Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot to black screen with cursor [Solved]


  • This topic is locked This topic is locked

#106
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== FILES ==========
File C:\WINDOWS\system32\dllcache\rsaenh.dll not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 02192013_054541

*************************************************

OTL logfile created on: 2/19/2013 5:55:58 AM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.94% Memory free
3.35 Gb Paging File | 2.72 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: RSAENH.DLL >
[2006/02/28 07:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=26ACBD865F8CFF730F1791C4D0854352 -- C:\WINDOWS\system32\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\rsaenh.dll

< End of report >

****************************************

Windows failed to update. Error code 80090008

Did the dll in the cache get eaten? :(

Edited by Jhackofalltrades, 19 February 2013 - 05:16 AM.

  • 0

Advertisements


#107
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

It seems that our dll did get "eaten." We have one more copy we can try to use, but lets make a copy of it first just in case something goes wrong again. Navigate to C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\ and make a copy of rsaenh.dll. Copy it to a safe location, like your desktop (make sure you copy and don't cut). Make sure the copy operation works successfully. If you aren't able to make a copy, stop and let me know. Don't continue with the instructions below.

Now let's use the OTLPE CD again to try and replace the file.

Start OTLPE as you did previously from CD
Copy the new Fix.txt to a USB. Make sure you delete the old one.

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode.
  • Find and post the log saved in C:\_OTL\MovedFiles and named with numbers describing the date and time it was run.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    /md5start
    rsaenh.*
    /md5stop
  • Select the None button in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

Do updates work now?
  • 0

#108
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
woohoo!

========== FILES ==========
< xcopy "C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\rsaenh.dll" "c:\documents and settings\philip\desktop\backup220\rsaenh.dll" /c >
Does C:\documents and settings\philip\desktop\backup220\rsaenh.dll specify a file name
or directory name on the target
(F = file, D = directory)?
Does C:\documents and settings\philip\desktop\backup220\rsaenh.dll specify a file name
or directory name on the target
(F = file, D = directory)?
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
File C:\WINDOWS\system32\rsaenh.dll successfully replaced with C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\rsaenh.dll

OTLPE by OldTimer - Version 3.1.48.0 log created on 02212013_033625

cmd came up and ran, but didn't shut down. I'd had a bad day and was getting ready to do
stupid things. cmd wasn't responding. I couldn't alt-tab to OTLPE and get a picture (get the
program to respond). My irritation levels had gotten pretty full.

First though, I right clicked cmd in its tab on the task bar or whatever that thing on
the bottom is called. Then I ended it and all this came up. OTL finished its run.
Thought I'd better put down what happened before I rebooted and forgot exactly

****************************

. OTL logfile created on: 2/21/2013 5:00:58 AM - Run 11
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.89% Memory free
3.35 Gb Paging File | 2.67 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 251.32 Gb Free Space | 53.96% Space Free | Partition Type: NTFS

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: RSAENH.DLL >
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\Documents and Settings\Karen\My Documents\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\Documents and Settings\Philip\Desktop\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\Documents and Settings\Philip\My Documents\Toolbox\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\system32\rsaenh.dll

< End of report >

************************************************

Windows update worked, though the initial scan took so long that I thought it was broken. 12 out of 13 installed smoothly. 1 failed, but I'm not done with everything just yet.
  • 0

#109
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
The following were not installed.

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)


It keeps trying (the little yellow shield pops up saying that I have updates waiting to install), but it doesn't want to work for whatever reason.
  • 0

#110
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

I'm glad we got it working.

For the one missing update, let's try the simple method first, by downloading it from here and trying a manual install. If that doesn't work, let me know and we will try another method.

Also, are there any other problems with the computer you want me to look at?

  • 0

#111
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I downloaded the update directly to my desktop and ran it. The update was looking for this file, netfx.msi, and was unable to find it,. So the update failed to complete. I was forced to cancel it. The following message popped up "error 1706. no valid source could be found for product microsoft .net framework 1.1 the windows installer cannot continue."

No other problems exist other than the lack of a search feature, which generally isn't an issue for me. If that's a security problem waiting to happen, I'd like help with that. If it's nothing major and only a minor flaw, then I'm fine without it.
  • 0

#112
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Since that didn't work, let's try the more involved method below. As for the search function, I don't think its a security issue, so if you want to leave it broken, that's fine with me.

This could be a .Net problem, so we will need to uninstall and then re-install .Net framework

Download Dontetfx cleanup tool. zip to your desktop
Unzip the tool
Run the exe file
Click throught the EULA popups
Select All Version
Posted Image

Once done reboot the computer
Download then run the Net 4.0 installer from here
Then install
Reboot and see if there are any updates from Windows Update.
  • 0

#113
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay, I downloaded the cleanup tool, ran it, rebooted, downloaded the .NET 4.0 installer, ran it, and rebooted. As Windows was booting, my Catalyst Control Center (my video card interface/controller/thingamajiggy) gave me an error message "Microsoft .NET framework 2.0 is required to run ATI Catalyst Control Center. Please download and install the software from Microsoft's website." I wasn't finished with everything yet, so I ignored it, went to Windows Update, downloaded and installed all critical updates, rebooted. Catalyst gave me the same error message. I went to Windows update, found no critical updates to install this time, downloaded a few that weren't critical, but seemed good to have, rebooted, and came here.

I cannot access my Catalyst Control Center which is used to "configure displays and settings for my AMD GPU's". I'm not sure what to do.

All other problems have been solved thus far, I thank you very much for this, Buddierdl. After this last thing gets fixed, can you tell me what happened to my computer at the beginning? It seems like between the malware and my aggressiveness with TDSSkiller that my computer wound up with a LOT of things missing, corrupted, and moved around, but I don't understand how it all fits together.
  • 0

#114
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

All other problems have been solved thus far, I thank you very much for this, Buddierdl. After this last thing gets fixed, can you tell me what happened to my computer at the beginning? It seems like between the malware and my aggressiveness with TDSSkiller that my computer wound up with a LOT of things missing, corrupted, and moved around, but I don't understand how it all fits together.


I'll give it a shot when we are done.

Please download and install this. It should fix your CCC. Once you install it, there should also be an update from windows updates that you will need to install as well.
  • 0

#115
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay, so I downloaded and installed the program. Reboot. Check Catalyst, it worked. Checked for updates, they were there, downloaded, installed, rebooted. Checked Catalyst, it worked. Checked for updates again, they were there, downloaded, installed, no reboot needed this time (yay for small favors!). Checked Catalyst, it worked.

As far as I know, everything works as desired. There are no updates that require downloading and installation. All my programs work as intended, as far as I can tell. My computer boots and works normally, no data was lost. I have a new firewall that is up to date. Everything else seems pretty up to date.
  • 0

Advertisements


#116
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, Jhackofalltrades. :) Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

I'll try to write a little explanation of what happened soon.

Please update these programs, as old versions pose a security risk.

  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:
    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • Firefox -> You can get the latest version here.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Reset SP3 Firewall: Make sure you don't have any open ports in your firewall.
Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select On(recommended) >> OK.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click on Control Panel.
  • Double-click on Automatic Updates to bring up the configuration dialog. If you're in Category view, you'll have to click on Security Center.
  • Select the Automatic (recommended) option and click on OK at the bottom of the window.

Defragment your hard drive. Your hard drive is showing 13% fragmentation. This refers to how your files are spread out on the physical "disk" in your hard drive. You could possibly gain a little better performance from your PC if you defragment your hard drive.
  • Open My Computer.
  • Right-click on you C: drive, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#117
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Homework's almost done. I need to defrag, run Secunia, update all that it gives me and then I'll be done with this page. The How did i get infected in the first place page will be where I go to next. For now, bed is draining my shields and pulling me in with a tractor beam, so I'll need to sleep now.
  • 0

#118
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay, homework's done. Ish. Defrag's done. OTL's cleaned up. TFC did its thing. All instructions on this page were followed. Secunia's PSI has been problematic, but I've ground through most of those.

I've completed most of the updates that Secunia wanted me to do. Adobe AIR's at the end of life though, so I put that on ignore. Google Chrome and Firefox were updated, but the PSI doesn't seem to want to recognize the currently installed versions as the ones that it should be looking at. So I went to the folder where firefox was stored and replaced that with a new updated version of the firefox.exe file from the current firefox program folder. I couldn't tell what Chrome files that PSI was looking at, so I told it to ignore that one. I ran updates for everything else and downloaded some hardware updates while I was at the windowsupdate site. The update for my network card caused me to not be able to surf the net, so I after floundering for the cause a bit, I rolled the driver back and most everything was fine. After installing the updated driver, windows claims that I have 3 days in order to re-register Windows on this computer because so many changes have been made. The last sounds like crap, but I can access windowsupdate just fine and I usually can't do that when I have malware, so I'm unsure of what to do. It won't let me go farther without validation and I've never had to do it before, so I've not validated anything yet. The validation program has a tray icon that looks like a pair of keys. I think it's legit, but I'm not certain and I'm annoyed that it's telling me I've made too many modifications to my system when I haven't made any since before all this stuff happened.

I've added avast free antivirus to the things running and I think it's helping to keep me safe. Secunia takes a long time to run and to scan. It hangs up frequently. I'm not sure if that's because of my firewall, my antivirus, or what, so as soon as I can, I'll be taking Secunia down and only checking it every week or so to make sure things are okay.
  • 0

#119
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

I wouldn't worry about Secunia too much. The main thing is to be sure your internet-facing programs are updated (FF, Chrome, Adobe products, Java, etc.). I wouldn't worry about updating drivers unless you are having problems with them.

Actually, the latest version of Avast (8) comes with an update checker. Try giving that a shot.

Posted Image

As for the validation, sometimes Windows will require you to reactivate if you make a lot of changes to your computer. Windows OEM is only allowed to be installed on the computer that it came with, so if it detects changes it might think its been installed on a different computer. You should follow the instructions to re-register, which will probably require a call to Microsoft to get a new key. (I don't think it's too much hassle.)

Did you get everything working, or do you need some more assistance?
  • 0

#120
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
My drivers are good, I think. I only updated it because I kept getting sent to windows update and I began downloading every optional update I could to stop being sent there. Turns out, I just had to make it scan again. I'm uninstalling it next.

I registered my copy of XP again. I bought it on a stand alone disk b/c I don't like the idea of an OS chained to a particular computer. I understand no multiple copies, but this wasn't that. I guess the program had to be sure or something. I didn't even have to enter anything, so that pleased me.

I think I'm good now. Everything works, all my stuff seems normal, only with a different firewall and a new always-on avast. But they don't seem to slow me down, so I don't mind them being on. I don't believe I need anything else.

However, if it's possible, can you tell me what all went wrong? I don't understand how the pieces of the fix fit together. Either way, thank you very much for your assistance Buddierdl,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP