Computer Hope
Software => Computer viruses and spyware => Topic started by: Jhavey on December 27, 2009, 06:23:51 PM
-
Hello,
Sorry for not following the directions posted her fully as I had been working on removing the trojan on my own for many hours prior to finding the help this site offered. I only read the directions after registering and by then I had already run combofix.
History: I was infected several days ago with a trojan. After many hours of running Malwarebytes, SuperAntispyware and Avast, along with editing the registry, and reinstalling drivers I got the system at least usable again. All three programs showed the computer as clean.
When I then connected to the internet I went to update Malwarebytes and the trojan broke loose again.
It appeared as Trojan.Vundo.
It now stopped Malwarebytes from loading and got the error 707. At this point I found this forum and read about the fix offered to someone with that problem.
I ran combofix and it then allowed me to reload the latest Malwarebytes and I ran that.
At this point I fell as though things are greatly improved but am hoping for some expert advice with regards to my combofix log. I would like to be as sure as I can that the trojan is completely gone. I will post the log below in hopes that someone here can please advice me further.
Once again I appologize for attempting the fix prior to contacting this forum but I was unaware of protocol at that point.
I have read all the instructions and made my best attempt to follow them.
All three logs attached.
At this point my biggest concern is inability to start ICS (windows firewall).
Any help would be greatly appreciated.
[Saving space, attachment deleted by admin]
-
I wanted to add the fact that I am unable to turn on the windows firewall. When I try it says ICS cannot start.
I have fought this infection for so many hours now that I had almost given up and was ready to reinstall windows but I just did not want to give in to this nasty.
I was encouraged by people on this forum were able to do for others with similar infections so I gave it another try. Combofix seemed to do the best work after having tried many others.
Up to the point of running Combofix I was unable to run in safe mode and it seems to have repaired that as I can now run it.
I do not know how to interpret the comfix log and so am hoping for some help there if anyone is willing.
I want to be as sure as I can that I am clean again. Since this thing has fought me for so many hours I still do not have a real good feeling.
I try to keep the computer off the internet until I feel it is safe. I am posting from another computer in the mean time.
I was so encouraged by a person with a similar problem when he stated that their computer is now running better that ever after he got assistance here.
-
Hello jhavey and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
There is evidence of McAfee anti-virus and scanning tools left on your comuter. This will get rid of them
Download the McAfee Consumer Product Removal Tool (http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html) to your Desktop.
Using McAfee Consumer Product Removal tool:
* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.
Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Karen\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: Helcdw5x - Creative Technology Ltd - (no file)
O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - E:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
-
Hello SuperDave,
Thank you for your response.
I will follow your instructions when I am back home this evening.
As you can see my Windows Firewall cannot start. I had tried several options I found posted on malware sites and was unable to start it.
Would you recommend purchasing a firewall such as ZoneAlert rather than any further attempts to restart windows firewall?
Thanks for your assistance
-
Hello jhavey, the Windows Firewall doesn't offer very good protection. See below.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
-
Hi SuperDave,
I followed your instructions.
The only problem I encountered was cleaning up McAfee. The program hung about 7/8 of the way through the cleanup. At a point called " Removing product Vs". I had to cold boot to recover.
Now any time I try to run that removal program again it says" Cleanup failed" "Cleanup is already running"
I am attaching my new hijack log after doing all you instructed me to.
I installed the Comodo firewall.
I will now attempt to reconnect to the internet and keep my fingers crossed.
Thank goodness for considerate people such as yourself.
Many thanks!
[Saving space, attachment deleted by admin]
-
Download the MBR Rootkit Detector (http://www2.gmer.net/mbr/mbr.exe) to your desktop.
* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.
-
Hello SuperDave,
Ran the program you directed and am posting the log.
I am just getting familiar with Comodo firewall and not sure I allowed this new program permission correctly as the log file does not seem to contain much?
Please let me know how things look or if I did not run the MBR correctly.
Thanks
I am a little confused now. I just ran SAS to see what it thought at this point and it said it found 1 Trojan.Downloader-Gen\suspicious
When I went to remove it it said it was removing MBR.exe?
Update:
Read lots about MBR.exe . Tried elevated command mode and that did not work.
Booted to safe mode and ran MBR.exe and it ran fine there.
Posting its results now.
Hopefully this means I am clean?
Update2:
Ran boot time scan with Avast and it says it found a tojan in
c:\System VolumeInformation\-restore{B37680B2-BA0A-4E5D-BF30-83E44C5886243\RP1645\A0562830.dll
is infected by Win32:jifas-CJ [trj]
I moved that to the chest and will run SAS and Malwarebytes afterward, then rerun AVAST boot scan again.
Am I being reinfected over and over again?
[Saving space, attachment deleted by admin]
-
Am I being reinfected over and over again?
System Volume information is your System Restore. Infections like to hide here and when you do a System Restore, you re-infect yourself again. We will be dealing with this soon. I would like you to run this scan.
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
Hi SD,
I will follow your instructions.
In the mean time I also ran SAS again and it found
C:\recycler\s-1-5-21=109 ...... dc14.exe
Just wanted to mention this before I ran your directions.
Thanks so much for your help and Happy New Year to you!
Since downloading ESET things are now worse than when I first started this whole deal.
Nothing will run now and it says I do not have permissions to even restart the computer.
I am attempting saffe mode now. Looks like it will run here.
Looks like it needs the internet? I was trying to avoids that but will enable the internet.
I need to stop for now. Will attempt tomorrow.
Thanks for your help and Cheers!
Update:
As mentioned things have gotten way bad now. Worse than ever.
None of the startup programs load. Every program I try to start states:
"windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.
What now???
Does this virus "know" it was under attach and thus decide to shut me down?
I really need you input now as I do not appear to be able to do anything at all.
Update2:
I found that if I use the "run as" command and pick an alternate user it let me try to run ESET but this program wants to download from the internet and seems to hang on this step?
I am now able to run SAS via this alternate user permission so I am running that and will attempt ESET once again afterwards.
Also wanted to add the fact that I have not done any "system restores" since a week ago.
update 3:
unable to run ESET since cannot connect to the internet
start menu does not load and Comodo is not running
Got it to run in safe mode but it said it was not running correctly
when I went to the start - run window it already was populated with " firewall.cpl" ??
Seems as though there is nothing I can do now without further instruction.
Was able to run this log
Was able to connect to internet via safemode and run ESET. It fails to get update and asks if proxy is configured?
[Saving space, attachment deleted by admin]
-
SD,
I am feeling like I may be at the end of my rope?
Any other suggestions before I give it a safe distance and NUKEIT?
-
I'm sorry that I haven't been able to get back to you sooner. I'm trying to handle all the posts on this board by myself and I'm still in-training. I'm sure that when my mentor gets back he will be able to fix you up. Please just hold tight for a little while.
-
Hi SD,
Thanks for the response. I would like to beat this thing without having to re-install windows. That has been my goal for over a week now. At some point I may need to decide to back off an re-install so I will be anxious to hear from your mentor before hand.
Who is it that I might hope to hear from soon?
I understand that you have been very busy and that you volunteer your time.Thank you very much for your efforts.
-
I just had a message from Evilfantasy and he's going to start working on some clean-up. I put your case at the top of the list.
-
Hello Jhavey.
Your version of MBAM is out of date.
Open Malwarebytes' Anti-Malware.
* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
----------
Also give me a brief description of what the computer is doing now.
.
-
Hello Evilfantasy,
Thanks for taking on my case.
I am only able to connect with the internent in safe mode. I am unsure if my inability to update is the virus or what.
When I do as request it states"
Contact Malwarebytes with ewrror coder 732 (12029,0).
When I first got this issue I was unable to update Malwarebytes.
When I updated it said they would not run without the latest version.
I had to download the latest version which I did. This was bout 10 days ago and so as far as I knew it was up to date at time but perhaps I only got a new version and not the latest updates?
Do not seem to be able to update now?
Went direct to site and downloaded ver 1.43 (is this the same as updates?)
I ma running 1.43 now.
Ver 1.43 shows now infections, just as the previous version did?
Is the version different from being up to date? I do not seem to be able to update ?
-
Can you use Safe Mode With Networking?
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I can run safemode with networking.
Erased existing combofix.exe and downloaded new.
Will not install. With browswer closed it runs its small initial task bar and gets to all blue then nothing ...
Tried several times.
update:
Renamed combofix.exe to another name and this allowed it to run. It stopped installing saying AVAST was running and to stop avast first.
My start task window has been hidden by the virus and I could not find AVAST running so I told it to continue anyways.
What should I look for in the task manager window for avast?
Posted log. I know it says Avast is running and Comodo also. I need to know how to turn these off since my start tast window is no longer working. What should I disable in task manger?
When I opened Avast it said it was disabled?
No apparent change in computer operation.
[Saving space, attachment deleted by admin]
-
Try not to restart the computer until one of the tools we use does it for you or tells you to.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the next one.
Vista and Windows 7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
* Rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
* Rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
* Rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Download and run exeHelper
* Please download exeHelper from Raktor (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
----------
Now try ComboFix again.
-
Ran ok it seems here is the log and I will now attempt Combofix.
Can you please tell me what processes to stop in task manager that correspond with AVast and Comodo?
As I said my lower right hand task bar (start ups) does not show and so I cannot see avast or Comodo to stop them there.
Tried to run Combofix and once again it says Avast is running. When I open avast it says it is disabled.
How can I shut it down, and also Comodo if I need to?
Running Combofix now but not sure if it will be the log you want with Avast running?
update:
Combo ran until the Preparing the log step and then hung up. Waited > 20 minutes then terminated.
Boot up to normal mode and nothing has changed. Still have no permissions to run programs and no strat task bar loaded.
[Saving space, attachment deleted by admin]
-
Try ComboFix again. Don't worry about the Avast warnings.
-
Came home from work at lunch in order to run combofix again.
It runs for about 10 minutes and in that time it does > 50 steps printed to screen.
It then goes into " Preparing log report. Do not run any other programs until combofix has finished."
I would expect that report generation to complete rather quickly. Do not know how long to wait.
I gave it 20 minutes, (total run time of 30 minutes). and it did not complete?
Should I have waited longer? I was pretty sure when I ran it days ago (when it ran OK) that it completed much quicker than this?
At this point if I try to run task manager it will not run so I think computer is hung to some extent.
Ran once again in safe mode with networking on and it finished ok. Does this program require networking?
Log attached.
[Saving space, attachment deleted by admin]
-
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
Cl90udccd
Helcdw5x
jswmidin
File::
c:\docume~1\KARENH~1\LOCALS~1\Temp\jswmidin.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Yeah, you guys are malware gurus, lol. This site is a joke. If you want real help OP go to <<link removed>>
-
Yeah, you guys are malware gurus, lol. This site is a joke. If you want real help OP go to <<link removed>>
Get a life. You don't like it here, leave.
-
Did as requested and seemed to go ok.
The computer rebooted itself and when I returned it was in the normal run mode.
There was no combofix.txt log and the computer ran same as previously - with no permisssions and no run task bar.
I rebooted to safe mode with networking and combofix started running automatically by itself at the creating a log stage. It completed and logs attached.
[Saving space, attachment deleted by admin]
-
Suspicious file scan
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and logs posted for each one)
* Copy the file path in the below Code box:
c:\windows\SYSTEM32\DRIVERS\usbmm1x1.sys* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
-
http://virusscan.jotti.org/en/scanresult/a78faebc4b257a7744602e64e33143cdc8ed3940
Nothing found in all 20 scans.
of further interest:
http://www.threatexpert.com/files/usbmm1x1.sys.html
-
I have mentioned a few times how my start task bar no longer shows - ever since attempting to run ESET. I see the more proper name might be the notification bar in the lower right hand corner that shows the start up processes.
Can we at least fix this? It bothers me that I cannot see the AVAST icons and Combofix says it is running along with Comodo? Yet when I open the AVAST program it says it is disabled?
I would feel a little better if I could see the start task icons. Are they simply hidden or is the trojan actively disabling this feature?
-
Run this tool please then restart the computer. http://sourceforge.net/projects/viruseffectremo/
Then post the logs from OTL.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy and pate the contents of these files, one at a time, into your next reply.
Note: You may need two or more posts to fit them all in.
-
Cannot run Viruseffect remover:
" says system administrator has set polices to prevent its installation"
-
Try OTL please.
-
Sorry about that. It is hard to know if one program is dependent upon the first running successfully. I will assume they are independent in the future unless stated otherwise.
Logs attached:
[Saving space, attachment deleted by admin]
-
It is hard to know if one program is dependent upon the first running successfully.
They usually are but if one won't run then we're forced to try the next. ;)
Good news. I don't see anything wrong.
Bad news. I don't see anything wrong....
Try Dial-a-fix.
Download Dial-a-Fix (http://majorgeeks.com/Dial-a-fix_d4899.html) by djlizard, save it to the desktop then extract it to it's own folder.
- Open the folder and run Dial-a-fix.exe
- 2 windows will open. Close the one in the background labeled Restrictive Policies
- Check the box in section 1, Empty temp folders.
- Check the box in section 2, Fix Windows Installer.
- Check the box in section 3, Fix Windows Update.
- Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
- Check all boxes in section 5, labeled Registration Center.
- Click Go
- OK any error messages if received, but write them down and post them here.
- Restart the computer when done.
.
How is the computer now?
-
During install it Stated "Installer unable to determine your version of Internet explorer, some DLL registrations will be skipped" I ran it anyways.
received Multiple error messages #127: for the following files:
iesetup.dll
imgutil.dll
inserg.dll
pngfild.dll
webcheck.dll
inshtml.dll
msrating.dll
occache.dll
After reboot to normal windows mode still no permissions to run programs or startup notifications bar.
Nothing changed that can be detected.
-
I ran Avast boot time scan this morning and it showed no infections.
Ever since post reply #9 where I attempted to run ESET I have had the issue with the lack permissions and the missing start up notifications bar.
In post replay #28 I asked you if we could address this and you did not respond but instead had me run another program.
I ASK NOW ....
Is it possible that we have cleaned the machine in this process and what is left is some configurations that got screwed up in the process?
Can we now directly address why I am not getting permissions in the normal run mode and why the start up notification bar is missing?
or do you still feel we need to run more checks for infections?
-
I have searched on my own attempting to fix the configurations but I have had no luck. Any suggestions before I NUKEIT ?
-
Do you have an XP CD?
If so, place it in your CD ROM drive and follow the instructions below:- Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
-
Thanks for sticking with me.
Not sure I understood the proper procedure for running it. It never wanted to go to the CD drive for the file.
I tried as you said and it did not run. Did open a window but then hangs, no progress bar indicator. Tried this multiple times.
I read up on this SFC and found where it should be located. "D" is my CD drive.
I then tried d:\i386\sfc \scannow and that did not work. Guess cause file there is marked as SFC.EX_
I then found that I have two copies of this file on my c drive. One in c:\i386\ and another in c:\windows\system32\
When I point a full path the c:\386 version a window opens too quick to read and closes again.
I checked in the registry and the CurrentVersion\setup is pointed to C\... and not the D drive.
Any other suggestions?
-
It should be run with the C drive.
Post a fresh HijackThis log please.
-
So you directed me to insert the CD just in case the SFC.exe file was not present on the C drive then?
I am attaching a new hijack log.
[Saving space, attachment deleted by admin]
-
I have not been overly impressed with the help I received here. Realizing that you offer help on your own time and for free I do want to Thank you for trying.
I am Nukin it now!
-
There is only so much we can do...