Avast WEBforum
Other => Viruses and worms => Topic started by: Infected on June 05, 2011, 04:44:23 PM
-
Hi guys,
I am not expert but I think my computer is still ok just can't figure out how to make it look ok. Virus was removed (sorry I deleted all files from chest thought it would fix the problem) When I boot up my desktop is black and my start all programs is blank. If I open my computer all my stuff is still there. I did all the scans and everything is ok. How do I restore my settings?
Blank,
~RUTH~
Windows XP
Threat:
Win32: Alureon-ADW [Tri]
Win32: Alureon-AEF [Tri]
Win32: Olmarik-F [Tri]
-
Please do not run any temporary file cleaners until I say it is OK
Download Unhide.exe (http://download.bleepingcomputer.com/grinler/unhide.exe) to your desktop and run
THEN
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
NEXT
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
FINALLY
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
Thanks for the quick reply essex boy!
Here is the update.
1. Done - Unhide.exe - start menu has programs, desktop still black. Need a restart?
2. RogueKiller
RKreport.txt
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Ruthie [Admin rights]
Mode: Scan -- Date : 06/05/2011 12:54:15
Bad processes: 0
Registry Entries: 10
[SUSP PATH] HKCU\[...]\Run : OxDyPOOgxbNHvA (C:\Documents and Settings\All Users\Application Data\OxDyPOOgxbNHvA.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-73586283-1343024091-725345543-1003[...]\Run : OxDyPOOgxbNHvA (C:\Documents and Settings\All Users\Application Data\OxDyPOOgxbNHvA.exe) -> FOUND
[] HKLM\[...]\Root : () -> ACCESS DENIED
[] HKLM\[...]\Root : () -> ACCESS DENIED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
3. aswMBR.exe
Log aswMBR.txt
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-05 12:59:56
-----------------------------
12:59:56.031 OS Version: Windows 5.1.2600 Service Pack 2
12:59:56.031 Number of processors: 1 586 0x204
12:59:56.031 ComputerName: RUTH UserName:
12:59:56.265 Initialize success
13:00:16.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:00:16.359 Disk 0 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 38166MB BusType: 3
13:00:18.375 Disk 0 MBR read successfully
13:00:18.375 Disk 0 MBR scan
13:00:18.375 Disk 0 Windows XP default MBR code
13:00:20.390 Disk 0 scanning sectors +78140160
13:00:20.406 Disk 0 scanning C:\WINDOWS\system32\drivers
13:00:26.328 Service scanning
13:00:27.437 Disk 0 trace - called modules:
13:00:27.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:00:27.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8]
13:00:27.453 3 CLASSPNP.SYS[f857605b] -> nt!IofCallDriver -> \Device\0000005b[0x8238cf18]
13:00:27.468 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82385940]
13:00:27.468 Scan finished successfully
13:00:53.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ruthie\Desktop\MBR.dat"
13:00:53.203 The log file has been saved successfully to "C:\Documents and Settings\Ruthie\Desktop\aswMBR.txt"
4. OTS
See attached.
-
Ok prior to running the next two programmes - or when you can fit it in
Re-run RogueKiller and select option 2
-
RogueKiller #2 - Background has been restored, desktop icons are still missing.
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Ruthie [Admin rights]
Mode: Remove -- Date : 06/05/2011 13:18:02
Bad processes: 0
Registry Entries: 7
[SUSP PATH] HKCU\[...]\Run : OxDyPOOgxbNHvA (C:\Documents and Settings\All Users\Application Data\OxDyPOOgxbNHvA.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> REPLACED (0)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Ruthie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
-
Getting there ;D
Last run for RogueKiller - this time select option 6
Then we will remove the remaining nasties with aswMBR and OTS
-
6. RogueKiller option 6
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Ruthie [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/05/2011 13:33:28
Bad processes: 0
File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 20 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 79 / Fail 0
Backup: [FOUND] Success 183 / Fail 12
Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom1 -- 0x5 --> Skipped
[F:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
Then we will remove the remaining nasties with aswMBR and OTS
essexboy, aswMBR scan or fix?
-
Just scan please as I will need to see what is there. Your desktop, files etc.. should be back now and the main start elements of the malware are dead. So now it is time to hunt for the remainder
-
7. asqMBR scan - desktop icons still missing, reboot?
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-05 13:35:58
-----------------------------
13:35:58.656 OS Version: Windows 5.1.2600 Service Pack 2
13:35:58.656 Number of processors: 1 586 0x204
13:35:58.656 ComputerName: RUTH UserName:
13:35:58.828 Initialize success
13:39:30.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:39:30.531 Disk 0 Vendor: WDC_WD400BB-00DEA0 05.03E05 Size: 38166MB BusType: 3
13:39:32.546 Disk 0 MBR read successfully
13:39:32.546 Disk 0 MBR scan
13:39:32.546 Disk 0 Windows XP default MBR code
13:39:34.546 Disk 0 scanning sectors +78140160
13:39:34.578 Disk 0 scanning C:\WINDOWS\system32\drivers
13:39:39.859 Service scanning
13:39:40.937 Disk 0 trace - called modules:
13:39:40.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:39:40.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8]
13:39:40.953 3 CLASSPNP.SYS[f857605b] -> nt!IofCallDriver -> \Device\0000005b[0x8238cf18]
13:39:40.953 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82385940]
13:39:40.968 Scan finished successfully
13:39:50.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ruthie\Desktop\MBR.dat"
13:39:50.765 The log file has been saved successfully to "C:\Documents and Settings\Ruthie\Desktop\aswMBR-2.txt"
-
MBR clean ;D
No the reboot will be done with OTS
-
7. OTS scan, see attached.
-
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Cmaudio" -> [RunDll32 cmicnfg.cpl,CMICtrlWnd]
YN -> "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\AIM\aim.exe" -> [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger]
YN -> "C:\Program Files\Common Files\AOL\1156969393\ee\aim6.exe" -> [C:\Program Files\Common Files\AOL\1156969393\ee\aim6.exe:*:Enabled:AIM]
YN -> "C:\Program Files\Common Files\AOL\1156969393\ee\aolsoftware.exe" -> [C:\Program Files\Common Files\AOL\1156969393\ee\aolsoftware.exe:*:Disabled:AOL Services]
YN -> "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader]
YN -> "C:\Program Files\Gaim\gaim.exe" -> [C:\Program Files\Gaim\gaim.exe:*:Enabled:gaim]
YN -> "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger]
YN -> "C:\Program Files\Yahoo!\Messenger\YPager.exe" -> [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger]
YN -> "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server]
YN -> "E:\PortableApps\Xming\Xming.exe" -> [E:\PortableApps\Xming\Xming.exe:*:Enabled:Xming X Server]
[Files/Folders - Created Within 30 Days]
NY -> Windows XP Recovery -> C:\Documents and Settings\Ruthie\Start Menu\Programs\Windows XP Recovery
[Files/Folders - Modified Within 30 Days]
NY -> ~15916836r -> C:\Documents and Settings\All Users\Application Data\~15916836r
NY -> ~15916836 -> C:\Documents and Settings\All Users\Application Data\~15916836
NY -> Windows XP Recovery.lnk -> C:\Documents and Settings\Ruthie\Desktop\Windows XP Recovery.lnk
NY -> 15916836 -> C:\Documents and Settings\All Users\Application Data\15916836
[Files - No Company Name]
NY -> ~15916836r -> C:\Documents and Settings\All Users\Application Data\~15916836r
NY -> ~15916836 -> C:\Documents and Settings\All Users\Application Data\~15916836
NY -> Windows XP Recovery.lnk -> C:\Documents and Settings\Ruthie\Desktop\Windows XP Recovery.lnk
NY -> 15916836 -> C:\Documents and Settings\All Users\Application Data\15916836
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
-
8. OTS fix - ran, froze, icons have returned, no new txt was created.
Do you think it needs another scan?
Thanks for all your help!
~RUTH~
-
Yep if you could run a fresh scan after rebooting
When you scan please ensure all users is ticked
How is the computer behaving now ?
-
Computer is behaving accordingly. Any thoughts how it got infected or how to prevent future infections?
9. OTS scan, see attached.
-
Could you retry the OTS fix from the previous post please after running MBAM. Then run the computer for a while and when you are happy I will remove my tools and give some help on that aspect
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
I've basically got the same issue. Here's what I have done thus far. When this machine was brought to me there was no security software installed other than what was provided by Windows. The OS is Windows XP Ultimate. Booting into the primary user account resulted in numerous popups and one windows which states that problems have been detected and suggests that I scan using the tools in that window.
The laptop was basically unresponsive at that point. I downloaded MBAM, Avast Free the Comodo Firewall. I then performed the following....
1. Booted into Safe Mode.
2. Installed MBAM and ran a full scan. Over 300 infections were detected.
3. Removed infected items with MBAM and rebooted.
4. Booted into Safe Mode with Networking.
5. Updated MBAM and ran a second full scan. Over 60 infected items were detected.
6. Removed infected items with MBAM and rebooted.
7. Booted into Safe Mode with Networking.
8. Ran a full scan for the third time. No infected items detected.
9. Installed Avast Free, Comodo Firewall, scheduled a boot scan with Avast and rebooted.
10. Currently completing the boot scan.
I would welcome any assistance. If my issue is better served by opening a new thread, please say so.
-
Boot scan has now completed. 14 infections were detected and removed.
-
: ebozzz could you start your own topic please
-
: ebozzz could you start your own topic please
I did and you have already been a WORLD of help to me. At this point I am just waiting for any additional information that you might have to add and I will act on it after returning home...
-
I've got similar problem, I have deleted viruses found by Avast start-up scanner and still i've got task manager disabled and can't run regedit...
I have done all of the scans mentioned by essex boy and here are the results:
ROGUE KILLER
RogueKiller V5.2.5 [06/24/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 06/26/2011 14:41:33
Bad processes: 0
Registry Entries: 7
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
ASWBR
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-25 17:24:03
-----------------------------
17:24:03.609 OS Version: Windows 5.1.2600 Service Pack 3
17:24:03.609 Number of processors: 2 586 0x1C02
17:24:03.609 ComputerName: USER-B1CP97MA1D UserName: user
17:24:04.515 Initialize success
17:24:13.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
17:24:13.437 Disk 0 Vendor: WDC_WD1600AAJS-08WAA0 58.01D58 Size: 152627MB BusType: 3
17:24:15.515 Disk 0 MBR read successfully
17:24:15.515 Disk 0 MBR scan
17:24:15.515 Disk 0 Windows XP default MBR code
17:24:17.515 Disk 0 scanning sectors +312560640
17:24:17.546 Disk 0 scanning C:\WINDOWS\system32\drivers
17:24:24.828 Service scanning
17:24:25.906 Disk 0 trace - called modules:
17:24:25.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:24:25.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d89ab8]
17:24:25.906 3 CLASSPNP.SYS[f7508fd7] -> nt!IofCallDriver -> \Device\00000064[0x86da5d70]
17:24:25.906 5 ACPI.sys[f739f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x86d77940]
17:24:25.906 Scan finished successfully
17:37:55.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
17:37:55.625 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-26 14:41:58
-----------------------------
14:41:58.937 OS Version: Windows 5.1.2600 Service Pack 3
14:41:58.937 Number of processors: 2 586 0x1C02
14:41:58.937 ComputerName: USER-B1CP97MA1D UserName: user
14:41:59.562 Initialize success
14:42:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
14:42:19.703 Disk 0 Vendor: WDC_WD1600AAJS-08WAA0 58.01D58 Size: 152627MB BusType: 3
14:42:21.734 Disk 0 MBR read successfully
14:42:21.750 Disk 0 MBR scan
14:42:21.750 Disk 0 Windows XP default MBR code
14:42:23.750 Disk 0 scanning sectors +312560640
14:42:23.828 Disk 0 scanning C:\WINDOWS\system32\drivers
14:42:34.718 Service scanning
14:42:35.843 Disk 0 trace - called modules:
14:42:35.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:42:35.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d89ab8]
14:42:35.875 3 CLASSPNP.SYS[f7508fd7] -> nt!IofCallDriver -> \Device\00000064[0x86da5d70]
14:42:35.890 5 ACPI.sys[f739f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x86d77940]
14:42:35.890 Scan finished successfully
14:42:42.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
14:42:42.750 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
NEXT POST IS WITH OTS REPORT
-
OTS report
please download my OTS report from this link as it exceedds the maximum allowed length and max attachment size
https://rapidshare.com/files/1764686472/OTS.Txt
-
What are your current problems ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1547161642-796845957-725345543-1003] > -> HKEY_USERS\S-1-5-21-1547161642-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
[Files/Folders - Created Within 30 Days]
NY -> New Folder -> C:\Documents and Settings\user\My Documents\New Folder
[Files/Folders - Modified Within 30 Days]
NY -> ~temp.html -> C:\~temp.html
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
The main thing is that i am annoyed by disabled task manager and regedit and being unable to use system restore...
I am not sure if the virus or any other malware is still present and i cannot check my processes or shut some of them down...
I will try your code when i am near my problematic pc again. Thanks a lot in advance essexboy!!
-
This fix will reset task manager and regedit once done let me know if the problem persists
-
Here is the OTS log after applying fix:
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\S-1-5-21-1547161642-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1547161642-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\user\My Documents\New Folder folder moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\~temp.html moved successfully.
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 56466 bytes
User: LocalService
User: NetworkService
User: user
->Flash cache emptied: 19422 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 06262011_220817
Everything seems to be working fine now.
THANX A LOT FOR YOUR ASSISTANCE ON THIS MATTER essexboy, MUCH APPRECIATED!
-
No further problems ? Is so then run OTS and hit the cleanup button ;D
-
roger that! will do
tnx again mate :)