[jwang01]

Hello,


Do you still need help?

[Advertisements]

Yes I still do, sorry about that. I've reminded my sister twice now to follow the instructions you gave, and just did it again about two hours ago. She says she'll do it tonight, but I won't be surprised if she forgets again.

By the way, while you're here, am I allowed to have two open topics for two different computers, or do I need to wait until this one is finished first before opening another thread? I didn't see anywhere that covered this, and my laptop's developing problems that I made another thread about (currently manageable, so it's not a pressing issue).

[EMDF]

Yes I still do, sorry about that. I've reminded my sister twice now to follow the instructions you gave, and just did it again about two hours ago. She says she'll do it tonight, but I won't be surprised if she forgets again.

By the way, while you're here, am I allowed to have two open topics for two different computers, or do I need to wait until this one is finished first before opening another thread? I didn't see anywhere that covered this, and my laptop's developing problems that I made another thread about (currently manageable, so it's not a pressing issue).

[jwang01]

Hello,


OK, thanks for the update.



Yes, you can have more than one topic open as long as it is two different computers.

[EMDF]

Okay, she finally got back to me. She said that Windows Update improved, but isn't fixed yet. It needed to "download an update for Windows Update itself," started downloading, then gave an error of "Windows could not search for new updates. Code 8007000B".

Here's the OTL log:


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Components\\PendingXmlIdentifier not found.
Registry value HKEY_LOCAL_MACHINE\Components\\NextQueueEntryIndex not found.
Registry value HKEY_LOCAL_MACHINE\Components\\AdvancedInstallersNeedResolving not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jessica
->Temp folder emptied: 89103573 bytes
->Temporary Internet Files folder emptied: 222998849 bytes
->Java cache emptied: 10487935 bytes
->FireFox cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 416081 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1372 bytes

Total Files Cleaned = 308.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 02032010_222830

Files\Folders moved on Reboot...
C:\Users\Jessica\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JETC995.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[jwang01]

Hello,

Ok, I found a possible solution for that error code as well. Let's see if it fixes it.

• Click on the Start Button
• In the search box, type in Command Prompt
• Right click on Command prompt and select Run As Administrator
• In the Command Prompt window, type fsutil resource setautoreset true C:\
• Now restart the computer.

Then try to Update Windows again. Let me know if it works.

[EMDF]

Surprisingly, it gave her a Blue Screen of Death when she tried to run the command. I asked her, and she did run it as administrator. It didn't seem to do anything, as Windows Update is giving the same issues as before -- it wants to install a new version of itself, and gives the same error when you try and install it.

She also described two new symptoms that she forgot to mention before. The first one is that the laptop doesn't recognize its built-in webcam, although it did before the Trojan infected the system. The second is that when the laptop starts up, it asks to check the disk, and gets to 51% before it stops making any progress.

[jwang01]

Hello,


The webcam may need to have its files reinstalled. I will look into that. What kind of computer is it?


Ok, please try to do that command in safe mode. To boot in safe mode, restart the computer and right when the computer restarts tap the F8. Then select Safe Mode. Then try that command again per my previous instructions.



Also, lets check the hard drive and make sure there is no bad sectors in it.

• # In the search box, type in Command Prompt
• Right click on Command prompt and select Run As Administrator
• Then type in chkdsk /f /r C: and press enter.
• It may say something like the disk is in use, and to schedule it on reboot. Say yes and restart the computer.
• It will then scan for errors and try to fix any. Let me know if it finds any bad sectors.

Edited by jwang01, 05 February 2010 - 09:46 PM.

[jwang01]

Hello,



Do you still need help?

[EMDF]

Yes, I'm sorry. My sister is once again stalling, and I cannot seem to get through to her how important fixing her computer is. She said she would do it a few days ago on her day off, then said she would last night, and still nothing. I just sent her yet another email about it.

[jwang01]

Hello,



Ok, I was just making sure. Just to let you know, I will be away for 5 days or so starting on tuesday. I may ask another staff member to jump in here and help if you get to posting.

Edited by jwang01, 13 February 2010 - 05:23 PM.

[EMDF]

Hope you have a nice trip! -snip-

Alright, I got an email finally. She ran everything, safe mode and all, and it still came up with a blue screen of death. Chkdsk got stuck midway through. In stage 1, it said that there were 1205 large file records processed, 0 bad files, 0 EA records and 60 reparse records processed. In stage 2, it said it was "11% completed...208367 of 279474 index entries processed." After waiting a half-hour, it didn't continue.

Edited by EMDF, 13 February 2010 - 09:06 PM.

[jwang01]

Hello,



Let's go this way. Let's go ahead and clean up the analysis tools we used here, Then head over the the Windows Vista Forum and create a new thread with the problems you are still exeriancing. Also, let them know you were working with me here and are clean of Malware. Please include a link to this topic. Then come back here and post a link to that thread so I can let them know you need help.




Congratulations!! Your logs look clean!

Now we need to do a little house keeping and remove the tools we have used.

• Click on OTL.exe
• Click the Clean It button
• If it tells you to reboot click Yes

It is always a good idea to have ONE Anti-Spyware program that runs in real time along with your Anti-Virus. You can have more the one installed, but all others should be used only as On Access scanners.


Now the next list is some programs I like to recommend to people to help keep your computer safer. Keep in mind that these are all optional.

MalwareBytes Anti Malware
This is an exellent On Access Anti-Malware Scanner.

SuperAntiSpyware
This is an Anti-Spyware program that will help protect your PC with Real Time Protection. You should have one Anti-Spyware program that scans in real time. This will help prevent your PC from picking up any more malware.


TFC
This will help delete all temporary files.

Opera
This is an alternative for Internet Explorer. Opera is a more secure browser.



You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.

Heres how to do it:

• Go to Start
• Click on the Control Panel
• Click on Security
• Then click on Windows update
• Then settings to turn Windows Update On/Off

You should check and make sure that you keep your Anti-Virus up to date. This is also a crucial part of your security. You can do this by clicking on your Anti-Virus and clicking on update. If your AV has an automatic update feature, i would recommend turning it on in the settings menu.

And finally a little How did I get infected in the first place? (by Mr. Tony Klein)

[EMDF]

Awesome! Just to make sure I've gotten everything right, I've given a list of what I thought the symptoms were on her laptop and asked if it's still the same, and if I left anything out. Once I get a response back (which I'm now expecting to come fairly soon), I'll make a new thread.

You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.

Heres how to do it:

• Go to Start
• Click on the Control Panel
• Click on Security
• Then click on Windows update
• Then settings to turn Windows Update On/Off

This is going to be a problem, as Windows Update doesn't even work in the first place! I know this was copy-pasted from your training though, so I will follow these instructions when it starts working again.

Thanks for all the help!

[jwang01]

Hello,


Ok sounds good to me.

Edited by jwang01, 15 February 2010 - 07:00 PM.

[EMDF]

Okay, here's the link to the new topic:
http://www.geekstogo...ni-t268834.html