System Check Virus ... Can't System Restore even in Safe Mode

Corrine · February 26, 2012, 02:49:44 PM

You need to copy the information from the Code box in the instructions into the main text field.

Maddielee · February 26, 2012, 04:09:40 PM

the systemlook box is empty.

Corrine · February 26, 2012, 06:27:29 PM

Is SystemLook.txt on your desktop? If so, please post a copy. Also re-run SystemLook, pasting the following code in the box when you launch SystemLook:

Code Select

:dir
C:\Documents and Settings\All Users\Start Menu\Programs

Maddielee · February 26, 2012, 06:40:44 PM

systemlook log (1st code)

SystemLook 30.07.11 by jpshortstuff
Log created at 13:39 on 26/02/2012 by Administrator
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp - Unable to find folder.

-= EOF =-

Maddielee · February 26, 2012, 06:42:34 PM

sytemlook log (2nd code)

SystemLook 30.07.11 by jpshortstuff
Log created at 13:41 on 26/02/2012 by Administrator
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Start Menu\Programs - Parameters: "(none)"

---Files---
desktop.ini   --ahs-- 150 bytes   [20:34 24/02/2012]   [14:54 22/05/2009]
MSN.lnk   --a---- 1986 bytes   [20:34 24/02/2012]   [14:54 22/05/2009]
Windows Messenger.lnk   --a---- 609 bytes   [20:34 24/02/2012]   [14:54 22/05/2009]
Windows Movie Maker.lnk   --a---- 786 bytes   [20:34 24/02/2012]   [14:54 22/05/2009]

---Folders---
Accessories   d-a----   [00:47 05/04/2005]
Administrative Tools   d-a----   [00:47 05/04/2005]
Adobe   d------   [20:54 28/12/2007]
America Online   d------   [01:20 05/04/2005]
AOL   d------   [18:14 18/01/2009]
Better Homes and Gardens   d------   [20:16 08/03/2008]
CA   d------   [12:44 03/04/2010]
Dell Accessories   d------   [01:13 05/04/2005]
Dell Picture Studio 3   d------   [01:17 05/04/2005]
Dell Printers   d------   [15:07 13/04/2005]
Family Tree Maker   d------   [21:51 11/04/2005]
Games   d-a----   [00:47 05/04/2005]
Google Updater   d------   [16:31 12/04/2008]
Intel Network Adapters   d------   [01:13 05/04/2005]
InterActual   d------   [00:22 06/01/2008]
iPod   d------   [18:49 25/12/2005]
iTunes   d------   [17:01 31/01/2012]
LabelCreator Pro   d------   [18:33 10/09/2011]
Logitech   d------   [15:14 11/04/2005]
McAfee   d------   [14:29 25/02/2012]
Musicmatch   d------   [21:01 21/06/2005]
Photobucket   d------   [17:05 26/06/2006]
Picasa 3   d------   [15:03 01/12/2008]
QuickBooks   d------   [01:24 05/04/2005]
QuickTime   d------   [17:30 26/12/2011]
QuickTime for Windows   d------   [17:53 08/03/2008]
Real   d------   [01:21 05/04/2005]
Sierra   d------   [17:52 08/03/2008]
Sonic   d------   [01:16 05/04/2005]
Startup   d-a----   [00:47 05/04/2005]
The Print Shop   d------   [20:46 11/04/2005]
WordPerfect Office 12   d------   [01:14 05/04/2005]

-= EOF =-

Corrine · February 26, 2012, 09:29:22 PM

See if you can run Fix #154, right pane (Remove "All Programs" from Start Menu - Undo) at http://www.kellys-korner-xp.com/xp_tweaks.htm (Direct link: http://www.kellys-korner-xp.com/regs_edits/allprogramsdisable.reg)

Save the REG File to your hard disk. Double-click it and answer yes to the import prompt.

Maddielee · February 27, 2012, 02:09:54 PM

I think I have the allprogramsdisable saved on my harddrive. When I double click it, I get RUN, and then a box asking if I'm sure I want to add it to the Registry. When I click YES I get a box saying its been added successfully.

Corrine · February 27, 2012, 02:43:21 PM

Good. What do you get now when you click Start? Can you access your programs, Control Panel, etc. now?

Maddielee · February 27, 2012, 04:10:31 PM

I AM able to send this post using Windows, not in Safe Mode.

Some programs still read 'empty'.

I can not find the Control Panel.

My START menu lists: Internet, E-mail____mcAfee, Internet Explorer -----My Documents, My Pictures, My Computer

(I am getting excited)

Corrine · February 27, 2012, 06:34:49 PM

Since the last fix from Kelly's Korner was successful, let's see what this one does. As before, save the REG File and double-click it to run. When asked if you want to add to your registry, answer yes to the import prompt.

Show Control Panel on the Start Menu

Let me know the results.

Maddielee · February 27, 2012, 06:55:30 PM

Yes! Control Panel is back!

Now what?

Corrine · February 27, 2012, 07:44:36 PM

Can you get to Add/Remove programs to follow the instructions here?

At this point, I think you'll need to manually restore programs to the Programs button but will research further.

Maddielee · February 27, 2012, 08:32:18 PM

OK. I was able to uninstall the list of programs.

BUT, when I tried to uninstall My Way Search Assistant I get a RUNDLL box....Error loading c;\PROGRA~1\MYWAY (etc)
The Specified module could not be found.

AND I couldn't find ELF 1.13 Toolbar or Conduit Engine on the list.

Corrine · February 28, 2012, 01:32:57 AM

We've made a lot of progress! I really was thinking I'd have to send you to a tutorial to do a repair install and hope you had success.

It could be MBAM took care of the My Way Search Assistant. Let's take care of ELF and Conduit with ComboFix and then see what else needs to be done. It has been a few days since you last used ComboFix so you will probably be prompted to update it. Please allow any offered update to ComboFix.

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code Select


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Folder::
c:\program files\elf_1.13
c:\program files\conduitengine

RegLock::
[HKEY_USERS\S-1-5-21-3309822840-836792384-1404327448-500\Software\Microsoft\Internet Explorer\User Preferences]

Save this as CFScript.txt and place it on your desktop.
Close any open browsers
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Maddielee · February 28, 2012, 03:49:46 PM

Good day! The ComboFix has been running for about 75 minutes.

(the screen says that it usually takes 10, however scan times for badly infected machines may easily double)

Completed Stage_1
Completed Stage_2

Then a blinking cursor

????