[Jules4me]

I just did a forced shut down, but I'm not going to bring it back up until tomorrow. Thanks for your wise counsel today.

[Advertisements]

Well, I started the laptop this morning and it has been trying to come up for two hours now. It is stuck on the welcome screen. I won't do anything until you tell me, but I would think I need to force shutdown and restart in safe mode. However, I don't know what to do from there.

[Jules4me]

Well, I started the laptop this morning and it has been trying to come up for two hours now. It is stuck on the welcome screen. I won't do anything until you tell me, but I would think I need to force shutdown and restart in safe mode. However, I don't know what to do from there.

[Jules4me]

Just to update you, it is still stuck on the welcome screen.

Edited by Jules4me, 01 September 2012 - 12:02 PM.

[godawgs]

Hi Jules,

Thanks for the update. I've been searching this since you first posted the problem. There isn't anything in the last OTL fix for the cleanup that should cause this. I've seen OTL take a long time to reboot the system when restore points are being reset, but other than having MalwareBytes running real-time protection, I can't find an instance of a fix of this kind causing the system to hang at the Welcome screen. And I know that isn't the problem cause the other OTL fix ran without a hitch. I have sent the tool developer a message so he can look at the posts and see if he has any ideas.
While I am waiting to hear from him, I have a question and something I want you to try.

In your post # 26 you said:

Yikes! We might have a problem. I was doing the OTL scan where I copied in those commands and the program asked to reboot....

Did you click the Run Scan button or the Run Fix button?

I want you to see if there a "Repair My Computer" option in the list of Advanced Boot Options and then see if the computer will boot into Safe Mode.

Restart your computer. As soon as it starts booting up (you should see the Mfg. logo) start tapping the F8 key.
An Advanced Boot Optionsscreen should come up.

NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
On the Advanced Boot Options screen see if there is an option titled Repair my computer. Do Not click it, just let me know if you have it.
Use the up and down arrows on the keyboard to highlight Safe Mode and press the Enter key.
It will take a few minutes for the system files to load and then a Welcome screen should come up.
Click your user name and type your password (if that's what you normally do on a normal boot up) and click OK or press the Enter key.

After a little wait the Safe Mode desktop should appear. It will look funky. The icons will be bigger and the word Safe will be in all four corners of the window.

If you get that far, the system has booted into Safe Mode.
Shut Windows down like you normally do from the Start Orb and let me know:

1. If there was a Repair my computer option on the Advanced Boot Options
2. If it booted into Safe Mode

As soon as I hear from the tool developer I will decide the direction we should take. I'm sorry for the inconvenience...but this is a first for me.

[Jules4me]

Because I forced the shut down last night, when I restarted it this morning, it went to the "Computer did not shut down correctly" screen and it gives the option of starting in safe mode or regular start up. I chose to just start up and I let it sit on the welcome screen for at least 8 hours before holding the on button to shut it down.

I did chose "Run Fix" on OTL. I apologize for my miss use of the word scan versus fix. It went through deleting the restore points and such. It says what it is doing at the very bottom. It then asked to reboot, which I said yes and it brings us to the current problem.

I was able to bring up the Advanced options page and I do have Repair my computer as an option. The laptop booted into Safe mode with no issue.

Don't be concerned that this is a first time issue for you. We will learn together.

[godawgs]

Hi Jules,

Still haven't heard from the developer yet but have had input from some colleagues and they haven't experienced this exact problem either. Let's check the disk integrity and see if that solves it. If not we'll check the system file checker and make sure the system files are ok. We will do this from Safe Mode.


Step-1

Run chkdsk in Safe Mode

1.

Restart the computer and boot into Safe Mode. To do that

• Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
• An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
  NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
  Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  
• Use the down arrow key to highlight Safe Mode and push the ENTER key.
  
  Windows Vista
  
  
  The Windows files will load and the Welcome Screen will come up
• Click your user name and type your password in the box (if you use a password) and click OK or press the Enter key.

The Safe Mode desktop will come up.

2.

Run chkdsk in a Elevated Command Prompt

• Click the Start Orb
• In the Start Search box type cmd.exe
• Find cmd.exe at the top of the list that comes up in the box.
• Right click the cmd.exe file and click Run as Administrator
  A black Command Window will open (see the screenshot below)
  
  
  
  
  • At the blinking cursor in the command window type the following command and then press the Enter key:
    
    

    chkdsk C: /f

  NOTE: If you get message asking if you would like to schedule this volumn to be checked the next time Windows starts? (Y/N), press the Y key and press Enter (See the screenshot below)
  
  
  The /f switch is the most common of the chkdsk switches. It tells chkdsk to try and fix any errors it finds.
  
• At the blinking cursor type exit and press the Enter key to close the Command window.
• Restart the computer. Do Not try to boot into Safe Mode. Just let the computer boot normally. Chkdsk will run at start up.

If Windows boots up stop here!. If it doesn't boot up, don't turn the system off and continue with Step 2.


Step-2.

Run SFC from Safe Mode

Boot into Safe Mode

• Start, or Restart the computer and as soon as it starts booting up (you might see the Mfg. logo) start tapping the F8 key.
• An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
  NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
  Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  
• Use the down arrow key to highlight Safe Mode and push the ENTER key.
  
  Windows Vista
  
  
• After the system files load the Windows welcome screen will come up.
• Click your user name and type in the password (if you have one) and click OK or press Enter. The Safe Mode desktop will come up.

Run the system File Checker

Open an elevated command prompt. To do that:

• Click the Start Orb and in the Search box type cmd.exe.
• In the list of files that comes up above the Search box find the cmd.exe file, right click it and click Run as Administrator
  A command window will open like the image below:
  
  
• Type the following and press ENTER after each line

cd C:\windows\Logs\cbs

copy cbs.log cbs.old

del cbs.log

cd C:\Windows\System32

Now run System File Checker
The System File Checker scans all protected system files and can replace incorrect versions with correct Microsoft versions.

• At the blinking cursor type or Copy and Paste the following and press the Enter key:
  
  

  sfc /scannow

  (notice the space between the c and the /..it needs to be there)
  
  
  sfc /scannow - Scans the integrity of all protected system files and repairs the system files if needed. (See screenshot above)
  NOTE: If sfc finds errors in the system files it will list what if found and whether or not it fixed the problem.
• The process will take some time.
• When the process has finished, write down the results of the scan so you can post them in your next reply.
• Type exit and press the ENTER key to close the command window.

Reboot the computer and see if it will boot into normal mode.

[Jules4me]

YAY!!! Step 1 worked. It booted normally.

I have two what I would call "ghost"icons on my desktop. They both say desktop.ini and when I hover my cursor over them, one says
Type: Configuration Settings
Size: 174 bytes
Date Modified: 1/20/2008 9:57pm

The other says:
Tyoe: Configuration Settings
Size: 282 bytes
Date Modified: 5/4/2011 10:49 pm

Now, I assume I am to go back into OTL and do the clean up and all the other instructions, but I will wait to hear from you.

[godawgs]

YAY!!! Step 1 worked. It booted normally.

Glad to hear it. I still don't have a clue as to what happened Either windows or OTL had a senior moment
The "ghost" files are there because when OTL scans or runs a fix it causes Windows to show hidden and system files. I will take care of that in the cleanup and they won't be visible anymore.

Yeah, we are gonna do the cleanup again....but we're gonna let Windows purge the restore files.

OK, let's try this again.


Step-1.

Click the Start Orb and click Control Panel. In the list of programs installed find ESET online Scanner and uninstall it.
Delete the C:\Program Files\ESET folder.


Step-2.

OTL Cleanup

2. Please re-open .

• Be sure all other programs are closed as this step will require a reboot.
• Click on
• You will be prompted to reboot your system. Please do so.

The above process will remove OTL and the logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.


Go to the folder you downloaded these files to and delete them. If it was the desktop, delete them there. If it was the Downloads folder, delete them there.

aswMBR.exe
MBR.dat
aswMBR.txt
RougeKiller.exe
All REReport.txt files
AdwCleaner.exe
All AdwCleaner[R1].txt files and all AdwCleaner[S1].txt files
SecurityCheck.exe
Checkup.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop or in the folder you downloaded them to. Empty the Recycle Bin.


Step-3

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:

• Click the Start Orb. Click Control Panel. Click System and Maintenance
• Click System
• In the left column under Tasks, click Advance System Settings and accept the warning if you get one
• Click the System Protection Tab
• In the Available Disks box put a ckeck mark in the box next to OS (C:) (System).
  
  Note: It may take some time for the system to populate the Available Disks box, so be patient.
  
• Click the Create button at the bottom
• Type in a name fo the restore point, i.e: Clean
• Click Create
• A small System Protection window will come up telling you a Restore Point is being created.
• Another System Protection window will come up telling you the Restore Point has been created, click OK
• Click OK again.
• Close the Control Panel

Now we can purge the old Restore Points

• Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
• Copy and Paste the following in the Run box:
  

  cleanmgr

• Click OK
  A Disk Cleanup Options popup will open
• Click My files only
  A Drive Selection popup will open
• Select the system drive, C:\ and click OK.
• For a few moments the system will make some calculations
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required and click OK.
• On the next window, click the More Options tab
• In the System Restore and Shadow Backups window click Clean up
• Click Delete on the pop up
• Click OK
• Click Delete
• Click OK to close any windows that may be open.
  Restart the computer

Step-4.

Re-Start TeaTimer

• Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
• If prompted with a legal dialog, accept the warning.
• Click Mode and then on "Advanced Mode".
  
• You may be presented with a warning dialog. If so, press Yes.
• Click on
• Click on
• Check these checkboxes:
  
• Close/Exit Spybot Search and Destroy.

Step-5.

Reset Hidden Files and Folders

1. Click the Start Orb.
2. Click Computer.
4. In the Menu bar at the top of the page, click the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the box beside Hide protected operating system files (recommended) . Click Yes to confirm. Click OK.



Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.


:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

• Click the Start button
• Click Control Panel
• Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

• Open Adobe Reader
• Click Help on the menu at the top
• Click Check for Updates
• Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.


Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

• Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
• SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
• SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
• WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

• TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
• CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

:BACKUPS:

• Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
• ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A couple of programs that will do this are listed below. Only download and install one of the programs and run it monthly:
Secunia Software Inspector
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay safe
godawgs

[Jules4me]

I have everything finished except downloading additional anti malware software and the other requested downloads to keep the computer safer.

Everything seems to running good and fast. Thank you so much. Tell your colleagues that I appreciate them so much for helping out.

I will be opening another thread tonight for the other computer, if you are up for the challenge and want to work with me. Maybe we'll come across some more learning opportunities.

[godawgs]

You're welcome. I would be happy to work with you on the next "project".

[godawgs]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.