Hi Essexboy!
Great improvement! Icons on desktop (not all though). No net but improvements there too.
Sorry but I have to get back to some worldlier things, and then I’m going away till Sunday night.
I really would appreciate if you could assist me further when I get back.
Many Thanks for now and best wishes,
Klas
No problems - when you get back could you let me know what the problems are and run a fresh Farbar log for me
Hi again, I’m back.
And I stand to face some blame, or how you say.
I have for years used a selective start to speed things up, preventing seldom-used applications to auto-start. Having gone back to a complete start-up I now have Internet access and perhaps some more.
Enclosed the latest Farbar log (FSS[4]) (the numeration is mine).
Immediately on startup I now get the error message as in dump_120122_1.png. Which I just close down.
Some icons are still missing from the desktop.
From the start-meny (where also things are missing), choosing all programs, I mainly get an “empty” on cursor-over in the list.
(It’s not my language, I only use it - as Victor Borge said.)
Hope you have some more good ideas as we now have come on-line.
All the best,
Klas
OK lets see about getting the rest of the files back
Restore Accessories Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you’ve unzipped the tool, please double-click on it to run it.
Ensure that the following check boxes are checked (as seen in this image below):
Once they are, click on the Restore button.
Restore Admin Tools Program Files Menu
Please download this tool here.
You will need to unzip the tool first.
Once you’ve unzipped the tool, please double-click on it to run it.
Click on the Restore Administrative Tools Items button.
As seen in this image below:
This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings[i]your name[/i]\start menu
http://i1224.photobucket.com/albums/ee362/Essexboy3/XP%20restore%20shots/recoverxp1.gif
http://i1224.photobucket.com/albums/ee362/Essexboy3/XP%20restore%20shots/recoverxp2.gif
Hi,
The first one produced “76 Path not found”
The second "Run time error 2147024893 (80070003)
Method ‘~’ of object ‘~’ failed
Klas
Are they both on the desktop ?
Continue with the vbs file whilst I check this out
Yes they are.
And the vbs only produced some of the stuff that were installed on purchase.
Sorry to be such a bother.
Klas
In normal mode, if I try to switch users, there’s only one, me.
But if I boot secure, then I get to choose between myself and this karate-guy who is administrator.
Weird.
Klas
Hi
Any use for search result on stuff created on the fateful day?
Have more…
Klas
Before you came here did you run crappcleaner or the like - as that wiped out the backed up files that you had
Backup: [NOT FOUND]
Could you re-run OTL please and ensure all users is selected and I will have a look see
Hi
Haven’t run any cleaners, about back up I don’t know…
Enclose OTL (quick scan, no customs)
I can’t of course read such things, but still a little surprised of the lack of folders/files created on Jan 18, if you would compare with my two search-dumps earlier. The folder Administrator with sub folders and files were created in connection with the mayhem. Have seven more PNG:s with things created on that date.
Best regards,
Klas
The additional ones that you have found are probably the ones modified to set the hidden flag - which Roguekiller subsequently removed
Did you use IE or Firefox to download the reset programmes ?
Lets clear that popup now
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O4 - HKLM..\Run: [UIWWFDnoJEOaR.exe] C:\Documents and Settings\All Users\Application Data\UIWWFDnoJEOaR.exe File not found:Files
ipconfig /flushdns /c:Commands
[CREATERESTOREPOINT]
[Reboot]
Dear Essexboy,
You are the authoroty here, absolutely no question about that, and I may have done things I shouldn’t.
Still, just to clarify. I ran that search yesterday, searching for folders and files in C that were created on Jan 18, so it seem to me they are pretty much present. To persist, I enclose two more screens from the search and would be very grateful for another comment.
About the programmes, I used IE on my new computer and then moved them over in a stick. As Normal mode gave no or very little functionality, I used the Secure mode, logging in as Adminitrator, the user created by the Evil One. As I had no Net-connection the programme which wanted to look for an update didn’t get one.
Also yesterday Avast got hold of a Trojan and I thought it was a new attack, but apparently it was the bad guy which one of your programmes had quarantined last week.
I think I’ll sit still for a bit till you’ve had a chance to read this.
Yours,
Klas
Windows all in one repair was updated today to restore the menu items that malware deletes
Download the latest Windows Repair (all in one) from this site
I have highlighted the new bit … Run that repair and let me know if it has cured it… Also how is the computer behaving ?
Hi!
Win Repair suggested a malware scan before running it so I tried MBAM again and this time I could update their database before running a quick scan.
Enclose a dump of what was found.
I have only performed the scan and await your reply before I press any buttons.
Have not run the new W Repair.
All the best,
Klas
If the menu items are still not there then try W Repair
Hi!
Ran OTL with no visible result.
Enclose log. Incidentally, I ran a search for items created on Jan 18 and found over 300 on C.
Enclose popup. Is this a bona fide XP or a hoax message?
Best regards,
Klas
That usually indicates a memory problem
Are the folders still empty ?
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
[quote author=essexboy link=topic=92009.msg737550#msg737550 date=1328379735]
Are the folders still empty ?
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
/quote]
Oh,
Ran Combo Fix, told me “will take about 10 min, or longer if badly infected”
Then froze, time stopped, I waited for ten minutes.
Re-booted, but same again.
Could you do the following
Go Start>Run
Type in the following :
ComboFix /nombr