Great! It is telling me the disc is not writable. Let me see what else I have.
All that just to discover that this computer does not have a CD!!! I went back into Bios and tried again to change the settings to USB boot. THought it was working because it booted differently and looked like it was reading the USB but I am not getting what you said to watch for. First I got a request of Keyboard language, I chose English. Now I have a window that says System Recovery Options Choose a recovery tool Operating system: Windows 7 on (D) Local Disk
Startup Repair
System Restore
System Image Recovery
Windows Memory Diagnostic
Command Promt
Then I have the choice of Shut Down or Restart
I am fixing to have to leave the house and will just plug her computer in and leave it sitting. I hope that will be ok.
OK you are in the right place now … You need to select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
This is the response I get “G:\frst64.exe is not recognied as an internal or external command, operable program or batch file.”
I popped the drive into my laptop to see what files are on it and this is what it shows in folder form
“boot”
“sources”
“bootmgr”
“FRST
Farbar”
I must have something not quite right. I tried the flash drive in all three of her USB ports, and for some reason when I put it int he last one it brought up the command prompt window 3 more times.
Hi call me a numpty I mistyped … Sorry it should be
G:\frst.exe
Glad I am not the only one that mistypes! Now it is saying that this version of Farbar Recovery Scan Tool is 6 days old and do I want to download the latest version. I don’t need to do that do I?
No continue as the basic data is what I am after
Had to do as an attachment the file was to long.
Download the attached fixlist.txt to the same USB as FRST
Run FRST and press FIX
On completion reboot to normal windows
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
To reboot in normal windows mode, do I need to go into bios? On restart it is bringing up the System Recovery Options Window again.
Well, I got OTL downloaded and managed to start the scan before I saw that I needed to type some stuff into custom scan. Will have to let this finish and start the scan again. Sorry!
Not a problem … We will now just need to do the tidying up
I forgot to say that in the OTL the 64 bit option does not show up, so it is running without it. It appears that her Norton “BLAH” has expired and I have permission to download Avast and Malwarebytes. She is using IE and I will be suggesting Mozella to her as I feel that it is safer.
OTL document is attached.
OK we will now remove some garbage, replace the services file which is infected and carry out some repairs. The desktop wall paper will need to be replaced as it is a Funweb one …not good
Once that is done I will then prepare the system for Avast ;D
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
SRV - [2012/03/06 20:15:31 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt790CJUS&ptnrS=ZNxpt790CJUS&si=120088&ptb=1OXQxGZHniXMAvyVDAN2ow&ind=2012030621&n=77ed269d&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt790CJUS&ptnrS=ZNxpt790CJUS&si=120088&ptb=1OXQxGZHniXMAvyVDAN2ow&ind=2012030621&n=77ed269d&psa=&st=sb&searchfor={searchTerms}
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/03/06 20:15:51 | 000,000,000 | ---D | M]
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000..\Run: [PopularScreensaversWallpaper] C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (FunWebProducts.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O24 - Desktop WallPaper: C:\Users\leon\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
[2012/12/18 14:04:38 | 000,184,832 | ---- | C] () -- C:\Users\leon\AppData\Roaming\ldr.mcb
:Files
C:\Program Files\MyWebSearch
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
FINALLY
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
I will have to change her download settings to install to desktop. I thought I could do that but when I go in to the downloads settings on internet explorer I do not see Desktop. What should I do. I did have to restart again, the “touch pad” has locked up on me twice. Also when I try to go online I keep getting Do you want to allow the following program to make changes to this computer? Java SE Runtime Environment 7 Update 9 Publisher Oracle America. For now I am choosing No but am afraid I may be wrong in doing so.
OTL Report attached will do the others once I figure out how to save to Desktop.
When you click the links a small bar should appear at the bottom of IE
Click the arrow next to save and you will be given the option to choose where to save it
Still don’t see Desktop, I have as my choices "Computer, Local Disk C, Then different files and folders.
Select computer and that should open up to show the desktop
It opened up and is showing Local Disk C, Recovery D, HP Tools E.
Sheesh typical ;D save it to the root c drive and then copy to the desktop please