    #42


  3. to hide this advert.

  4. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Where was it hiding?

    I just Un-installed the Yahoo toolbar that I did NOT see notice of even though I was looking diligently for it!!
     
    BeverlyG,
    #43
  5. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    No Java Icon in Control Panel

    It goes Alphabetically from iSCSI Initiator to Keyboard.
    It is in my addoms though, as was the Yahoo toolbar...
     
    BeverlyG,
    #44
  6. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Spybot warning

    Category:Disable Command "
    Change:Value Added
    Entry:DisableCMD
     
    BeverlyG,
    #45
  7. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Why are my Upper Case "D "s smiling?
     
    BeverlyG,
    #46
  8. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Hmmm....

    You there?
    Why are my upper case "D "s smiling?
    and Why can't I use the "Quick reply" here? It stops everytime!
    Feeling pretty ditzy here! Sorry! Overtired.
    I'll probably be asleep soon! Hope you had a Great time! What did you go see?
     
    Last edited: 2010/08/22
    BeverlyG,
    #47
  9. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ehhh.... "Piranha 3D "....lousy movie.

    Go ahead with other steps from my reply #41.
     
    broni,
    #48
  10. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Old Timers not responding

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    A notepad note popped up when I tried to close and restart it..
     
    BeverlyG,
    #49
  11. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No, I need a whole log, not a part of it.
     
    broni,
    #50
  12. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    That was the whole thing.

    It is responding, then Not Responding and going super funky small and won't restore. I'm just going to wait .... right?

    Okay now it's done, wants to reboot.
    I don't see a log.
     
    Last edited: 2010/08/22
    BeverlyG,
    #51
  13. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, at what stage are you now?
    Before restart, or after restart?
     
    broni,
    #52
  14. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    B-4

    Was waiting on your advice

    (am still!)

    So I should take it that I should go ahead,
    (No Log.....???)

    I'm Fading fast here.... eye cosing...
     
    Last edited: 2010/08/22
    BeverlyG,
    #53
  15. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Restart computer manually and try to run my script again.
     
    broni,
    #54
  16. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Okay,.. "my Script" =??

    Run the program with the previous script copied and pasted in again???
     
    BeverlyG,
    #55
  17. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, my reply #41
     
    broni,
    #56
  18. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    This is what popped up on restart

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    File move failed. C:\Users\beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk scheduled to be moved on reboot.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cozi\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}\ not found.
    File {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
    File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ not found.
    File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f00b112-1166-11df-8eb2-00256401d0bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f00b112-1166-11df-8eb2-00256401d0bb}\ not found.
    File Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f15dad31-4e20-11df-ace7-00256401d0bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f15dad31-4e20-11df-ace7-00256401d0bb}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
    File Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
    File Setup.exe not found.
    Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: beverly
    ->Temp folder emptied: 34716115 bytes
    ->Temporary Internet Files folder emptied: 654041551 bytes
    ->Java cache emptied: 36678194 bytes
    ->FireFox cache emptied: 39488726 bytes
    ->Flash cache emptied: 70937 bytes

    User: computer
    ->Temp folder emptied: 435285 bytes
    ->Temporary Internet Files folder emptied: 15109262 bytes
    ->Java cache emptied: 12125862 bytes
    ->Flash cache emptied: 6567 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: RA Media Server
    ->Temp folder emptied: 12048411 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 35199069 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 5800258 bytes

    Total Files Cleaned = 807.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: beverly
    ->Flash cache emptied: 0 bytes

    User: computer
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: RA Media Server

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08222010_234524

    Files\Folders moved on Reboot...
    File\Folder C:\Users\beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk not found!
    File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
    C:\Users\beverly\AppData\Local\Mozilla\Firefox\Profiles\lofc3lzy.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\beverly\AppData\Local\Mozilla\Firefox\Profiles\lofc3lzy.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\beverly\AppData\Local\Mozilla\Firefox\Profiles\lofc3lzy.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\beverly\AppData\Local\Mozilla\Firefox\Profiles\lofc3lzy.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\beverly\AppData\Local\Mozilla\Firefox\Profiles\lofc3lzy.default\urlclassifier3.sqlite moved successfully.

    Registry entries deleted on Reboot...
     
    BeverlyG,
    #57
  19. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    Proceed with next steps from my reply #41.
     
    broni,
    #58
  20. 2010/08/22
    BeverlyG

    BeverlyG Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    64
    Likes Received:
    0
    Check up notepad

    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    AVG Free 9.0
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Eusing Free Registry Cleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    BeverlyG,
    #59
  21. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    When Kaspersky comes out clean, we have to remember to install Service Pack 2 for your Vista.
    Is there any particular reason, why no service pack has been installed?

    How is computer doing at the moment?

    Make sure, you turn Windows firewall ON right away.
     
    broni,
    #60
Page 3 of 5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...