rredbird Posted June 21, 2011 An optical drive is a CD or CD/DVD drive. Given that the laptop has no recovery partition, or an optical drive, then your only practical options are to bring it in to a shop, or continue with Rise's instructions. If you do the latter, I suggest you disable System Restore before proceeding. oh ...no to doesn't have cd/dvd drive ...since I cannot access system restore don't know if it is disabled or not ..just know I have no access it says to contact domain administrator ..well I guess see what Rise thinks ty Seth Share this post Link to post Share on other sites
rise Posted June 21, 2011 Hi, Boot in normal mode, and make sure to update Malwarebytes' and SUPERAntiSpyware, and run a quick scan with both and copy logs Next uninstall AVG and download avast! free http://www.avast.com/en-eu/free-antivirus-download update avast and run a boot scan See here how to run a boot scan: http://www.schmahl.net/avastbootscan.php edit: And also Run scan with OTL in normal mode Open OTL Under the Extra Registry select Use SafeList Now click Run Scan When scan is finished copy OTL.txt and Extras.txt Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Hi, Boot in normal mode, and make sure to update Malwarebytes' and SUPERAntiSpyware, and run a quick scan with both and copy logs Next uninstall AVG and download avast! free http://www.avast.com/en-eu/free-antivirus-download update avast and run a boot scan See here how to run a boot scan: http://www.schmahl.net/avastbootscan.php edit: And also Run scan with OTL in normal mode Open OTL Under the Extra Registry select Use SafeList Now click Run Scan When scan is finished copy OTL.txt and Extras.txt ran mbam and sas scans I didnt take any action just ran scans cause I didnt know if you wanted me to do anything but run scan please advise if you want me to take any action will proceed with other steps:logs attached mbam-log-2011-06-21 (11-37-06a).txt SUPERAntiSpyware Scan Log - 06-21-2011 - 12-23-37.zip Share this post Link to post Share on other sites
rise Posted June 21, 2011 download and run this: https://www.superantispyware.com/downloads/SAS_FixEXEfile.com rescan with MBAM and SAS and remove everything they found Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Yes, rescan and remove them ok will do Share this post Link to post Share on other sites
rise Posted June 21, 2011 ok will do Hi I have edited my post so please firs run SASFixEXE: https://www.superantispyware.com/downloads/SAS_FixEXEfile.com then rescan and remove those Share this post Link to post Share on other sites
rredbird Posted June 21, 2011 Hi I have edited my post so please firs run SASFixEXE: https://www.superantispyware.com/downloads/SAS_FixEXEfile.com then rescan and remove those ran the sasfixexe. then ran scans again enclosed are first scans after sasfix.exe then I ran scans again on both mbam and sas neither of them found any threats..so for after fix I can again assess program files instead of going through what I was before...ok which step do you want me to take next remove Avg or run OTL first and the installing of avast ..just not sure which one to do first.. mbam-log-2011-06-21 (13-33-17)b.txt SUPERAntiSpyware Scan Log - 06-21-2011 - 14-11-16b.zip Share this post Link to post Share on other sites
rise Posted June 21, 2011 Hi, first uninstall AVG and install avast! free Next, to speed a boot scan we will remove some junk, temporary files with TFC Download TFC to your Desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished if necessary it will reboot your machine, Then run a boot scan with avast Next run a OTL scan Thanks. Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 Hi, first uninstall AVG and install avast! free Next, to speed a boot scan we will remove some junk, temporary files with TFC Download TFC to your Desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished if necessary it will reboot your machine, Then run a boot scan with avast Next run a OTL scan Thanks. boot scan with avast attached Otl scan attached aswBoot(avastboot).txt Extras1.zip OTL1.zip Share this post Link to post Share on other sites
rise Posted June 22, 2011 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-867624957-1142715932-3990699764-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-867624957-1142715932-3990699764-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found [2011/05/23 19:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281 [2011/06/21 08:22:47 | 000,011,142 | -HS- | M] () -- C:\Documents and Settings\freedie\Local Settings\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 [2011/06/21 08:22:47 | 000,011,142 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 :Files ipconfig /flushdns /c :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 :Commands [Purity] [EmptyFlash] [EmptyTemp] [CreateRestorePoint] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Copy log you get How is the machine running? Any issues? Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 How is the machine running? Any issues? its a little slow to finish booting up on start up...windows firewall is off you can turn it on though windows update is off as well ..but we can talk about firewalls and what do to do about them and their proper setting later ..will run fix first....did I do the right thing when running the boot scan...by choosing it to put infections found in chest? Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 its a little slow to finish booting up on start up...windows firewall is off you can turn it on though windows update is off as well ..but we can talk about firewalls and what do to do about them and their proper setting later ..will run fix first....did I do the right thing when running the boot scan...by choosing it to put infections found in chest? Otl log after fix attached sorry I didn't read again I think you wanted a copy and paste instead So Editing post All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully. Registry value HKEY_USERS\S-1-5-21-867624957-1142715932-3990699764-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-867624957-1142715932-3990699764-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully. File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found. Folder C:\Documents and Settings\All Users\Application Data\cO28281EhPhI28281\ not found. C:\Documents and Settings\freedie\Local Settings\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 moved successfully. C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\freedie\My Documents\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\freedie\My Documents\Downloads\cmd.txt deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\\"DisableSR" | 0 /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: freedie ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes User: ricardo Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: freedie ->Temp folder emptied: 3595985 bytes ->Temporary Internet Files folder emptied: 359581 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45087948 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ricardo %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 47.00 mb Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.24.1 log created on 06222011_074448 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found! Registry entries deleted on Reboot... OTLFIXLOG.zip Share this post Link to post Share on other sites
rise Posted June 22, 2011 did I do the right thing when running the boot scan...by choosing it to put infections found in chest? Yes Do you/did you have anything installed from PC tools? I see some leftovers from it After running the last fix are you able to turn firewall and win. updates? Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 Yes Do you/did you have anything installed from PC tools? I see some leftovers from it After running the last fix are you able to turn firewall and win. updates? not that I was aware of ran that remover you asked me to the last time and taught the was all removed..? What PC tools are you seeing that is leftover? I can turn on the firewall but not the windows update it will not turn on.. i ran you another otl scan to look at if it will help attached Extras2.zip OTL2.zip Share this post Link to post Share on other sites
rise Posted June 22, 2011 Please uninstall this: Registry Mechanic Next download & run DDS when finished it will produce 2 logs attach them Next, download Security Check from here to your Desktop Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 not that I was aware of ran that remover you asked me to the last time and taught the was all removed..? What PC tools are you seeing that is leftover? I can turn on the firewall but not the windows update it will not turn on.. i ran you another otl scan to look at if it will help attached ran a file and folder search for pc tools and yes there are files looks like they were created 4/15/2010 ...there are program files ...i cant copy and paste what is there ..but PCTools C:\Program Files\Common file size 1.85MB folders:sMonitor and when you go to that folder there are other files including dll files PCTLNty.dll 58kb PCTLogon.dll 518KB PCTProcess 5KB SMSvc 601KB SSDMonitor 102 KB StartManSvc 618 KB all of which are in C:\Program Files\Common Files\PC Tools\sMonitor in C:\Program Files\Registry Mechanic\Data\Resources there is PM-PCTools and PM-PCToolsLab both are 13.3 KB both bit map images I DONT KNOW if that help any .... Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 Please uninstall this: Registry Mechanic Next download & run DDS when finished it will produce 2 logs attach them Next, download Security Check from here to your Desktop Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. ok will do... Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 ok will do... dds.txt attach.zip seccheckup.txt Share this post Link to post Share on other sites
rise Posted June 22, 2011 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :Services nwid :Files c:\windows\system32\drivers\putaxb.sys :Commands [Purity] [EmptyFlash] [EmptyTemp] [CreateRestorePoint] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Copy log you get How it's running now? Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 just ran it included log in last post the security check that is Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following How it's running now? log after Otl fix was ran...still can not turn on win auto updates yetOTLFIXLOG2.zipOTLFIXLOG2.txt Share this post Link to post Share on other sites
rise Posted June 22, 2011 How it's running now? Your Java and Flash player are outdated remove them and download new versions Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 do you have save download location for me? and how do I uninstall what I have...still can not turn on win auto updates have not tried system restore for any access so I dont know about that but the notebook seems to running aright.. Share this post Link to post Share on other sites
rise Posted June 22, 2011 Go to Start > Run and type cmd now copy/paste this in black box %SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL Are you now able to turn updates? Share this post Link to post Share on other sites
rredbird Posted June 22, 2011 yea that automatically turned them on... Share this post Link to post Share on other sites