Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Posts Closed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

One last Note

Unread postby Robinski123 » December 21st, 2011, 5:32 pm

I should mention that I had deleted ALL system restore points & turned it off completely a day after initial infection.....R
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm
Advertisement
Register to Remove

Re: Posts Closed

Unread postby Dakeyras » December 21st, 2011, 8:09 pm

Hi. :)

Thanks for the update and we will be attempting to rectify the various system errors shortly. With regard to the online scan results they all appear to be what is known as false positive detections to myself so no further action is required.

I should mention that I had deleted ALL system restore points & turned it off completely a day after initial infection.....R
That explains the error denoted in the OTL custom fix log. Please enable System Restore and in turn create a new System Restore point. As even a infected System Restore point is still useful rather than none to fall back on if the need. Also when I give the all clear we will be flushing the aforementioned as a precaution and creating a new safe/clean one etc.

Run Windows 7 SUR:

Reboot your machine using the Windows 7 Installation DVD.

  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, remove the Windows 7 Installation DVD and then click on Restart

Windows 7 - System File Checker:

You may require your Windows 7 Installation DVD for the below, if the scan asks for this merely insert it into the optical drive and follow the prompts.

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue in the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • cd c:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • sfc /scannow
  • Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key and reboot your machine.

Next:

Let myself know when completed the above and how your computer is performing now. Any further symptoms and or problems encountered?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Puzzled..........again!!

Unread postby Robinski123 » December 22nd, 2011, 1:46 am

Hello.......I am now officially frustrated!!. First I have already tried to repair from win 7 disc...that did not work. So I tried again
today...selected "Startup Repair" and got a error message: "Startup RepairOffline" (Locale 1033). Then I tried scannow (Which I
also have done before)...Win>> cmd>> Run as Admin...typed exacly as requested....received the following: "Windows
Resource Protection could not perform the requested operation" As I stated in original post: "Finally got scannow to run!! (After
Restart)...ran for almost 2hrs 30min...restarted...Back to FAST BOOT :)"...so I am able to scannow ONLY if I select it from c:
property...tools..and restart. I think that this problem might be a factor: When I bought the HP, It came with VISTA HP 64 pre-
installed....I got rid of all "Bloadware"....ie: "Norton"<<< YIKES...dont like that and others....anyways because of the timing
when I bought the HP...I was eligable for the free win 7 upgrade...which I installed with no problem. (Well...the install time was
long..........)...Before the actual installation, I was prompted to make backup dvds of my vista HP....so I did and it created 3
DVDs....which I still have. Question is: My d: partition contains my "Recovery"...it actually called "Factory_Image". Now does
this contain win 7 recovery or the original Vista??? when I try to access it I get the following message: HP Recovery Partition
Warning! This area....etc....Do not delete or alter these files...etc..
I did some research on line and found the following....which I think is neat!!: ..(Its abit long)

http://www.sevenforums.com/tutorials/42 ... n-dvd.html
1. Download 7-Zip(64)
2. Use Compatibiliy Mode on the 7-Zip shortcut and check the Run this program as an administrator box.
3. Run 7-Zip, then click on Tools and Options. Next, click on the Select all button and on OK.
4. Insert your retail Windows 7 installation disc into the DVD drive and wait for it to be recognized.
5. In 7-Zip, navigate to your DVD drive letter (ex: E: ) that has the Windows 7 installation disc in it, and double click on the
Sources folder.
6. Scroll down and double click on the install.wim file.
7. You will now see this for a few seconds as it opens.
8. Each numbered folder is a different edition of Windows 7. They will vary depending on what type of Windows 7 installation
DVD you have. To see what edition is for each numbered folder, select the 1.xml file and click on the Extract button on the
toolbar.
9. Copy the 1.xml file to your desktop.
10. Open the 1.xml file on the desktop. Look for the <IMAGE INDEX="#"> entry and the <NAME>edition</NAME> entry a bit
under it in the code (highlighted in red below) to see what Windows 7 edition is for each numbered folder in step 8.
**********Image Index...Folder= 2 <<<<***********
11. Now open the numbered folder (step eight) that is the same edition as your currently installed Windows 7 edition, and navigate
to the Windows\System32 folder. You can now select and extract the system files that you need to your desktop.
12. Verify that each extracted file is unblocked. You can now use the extracted files to copy and replace your missing or
corrupted system files in your currently installed Windows 7.
DONE!!!!!!!!!!!!
Notes:
You will need to take ownership and set permissions to "Allow" your account "Full Control" of the original file in your current
installation before you will be allowed to replace it with the extracted copy.
If the system file is in use and you are unable to replace it with the extracted copy, then:
Open a Command Prompt at boot.
Do steps 2B to 2D in this tutorial first to verify the drive letter of your Windows 7 drive. It's not always C: at boot.
Type in the command below to copy and replace the original file with the extracted replacement file.

Copy /Y "full path of extracted replacement file" "full path of original Windows 7 system file"
For example:
If the extracted replacement uDWM.DLL is on my desktop, then I would use type this in the command prompt at boot and press
enter.
Copy /Y "C:\Users\User-name\Desktop\uDWM.dll" "C:\Windows\System32\uDWM.dll"
****************************************************************************************
I have done this and it works...(And I do own Win 7 LEGALLY)...though I didnot replace ANY files......will this help with my
system problems???
One more question.....is my HP now infection free???......Many Thanx........R
ps: Still considering a Clean Install.........
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Restore Error

Unread postby Robinski123 » December 22nd, 2011, 3:39 am

Hi...again......Thought that I should let you know that I enabled System Restore and created a point, However, when I tried to
do a restore...I received the following: "System Restore Error (0x80070005)"......and I also got this:
"Failed to Extract File (c:\$Extend\$RMMetadata\$Txf)"....Sincerely, Totally Confused!!!......Thank You!!!......R
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 22nd, 2011, 6:03 am

Hi. :)

OK at this juncture I do not think malware is any longer a issue but rather the actual Operating System is badly damaged beyond anything I can advise. So my best advice would be to perform a reformat and reinstallation of the Windows Operating System.

Or we can clean up all tools used during the Malware Removal process and I can refer you to a specific IT/Operating System support forum as primarily online I only provide actual Anti-Malware support. Though I honestly do not think anything can be done.

I did some research on line and found the following....which I think is neat!!: ..(Its abit long)
Interesting and does appear feasible after reading the tutorial. However not sure if that would make any difference in your situation being honest and the distinct possibility it could render your machine merely a expensive door-stop!

Anyway going back to what I have mentioned so far, your decision to make and I can only offer both my honest opinion/advice. However after saying all of the above there may be a outside chance the below may just work but I have had marginal success in the past with such a badly damaged Operating System after a Malware Removal process.

--------------

Note: I give no guarantees the below will work and my prior advice with regard too a reformat and reinstallation of the Windows Operating System is probably the most prudent course of action...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start(Windows 7 Orb) >> All Programs >> ERUNT >> Right-click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Repair Windows 7 Registry:

  • Bootup your computer from the Windows 7 DVD. <-- Use the 64 bit DVD
  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Command Prompt
  • At the Command Prompt X:Sources type in the following exactly:-

diskpart and press Enter >> then at the DISKPART> prompt type in list volume and press Enter.

Note: Make a note of what the drive letter is for your Windows 7(operating system) drive or partition.

Now if Windows 7 is on C type in C:; and press Enter. Then type in:-

CD X:\Windows\System32\Config <-- X denotes your drive letter designation..
  • and hit the Enter key, now type in:-
REN system system.old
  • and hit the Enter key, now type in:-
COPY X:\Windows\System32\config\RegBack\System
  • Now remove your Windows 7 DVD from the CD/DVD Drive, now type in:-
Exit
  • Hit the Enter key, back at the the System Recovery Options screen click Restart and your computer should boot-up as normal.

Next:

Let myself know the outcome and or if any problems encountered and or what other course of action you wish to undertake, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Last Resort

Unread postby Robinski123 » December 23rd, 2011, 1:55 am

Hello Dakeyras!!....I have tried the above recommendations......to no avail. I am currently backing up my User Folder (243GB) to a 403GB partition in my 2TB drive.
It used to be an external but it was TOO SLOW!!.so I took out the drive and am using it directly with sata. (I dont keep it "hooked up"....I also use it to backup my old Vista 32)
so basically I am preparing to do a clean Install.....I have all of my main programs (Sonar..etc) on the original discs with the serials written down....so that should not be a problem..just time consuming!!..However, It wil be nice to have a "Brand New" win 7....again. I have read that some users just do this once in a while, even with a "clean" system.
I realize that you are a "Malware" Pro......but I do have a install question: Can I do a install where my User & ProgramData are separate (Partition) from the main OS??? (I have read that this is possible...so when I do need to do a clean Install or Backup, it would be easier...less GB space+ faster read & write times??)
Thanks again for ALL of your TIME & HELP........R
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 23rd, 2011, 10:36 am

Hi. :)

Thanks again for ALL of your TIME & HELP........R
You're most welcome!

I have tried the above recommendations......to no avail.
Unfortunately I am not surprised as your machines Operating System is so badly damaged.

Can I do a install where my User & ProgramData are separate (Partition) from the main OS
Aye it can be done, this article explains how:-

How to Create User Accounts on another Partition or Disk During Windows 7 Installation

Or you could ask in this part of the forum also.

Next:

After the reformat and reinstallation of the Windows Operating System is completed these two forum topics are worth reading here and here.

Any further questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

NEW WIN 7

Unread postby Robinski123 » December 23rd, 2011, 10:52 pm

Hello Dakeyras!!....First I want to thank You for ALL of your help throughout my "crisis". Yes my HP is clean but with a broken system left...and little hope of full recovery of said
system, I had to do a clean install. (I'm using it RIGHT now :) The article that you refer to, I already have on .pdf...that along with ALOT of other info...I transfered to my old Vista32 via 8GB flash..for referance while doing the clean install. As mentioned in my last post, I have backed up my personal folders (User)...there was many many folders & files!!. So right after that, I decided yesterday to actually begin the clean install. I used Diskpart, first to wipe my drive CLEAN...that took awhile...after I then created a 200mb mbr, a 120GB partition for Win 7 and another partition (remaining space) for my Users+ProgramData. I then installed Win 7 following Kari's detailed instructions....I actually created my first .xml file!!!...well using Kari's script of course!!.....the actual installation only took 20min!!...and it was neat to be in the ctrl shift F3 audit mode!! never been there before...
now I know how pre-built Computers are made....with the xtra mostly useless "Bloatware". Well as you can tell by now, the intall with system+users on different partitions worked FLAWLESSLY :)..(I could have chose to have on diff drives, but all of my 4 sata's are currently in use)....anyways that was the easiest part.........now I have to reinstall my apps and reconfigure my personal settings..(which I have written down...I just have to find then in my Actual real paper Folders.).....Well, Dakeyras...sir!! I GREATFULLY THANK YOU for your Masterful help with my......past Problem!! I must say that I will NEVER open/download any e-mail attachments, unless I am 100% sure about it. I get alot of Business related e-mails....and just by pure coincidence, I happen to be expecting a package from Canada Post.......so when I received the e-mail.......OK thats a hard lesson learned...and actually..I am kind of glad to reinstall....cause I have a new STABLE system.that is set up even Better than before!!!...so I tend to look forward, rather than complaining and being stuck in the past. I am a studious problem solver...and very stubborn also!! As a Musician, I can work on ideas for DAYS and other of lifes issues, BUT I do not linger on them for too long.....it's not good for one's mental health. I have solved many computer problems like this, and other problems. If the problem is beyond my compacity and I have checked all other possible solutions.....I then just stop and move on. Like with my HP problem...I/We have tried many solutions..and even though my HP was infection free....what IT had done was beyond repair...I am sure...I made the decision to reinstall. Once I had made that decision, I immediatly started preparing for it....like I had said...moving on!!!
So again, Dakeyras, I thank you!! and will heed your advice of "Staying Safe". Blessings to you and your's, and have a Merry Christmas & a Very Happy New Year!!
Sincerely,
Robin Anthony Moran. <(RAM...my real Initials...ha! Ha! :)
Robinski123
Regular Member
 
Posts: 32
Joined: December 11th, 2011, 5:34 pm

Re: Posts Closed

Unread postby Dakeyras » December 24th, 2011, 5:36 am

You're most welcome! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Posts Closed

Unread postby Cypher » December 24th, 2011, 6:59 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware