Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan horse psw generic 12 [Solved]

Started by eevie , Jun 23 2015 08:41 AM

avg generic psw trojan

This topic is locked

#31
DanoNH

Posted 02 July 2015 - 08:57 AM

Trusted Helper

Malware Removal
2,155 posts

Hello eevie,

Sorry for any frustration you are experiencing and thank you for staying with this. You should be fine copying logs on your USB stick.

Yes, it does appear there are some serious issues with your system. We are not out of options here though, so don't give up...

Before I post my next steps here, could you please answer these questions for me? Thanks

What is the make/model of your computer? (e.g. Dell Precision 4800, HP Pavilion P7-1154)
Is there a Service Tag number or Express Service code or a similar sticker on the back?
Do you know if the computer came with Windows Vista?
Did you buy it or is it second-hand?
Any other background information you can provide would be great...

#32
eevie

Posted 02 July 2015 - 10:03 AM

Member

Topic Starter
Member
27 posts

Hi, no problem
It's a Dell Inspiron 660
F844NV1
33142400461
it was purchased directly from the Dell outlet a few years ago. It came pre loaded with Windows 7.
This is the first time I've had any problems with it. It is used for browsing the Internet and using Office applications. I don't use it for gaming. I am usually quite careful about downloading stuff, so not sure how it got on the computer. Thanks

#33
DanoNH

Posted 02 July 2015 - 10:31 AM

Trusted Helper

Malware Removal
2,155 posts

Thank you. Have you ever ordered the recovery disk set from Dell before? Have you ever run the Dell Backup & Recovery program to create your own rescue disk set?

You may eventually need to contact them to get the disks. While I don't see it in your installed programs list, you might be able to install Dell Backup & Recovery and use that to restore your system, if we need to go that route.

But don't do that just yet, please!

Try this next:

First
Clean Boot Windows 7

Visit this page
At the top of the page, click on the line that says "Windows 7 and Windows Vista"
Follow the steps down to the next sub-section, where it says "What is next when I have a clean boot environment?"
You will end up rebooting to a system running only Microsoft components.

Second
Run a FRST Fix

From the clean computer, download the attached fixlist.txt file and save it to your USB stick: fixlist.txt 3.73KB 168 downloads
Plug the USB stick into the infected computer, and copy the fixlist.txt file over to the Desktop.

(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Finally
In your next reply, please copy/paste the contents of the following logs:

FRST fixlog.txt

and

Answer my questions about ordering or creating your own recovery disks
Tell me if you get back Internet access.

#34
eevie

Posted 03 July 2015 - 03:45 AM

Member

Topic Starter
Member
27 posts

Hi, thanks again for your time.

I have never ordered a recovery disc. I haven't run the Dell Backup & Recovery program.

It took a while to run through the clean boot instructions as the window kept going into not responding mode. On restart it came up with the error - programs open - so I clicked force (close/shutdown? can't remember which).

Ok, followed all the procedures. I still have no Internet access, - Unidentified Network, No Internet access. Computer is responding at a normal speed now and hard drive is not working so hard, but still working when nothing is hapenning.

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-07-03 10:32:10 Run:3

Running from C:\Users\Yvonne\Desktop

Loaded Profiles: Yvonne (Available Profiles: Yvonne)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe

(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [VarihImuje] => regsvr32.exe "C:\ProgramData\VarihImuje\LamutEzerp.jan"

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

SearchScopes: HKU\S-1-5-21-2680941182-924487306-1447265962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-09] (AVG)

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=hp

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\ psitesafety.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF SearchPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml [2015-06-09]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-09]

FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]

R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-07] (AVG Secure Search)

Task: {0887A2E6-BACD-4A11-A0F1-17300B0DB373} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&lang=en

Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

HKLM\...\Policies\Explorer: [NoControlPanel] 0

AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK

AlternateDataStreams: C:\Users\Yvonne\Local Settings:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\Application Data:WBO7yPmWULzqzMlNjH4WYx1

AlternateDataStreams: C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA:cBoXbkA0eiXwo9vkaRRNc9w

Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state on

C:\ProgramData\VarihImuje

Hosts:

RemoveProxy:

CMD: ipconfig /flushdns

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

Processes closed successfully.

Restore point was successfully created.

C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => No running process found

C:\Program Files (x86)\PasswordBox\pbbtnService.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe => No running process found

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe => No running process found

C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe => No running process found

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VarihImuje => value not found.

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" => key removed successfully

HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

Firefox homepage removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml => moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully.

C:\Program Files (x86)\PasswordBox\Firefox => moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully

"HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully

PasswordBox => Service removed successfully

vToolbarUpdater18.4.0 => Service removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0887A2E6-BACD-4A11-A0F1-17300B0DB373}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0887A2E6-BACD-4A11-A0F1-17300B0DB373}" => key removed successfully

C:\Windows\System32\Tasks\Open Chrome => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome" => key removed successfully

C:\Windows\Tasks\Open Chrome.job => moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully

"C:\Users\Yvonne\Cookies" => ":0Zy52loBTbmGuAzjPMZllK" ADS not found.

"C:\Users\Yvonne\Local Settings" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

C:\Users\Yvonne\AppData\Local => ":WBO7yPmWULzqzMlNjH4WYx1" ADS removed successfully.

"C:\Users\Yvonne\AppData\Local\Application Data" => ":WBO7yPmWULzqzMlNjH4WYx1" ADS not found.

C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA => ":cBoXbkA0eiXwo9vkaRRNc9w" ADS removed successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

C:\ProgramData\VarihImuje => moved successfully.

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x80080005

========= End of CMD: =========

EmptyTemp: => 662.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 10:35:12 ====

#35
DanoNH

Posted 03 July 2015 - 08:25 AM

Trusted Helper

Malware Removal
2,155 posts

Hello eevie,

It looks like the fix took care of some important things. How is the computer running?

Do you have access to the Internet now?

#36
eevie

Posted 03 July 2015 - 04:41 PM

Member

Topic Starter
Member
27 posts

The computer is very slow to start up, but it was quite slow before the virus. The programs are loading at normal speed. The hard drive is fairly quiet, but not completely, when nothing is happening. It still says unidentified network, so no internet access.

#37
DanoNH

Posted 03 July 2015 - 05:24 PM

Trusted Helper

Malware Removal
2,155 posts

Hello eevie,

We'll see if we can fix the Internet access issue once and for all now. Let's again try that Windows AIO Repair again while we are running in Clean Boot mode. Then we'll check the system files out with a command line tool.

First
Using the Infected computer:

Insert the USB stick with Windows AIO on it.
Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
  
  NOTE: The above image is only for a reference. Please select the following items:
  - 01 - Reset Registry Permissions
  - 03 - Reset Service Permissions
  - 04 - Register System Files
  - 05 - Repair WMI
  - 06 - Repair Windows Firewall
  - 07 - Repair Internet Explorer
  - 08 - Repair MDAC/MS Jet
  - 09 - Repair Hosts File
  - 10 - Remove Policies Set by Infections
  - 13 - Repair Winsock & DNS Cache
  - 14 - Remove Temp Files
  - 15 - Repair Proxy Settings
  - 16 - Unhide Non System Files
  - 17 - Repair Windows Updates
  - 19 - Repair Volume Shadow Copy Service
  - 26 - Restore Important Windows Services
  - 27 - Set Windows Services to Default Startup
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply (using your USB stick).
The computer should reboot automatically.

Second
Run sfc in Windows Vista/7

Open an elevated command prompt. To do that:
- Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
A command window will open like the image below:
Highlight the command below, right click and then click Copy

sfc /scannow
Right click next to the blinking cursor in the Command window and click Paste. This will put the command in the window and the command window should look like the image below:
Press the Enter key. The command window will look kike the image below:

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish. Do not close this Command Prompt window until the verification is 100% complete.
When the scan has finished you should get one of the following messages in the Command window:
- Windows Resource Protection did not find any integrity violations.
- Windows Resource Protection could not perform the requested operation.
- Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
- Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
Write down the message you got so you can post it in your next reply.
Type exit and press the ENTER key to close the command window.

Finally
In your next reply, please copy/paste the contents of the following logs:

Windows AIO Repair log

and

Tell me which message you got from the SFC tool.
Tell me how the system is running.

#38
eevie

Posted 04 July 2015 - 06:58 AM

Member

Topic Starter
Member
27 posts

On switching on the computer I got this AVG error message: AVG Detection Threat: general behaviour problem. Object name: C:\windows\temp\temp97293.reg. I have left this.

The command prompt took a long time to appear, then a window appeared asking to make changes to windows command processor, I clicked yes.

I typed in at the prompt, it took ages to start the scan. I had left the computer whilst it did this and on return it was in sleep mode, on waking up I had the message -Windows Resource Protection could not perform the requested operation.

The computer is working very slowly. I have tried to open Word, it is not working, it throws up error messages and goes to not responding. The resolution also has changed to a low resolution, large icons and text.

Here is the log:

Tweaking.com - Windows Repair v3.0.0

--------------------------------------------------------------------------------

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Home Premium

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: YVONNE-PC

Windows Drive: C:\

Windows Path: C:\Windows

Program Files: C:\Program Files

Program Files (x86): C:\Program Files (x86)

Current Profile: C:\Users\Yvonne

Current Profile SID: S-1-5-21-2680941182-924487306-1447265962-1000

Current Profile Classes: S-1-5-21-2680941182-924487306-1447265962-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Yvonne\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:13:47

Process Count: 41

Commit Total: 1.38 GB

Commit Limit: 7.76 GB

Commit Peak: 1.83 GB

Handle Count: 12324

Kernel Total: 323.75 MB

Kernel Paged: 242.04 MB

Kernel Non Paged: 81.71 MB

System Cache: 2.20 GB

Thread Count: 662

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.25 GB(32.2457%)

Memory Avail.: 2.63 GB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.88 GB

Memory Used: 1.13 GB(28.9907%)

Memory Avail.: 2.76 GB

--------------------------------------------------------------------------------

Starting Repairs...

Started at (04/07/2015 11:46:19)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 0

01 - Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (04/07/2015 11:46:20)

Running Repair Under Current User Account

Done (04/07/2015 11:46:32)

01 - Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (04/07/2015 11:46:32)

Decompressing & Updating Windows Permission File services.txt

Done, 0.14 seconds.

Running Repair Under System Account

Done (04/07/2015 11:50:09)

01 - Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (04/07/2015 11:50:09)

Running Repair Under System Account

Done (04/07/2015 11:51:13)

03 - Reset Service Permissions

Start (04/07/2015 11:51:13)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:51:25)

04 - Register System Files

Start (04/07/2015 11:51:25)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:51:48)

05 - Repair WMI

Start (04/07/2015 11:51:48)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...

AVG AntiVirus Free Edition 2013 Exported.

Exporting AntiSpyware Info...

Windows Defender Exported.

AVG AntiVirus Free Edition 2013 Exported.

Exporting 3rd Party Firewall Info...

No Firewall Products Reported.

Running Repair Under Current User Account

Done (04/07/2015 11:54:49)

06 - Repair Windows Firewall

Start (04/07/2015 11:54:49)

Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt

Done, 0.17 seconds.

Running Repair Under System Account

Done (04/07/2015 11:55:17)

07 - Repair Internet Explorer

Start (04/07/2015 11:55:17)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:55:42)

08 - Repair MDAC/MS Jet

Start (04/07/2015 11:55:42)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:55:50)

09 - Repair Hosts File

Start (04/07/2015 11:55:50)

Running Repair Under System Account

Done (04/07/2015 11:55:52)

10 - Remove Policies Set By Infections

Start (04/07/2015 11:55:52)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:55:54)

13 - Repair Winsock & DNS Cache

Start (04/07/2015 11:55:54)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:56:10)

14 - Remove Temp Files

Start (04/07/2015 11:56:10)

Running Repair Under System Account

Done (04/07/2015 11:56:11)

15 - Repair Proxy Settings

Start (04/07/2015 11:56:11)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 11:56:13)

16 - Unhide Non System Files

Start (04/07/2015 11:56:13)

C:\ - Total Files Unhidden: 962 - Check Unhidden_Files.txt for list of files unhidden

Done (04/07/2015 11:57:06)

17 - Repair Windows Updates

Start (04/07/2015 11:57:06)

Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt

Done, 0.17 seconds.

Running Repair Under System Account

Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.

Done (04/07/2015 11:58:01)

19 - Repair Volume Shadow Copy Service

Start (04/07/2015 11:58:01)

Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt

Done, 0.53 seconds.

Running Repair Under System Account

Done (04/07/2015 11:59:42)

26 - Restore Important Windows Services

Start (04/07/2015 11:59:44)

Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt

Done, 2.71 seconds.

Running Repair Under System Account

Done (04/07/2015 12:00:47)

27 - Set Windows Services To Default Startup

Start (04/07/2015 12:00:47)

Running Repair Under Current User Account

Running Repair Under System Account

Done (04/07/2015 12:01:14)

Cleaning up empty logs...

All Selected Repairs Done.

Done at (04/07/2015 12:01:16)

Total Repair Time: 00:14:59

...YOU MUST RESTART YOUR SYSTEM...

#39
DanoNH

Posted 04 July 2015 - 11:19 AM

Trusted Helper

Malware Removal
2,155 posts

I understand your situation, eevie, and will be back with further steps. Thanks for your patience...

#40
DanoNH

Posted 04 July 2015 - 02:51 PM

Trusted Helper

Malware Removal
2,155 posts

Hello eevie,

First I must apologize for how long this is taking, and commend you on your ability to follow instructions and report what is happening. :spoton:

We need to take a step back here... I'll have you run a System Restore for me, after which your system will reboot.

Then I'll have you run a FRST fix, also requiring a reboot.

Then I'll have you run the Window AIO fix again.

Ready?

First

Restore your computer using System Restore

I would like you to use System Restore to roll your computer back to a saved checkpoint.

Click the Start Orb , and in the search box, type system restore
If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
When you see System Restore show up in the list above, click on it.
System Restore opens
Click Next
Look for the Restore point created around 2015-07-03 10:32:10 (that's July 3rd at 10:32:28 AM). I'm not sure what the comment will say.
If you found this restore point, go to step 9, otherwise, continue to step 7.
If you don't see it in the list it shows you, select the Show more restore points check box as shown below:
Look for the same restore point in step 5
Select the restore point in the list
Click Next
Click Finish
The restore operation should take place and reboot automatically to your login screen. Once you login, you should soon see a message indicating whether or not System Restore completed successfully.
Let me know if System Restore worked properly or not.

Second
Run a FRST Fix

Download the attached fixlist.txt file and save it to the Desktop: fixlist.txt 3.58KB 233 downloads

(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Third

Run Windows Repair AIO

Using the Infected computer:

Insert the USB stick with Windows AIO on it.
Open My Computer, and browse to your USB drive. Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
- When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
- Now, select the Repairs tab, then click on the "Open Repairs" button:
- Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue. Agree to any User Account Control prompts.
- In the list that it presents put a check (tick) in the following as follows:
  
  NOTE: The above image is only for a reference. Please select the following items:
  - 01 - Reset Registry Permissions
  - 03 - Reset Service Permissions
  - 04 - Register System Files
  - 05 - Repair WMI
  - 06 - Repair Windows Firewall
  - 07 - Repair Internet Explorer
  - 08 - Repair MDAC/MS Jet
  - 09 - Repair Hosts File
  - 10 - Remove Policies Set by Infections
  - 13 - Repair Winsock & DNS Cache
  - 14 - Remove Temp Files
  - 15 - Repair Proxy Settings
  - 16 - Unhide Non System Files
  - 17 - Repair Windows Updates
  - 19 - Repair Volume Shadow Copy Service
  - 26 - Restore Important Windows Services
  - 27 - Set Windows Services to Default Startup
- Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
- Then click on the Start Repairs button if it doesn't do it automatically
- If it asks you to back up your system click Yes and continue
After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply (using your USB stick).
The computer should reboot automatically.

Finally
In your next reply, please copy/paste the contents of the following logs:

FRST fixlog.txt
Windows AIO log

And tell me how the system is running.

#41
eevie

Posted 04 July 2015 - 05:48 PM

Member

Topic Starter
Member
27 posts

Hi, thanks for persevering with this problem.

After restarting the computer the resolution has returned to normal and word seemed to work ok.

System Restore did not complete successfully - unspecified error (0x80070003)

During windows repair this AVG error message appeared: AVG Detection, Threat: general behavioural detection, Object name: C:\windows\temp\temp48243.bat I did nothing, after a short while it automatically changed to - Threat has been successfully removed.

The windows repair took a long time to complete and the computer would not restart, I had to keep the off button depressed to turn off and then chose start windows normally. The whole process took over 1.5 hours. When the computer did restart it appeared to be working ok, but still no Internet access.

Here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Yvonne at 2015-07-04 23:27:26 Run:4