Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Recent programmes in start menu appearing blank [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Run RogueKiller

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:

Tthe last three RKreport.txt text files located on your desktop. The files will say Scan, Remove and ShortcutsFix[/b] in the Mode line.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET log (If it found anything)
3. The new RKreport.txt logs
4. Have the Start Menu items returned?
  • 0

Advertisements


#17
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hello godawgs

the malware bytes and eset scanner has not detected any viruses/threats...

the rouge killer shortcut fix has not been able to restore the recemt start menu programmes

NOTE :i created a new user and in it the recent programmes are appearing.

here are the logs u asked for:

no threats foe eset
  • 0

#18
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: SAYANLAPTOP-PC [administrator]

19-11-2012 02:25:29
mbam-log-2012-11-19 (02-25-29).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 488886
Time elapsed: 3 hour(s), 55 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#19
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 11/19/2012 20:02:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] Norton Internet Security - Run Full System Scan - User : c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{57A952AE-881C-4F89-9627-1D4EA5C788B9} : NameServer (202.159.219.229,203.94.243.70) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{57A952AE-881C-4F89-9627-1D4EA5C788B9} : NameServer (202.159.219.229,203.94.243.70) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82A9765D -> HOOKED (Unknown @ 0x892788B0)
SSDT[14] : NtAlertThread @ 0x82A10295 -> HOOKED (Unknown @ 0x89278990)
SSDT[18] : NtAllocateVirtualMemory @ 0x82A4C54B -> HOOKED (Unknown @ 0x8927E008)
SSDT[21] : NtAlpcConnectPort @ 0x829EE88B -> HOOKED (Unknown @ 0x89132E00)
SSDT[67] : NtCreateMutant @ 0x82A24862 -> HOOKED (Unknown @ 0x89278600)
SSDT[78] : NtCreateThread @ 0x82A95C74 -> HOOKED (Unknown @ 0x89278188)
SSDT[116] : NtDebugActiveProcess @ 0x82A68D78 -> HOOKED (Unknown @ 0x892A9D88)
SSDT[147] : NtFreeVirtualMemory @ 0x82888F1D -> HOOKED (Unknown @ 0x8927E270)
SSDT[156] : NtImpersonateAnonymousToken @ 0x829BEF16 -> HOOKED (Unknown @ 0x892786F0)
SSDT[158] : NtImpersonateThread @ 0x829D4553 -> HOOKED (Unknown @ 0x892787D0)
SSDT[177] : NtMapViewOfSection @ 0x82A148DA -> HOOKED (Unknown @ 0x8927E170)
SSDT[184] : NtOpenEvent @ 0x829FDDFF -> HOOKED (Unknown @ 0x89278520)
SSDT[195] : NtOpenProcessToken @ 0x82A05A60 -> HOOKED (Unknown @ 0x892780C8)
SSDT[197] : NtOpenSection @ 0x82A156AD -> HOOKED (Unknown @ 0x892A9E68)
SSDT[202] : NtOpenThreadToken @ 0x82A202FD -> HOOKED (Unknown @ 0x89278E68)
SSDT[282] : NtResumeThread @ 0x82A1FB9A -> HOOKED (Unknown @ 0x8927E430)
SSDT[289] : NtSetContextThread @ 0x82A9710B -> HOOKED (Unknown @ 0x89278D88)
SSDT[305] : NtSetInformationProcess @ 0x82A18908 -> HOOKED (Unknown @ 0x89278F38)
SSDT[306] : NtSetInformationThread @ 0x829FD2DD -> HOOKED (Unknown @ 0x89278C98)
SSDT[330] : NtSuspendProcess @ 0x82A97597 -> HOOKED (Unknown @ 0x892A9F48)
SSDT[331] : NtSuspendThread @ 0x8299E92D -> HOOKED (Unknown @ 0x89278AD8)
SSDT[334] : NtTerminateProcess @ 0x829F5173 -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E760)
SSDT[335] : NtTerminateThread @ 0x82A20584 -> HOOKED (Unknown @ 0x89278BB8)
SSDT[348] : NtUnmapViewOfSection @ 0x82A14B9D -> HOOKED (Unknown @ 0x8927E090)
SSDT[358] : NtWriteVirtualMemory @ 0x82A1196D -> HOOKED (Unknown @ 0x8927E360)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E318)
S_SSDT[301] : NtGdiStretchBlt -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E560)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87EDC158)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E8F0)
S_SSDT[525] : NtUserSendInput -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EC88)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EB0C)
S_SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EBF4)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 29f2258a811b4c8be9e2deac7a3c875d
[BSP] e240e2ae6804e000e7e9691706ac5dc8 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229179 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469360640 | Size: 9292 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_S_11192012_02d2002.txt >>
RKreport[1]_S_11162012_02d0115.txt ; RKreport[2]_S_11162012_02d0243.txt ; RKreport[3]_S_11182012_02d1355.txt ; RKreport[4]_D_11182012_02d1357.txt ; RKreport[5]_SC_11182012_02d1402.txt ;
RKreport[6]_S_11192012_02d2002.txt
  • 0

#20
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 11/19/2012 20:20:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] Norton Internet Security - Run Full System Scan - User : c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{57A952AE-881C-4F89-9627-1D4EA5C788B9} : NameServer (202.159.219.229,203.94.243.70) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{57A952AE-881C-4F89-9627-1D4EA5C788B9} : NameServer (202.159.219.229,203.94.243.70) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82A9765D -> HOOKED (Unknown @ 0x892788B0)
SSDT[14] : NtAlertThread @ 0x82A10295 -> HOOKED (Unknown @ 0x89278990)
SSDT[18] : NtAllocateVirtualMemory @ 0x82A4C54B -> HOOKED (Unknown @ 0x8927E008)
SSDT[21] : NtAlpcConnectPort @ 0x829EE88B -> HOOKED (Unknown @ 0x89132E00)
SSDT[67] : NtCreateMutant @ 0x82A24862 -> HOOKED (Unknown @ 0x89278600)
SSDT[78] : NtCreateThread @ 0x82A95C74 -> HOOKED (Unknown @ 0x89278188)
SSDT[116] : NtDebugActiveProcess @ 0x82A68D78 -> HOOKED (Unknown @ 0x892A9D88)
SSDT[147] : NtFreeVirtualMemory @ 0x82888F1D -> HOOKED (Unknown @ 0x8927E270)
SSDT[156] : NtImpersonateAnonymousToken @ 0x829BEF16 -> HOOKED (Unknown @ 0x892786F0)
SSDT[158] : NtImpersonateThread @ 0x829D4553 -> HOOKED (Unknown @ 0x892787D0)
SSDT[177] : NtMapViewOfSection @ 0x82A148DA -> HOOKED (Unknown @ 0x8927E170)
SSDT[184] : NtOpenEvent @ 0x829FDDFF -> HOOKED (Unknown @ 0x89278520)
SSDT[195] : NtOpenProcessToken @ 0x82A05A60 -> HOOKED (Unknown @ 0x892780C8)
SSDT[197] : NtOpenSection @ 0x82A156AD -> HOOKED (Unknown @ 0x892A9E68)
SSDT[202] : NtOpenThreadToken @ 0x82A202FD -> HOOKED (Unknown @ 0x89278E68)
SSDT[282] : NtResumeThread @ 0x82A1FB9A -> HOOKED (Unknown @ 0x8927E430)
SSDT[289] : NtSetContextThread @ 0x82A9710B -> HOOKED (Unknown @ 0x89278D88)
SSDT[305] : NtSetInformationProcess @ 0x82A18908 -> HOOKED (Unknown @ 0x89278F38)
SSDT[306] : NtSetInformationThread @ 0x829FD2DD -> HOOKED (Unknown @ 0x89278C98)
SSDT[330] : NtSuspendProcess @ 0x82A97597 -> HOOKED (Unknown @ 0x892A9F48)
SSDT[331] : NtSuspendThread @ 0x8299E92D -> HOOKED (Unknown @ 0x89278AD8)
SSDT[334] : NtTerminateProcess @ 0x829F5173 -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E760)
SSDT[335] : NtTerminateThread @ 0x82A20584 -> HOOKED (Unknown @ 0x89278BB8)
SSDT[348] : NtUnmapViewOfSection @ 0x82A14B9D -> HOOKED (Unknown @ 0x8927E090)
SSDT[358] : NtWriteVirtualMemory @ 0x82A1196D -> HOOKED (Unknown @ 0x8927E360)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E318)
S_SSDT[301] : NtGdiStretchBlt -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E560)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87EDC158)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9E8F0)
S_SSDT[525] : NtUserSendInput -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EC88)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EB0C)
S_SSDT[594] : NtUserUnhookWindowsHookEx -> HOOKED (\??\C:\Windows\system32\drivers\CO_Mon.sys @ 0xBCF9EBF4)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] 29f2258a811b4c8be9e2deac7a3c875d
[BSP] e240e2ae6804e000e7e9691706ac5dc8 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229179 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 469360640 | Size: 9292 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_D_11192012_02d2020.txt >>
RKreport[1]_S_11162012_02d0115.txt ; RKreport[2]_S_11162012_02d0243.txt ; RKreport[3]_S_11182012_02d1355.txt ; RKreport[4]_D_11182012_02d1357.txt ; RKreport[5]_SC_11182012_02d1402.txt ;
RKreport[6]_S_11192012_02d2002.txt ; RKreport[7]_D_11192012_02d2020.txt
  • 0

#21
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/19/2012 20:24:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 2
Start menu: Success 0 / Fail 0
User folder: Success 47 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 1
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[8]_SC_11192012_02d2024.txt >>
RKreport[1]_S_11162012_02d0115.txt ; RKreport[2]_S_11162012_02d0243.txt ; RKreport[3]_S_11182012_02d1355.txt ; RKreport[4]_D_11182012_02d1357.txt ; RKreport[5]_SC_11182012_02d1402.txt ;
RKreport[6]_S_11192012_02d2002.txt ; RKreport[7]_D_11192012_02d2020.txt ; RKreport[8]_SC_11192012_02d2024.txt
  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

NOTE :i created a new user and in it the recent programmes are appearing.

Yep, that's one way to correct it. I was going to tackle that last after making sure no residual malware files were found.

ALso i have spotted some strange files in Documents/azureus downloads folder... some album arts having strange numerical names and saying that they are system files

AlbumArt_{091FB6B3-FFA3-4E3B-AFB6-4A93BD0CB375}_Large
AlbumArt_{091FB6B3-FFA3-4E3B-AFB6-4A93BD0CB375}_Small
AlbumArtSmall
Folder

related to this particular song (mp3)

05._Tumi_Na_Thakle in the same folder

Can you give me the complete path to the Documents\azureus folder, or take a screen shot of the folder and post it?
  • 0

#23
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
HII

i have attached the screen shots...

NOTE: i login by user name Sayan

but interestingly in C:/Users folder this username does not appear... instead i have a Sayan folder on my Desktop which reappeared after running the short cut fix for the first time...

will copying the Sayan folder from desktop to users be of any help?

Thanks

Attached Thumbnails

  • Untitled.jpg
  • Untitled2.jpg

  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK, I am a little confused now. Was Sayan the username on the original user account or is it the username for the user account you just created?

There isn't anything in any of the fixes that should have moved a user folder to the desktop.
  • 0

#25
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
sayan is original user account

the new one i created is sayan2
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The reason I asked is because all of the OTL logs you posted show this header:

OTL logfile created on: 18-11-2012 15:25:35 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
...
Computer Name: SAYANLAPTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


And the file locations in the logs show this:

PRC - [2012-11-17 11:03:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012-09-18 11:22:25 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
etc:

Did you change the user name in the logs before you posted them?


I'm gonna need to consult with some colleagues on that one. In the meantime let's see if we can get a look at the azureus downloads folder.
I have changed the settings for OTL so read the instructions carefully.


Posted Image OTL Scan

1. Please copy all of the text in the quote box below (Do Not copy the word Quote). To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

C:\users\Sayan\Documents\Azureus Downloads\*. /s
C:\usere\Sayan\Documents\Azureus Downloads\*.* /s


2. Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Important
  • Do Not click the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Minimal Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Post the new OTL.txt log in your next reply and answer my question above.
  • 0

#27
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OTL logfile created on: 22-11-2012 19:04:34 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.14% Memory free
6.08 Gb Paging File | 4.70 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.81 Gb Total Space | 32.62 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive D: | 9.07 Gb Total Space | 1.61 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

Computer Name: SAYANLAPTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< C:\users\Sayan\Documents\Azureus Downloads\*. /s >

< C:\usere\Sayan\Documents\Azureus Downloads\*.* /s >

< End of report >
  • 0

#28
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
no i have not changed any users anywhere
only added a new user called sayan2 where the start menu is coming normal
the sayan user is also not there in USERS folder

i am adding some screenshots for your reference

Attached Thumbnails

  • startmenu for sayan user(original).jpg
  • Sayan_on_desktop.jpg
  • users folder not containing original username sayan.jpg
  • sayan2_new user.jpg

  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Then it must have been the infection. But something changed the name on the OTL report that was first generated on 11-16-2012. That was before any fixes were run.

The new OTL scan didn't show me what I was looking for. Part of that is my fault. Let's try it again. But first I want you to make sure that hidden and system files are visible and file name extensions are visible.


Step-1.

Show Hidden Files and Folders
  • Click the Start button. Click Computer.
  • On the next window, at the top of the window, click Tools then click Folder Options.
  • On the Folder Options window click the View tab.
  • Under the Files and Folders section:
  • Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

    Posted Image
  • Also make sure that Hide protected system operating files(recommended) is un-checked.

    Posted Image
  • Also make sure the Hide extensions for known file types box is un-checked.

    Posted Image
You can reverse these directions to hide files/folders when we are done.


Step-2.

Posted Image OTL Scan

1. Please copy all of the text in the quote box below (Do Not copy the word Quote). To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

%userprofile%\desktop\sayan\azureus downloads\* /s
%userprofile%\desktop\sayan\azureus downloads\*.* /s
C:\users\Sayan\Documents\Azureus Downloads\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console click the greyed out None button<---Important
  • Do Not click the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Minimal Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
  • 0

#30
sayan.dg

sayan.dg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
here is the fresh OTL report

*********************************

OTL logfile created on: 22-11-2012 21:39:31 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.20% Memory free
6.08 Gb Paging File | 4.49 Gb Available in Paging File | 73.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.81 Gb Total Space | 32.51 Gb Free Space | 14.52% Space Free | Partition Type: NTFS
Drive D: | 9.07 Gb Total Space | 1.61 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

Computer Name: SAYANLAPTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %userprofile%\desktop\sayan\azureus downloads\* /s >

< %userprofile%\desktop\sayan\azureus downloads\*.* /s >

< C:\users\Sayan\Documents\Azureus Downloads\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK2552GSX
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 224.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 9.00GB
Starting Offset: 240312647680
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: SAYANLAPTOP-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C NTFS Partition 224 GB Healthy System
Volume 2 D HP_RECOVERY NTFS Partition 9 GB Healthy

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP