also @ TechSpot: Microsoft backtracks: Drops daily check-ins, used games restrictions on Xbox One

(new TDL4) Keylogged & IE with a mind of its own

Discussion in 'Virus and Malware Removal' started by Brutal Black, Nov 23, 2011.

Post New Reply
Page 5 of 6

  1. Broni Malware Annihilator Posts: 40,091   +187

    We'll leave Combofix alone.

    Create new restore point again and run my OTL fix script.
    Broni, Dec 4, 2011
    #81

  2. Brutal Black Newcomer, in training Posts: 75

    I'm pretty sure it didn't work this time around, here's the log:

    Error: Unable to interpret <netsvcs> in the current context!
    Error: Unable to interpret <drivers32> in the current context!
    Error: Unable to interpret <%SYSTEMDRIVE%\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\Fonts\*.com> in the current context!
    Error: Unable to interpret <%systemroot%\Fonts\*.dll> in the current context!
    Error: Unable to interpret <%systemroot%\Fonts\*.ini> in the current context!
    Error: Unable to interpret <%systemroot%\Fonts\*.ini2> in the current context!
    Error: Unable to interpret <%systemroot%\Fonts\*.exe> in the current context!
    Error: Unable to interpret <%systemroot%\system32\spool\prtprocs\w32x86\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\REPAIR\*.bak1> in the current context!
    Error: Unable to interpret <%systemroot%\REPAIR\*.ini> in the current context!
    Error: Unable to interpret <%systemroot%\system32\*.jpg> in the current context!
    Error: Unable to interpret <%systemroot%\*.jpg> in the current context!
    Error: Unable to interpret <%systemroot%\*.png> in the current context!
    Error: Unable to interpret <%systemroot%\*.scr> in the current context!
    Error: Unable to interpret <%systemroot%\*._sy> in the current context!
    Error: Unable to interpret <%APPDATA%\Adobe\Update\*.*> in the current context!
    Error: Unable to interpret <%ALLUSERSPROFILE%\Favorites\*.*> in the current context!
    Error: Unable to interpret <%APPDATA%\Microsoft\*.*> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\*.*> in the current context!
    Error: Unable to interpret <%APPDATA%\Update\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
    Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
    Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\bak. /s> in the current context!
    Error: Unable to interpret <%systemroot%\system32\bak. /s> in the current context!
    Error: Unable to interpret <%ALLUSERSPROFILE%\Start Menu\*.lnk /x> in the current context!
    Error: Unable to interpret <%systemroot%\system32\config\systemprofile\*.dat /x> in the current context!
    Error: Unable to interpret <%systemroot%\*.config> in the current context!
    Error: Unable to interpret <%systemroot%\system32\*.db> in the current context!
    Error: Unable to interpret <%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x> in the current context!
    Error: Unable to interpret <%USERPROFILE%\Desktop\*.exe> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Common Files\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\*.src> in the current context!
    Error: Unable to interpret <%systemroot%\install\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\DLL\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\HelpFiles\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\rundll\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\winn32\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\Java\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\test\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\Rundll32\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\AppPatch\Custom\*.*> in the current context!
    Error: Unable to interpret <%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\PC-Doctor\Downloads\*.*> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.tmp> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.dat> in the current context!
    Error: Unable to interpret <%USERPROFILE%\My Documents\*.exe> in the current context!
    Error: Unable to interpret <%USERPROFILE%\*.exe> in the current context!
    Error: Unable to interpret <%systemroot%\ADDINS\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\assembly\*.bak2> in the current context!
    Error: Unable to interpret <%systemroot%\Config\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\REPAIR\*.bak2> in the current context!
    Error: Unable to interpret <%systemroot%\SECURITY\Database\*.sdb /x> in the current context!
    Error: Unable to interpret <%systemroot%\SYSTEM\*.bak2> in the current context!
    Error: Unable to interpret <%systemroot%\Web\*.bak2> in the current context!
    Error: Unable to interpret <%systemroot%\Driver Cache\*.*> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\0*.exe> in the current context!
    Error: Unable to interpret <%ProgramFiles%\Microsoft Common\*.*> in the current context!
    Error: Unable to interpret <%ProgramFiles%\TinyProxy.> in the current context!
    Error: Unable to interpret <%USERPROFILE%\Favorites\*.url /x> in the current context!
    Error: Unable to interpret <%systemroot%\system32\*.bk> in the current context!
    Error: Unable to interpret <%systemroot%\*.te> in the current context!
    Error: Unable to interpret <%systemroot%\system32\system32\*.*> in the current context!
    Error: Unable to interpret <%ALLUSERSPROFILE%\*.dat /x> in the current context!
    Error: Unable to interpret <%systemroot%\system32\drivers\*.rmv> in the current context!
    Error: Unable to interpret <dir /b "%systemroot%\system32\*.exe" | find /i " " /c> in the current context!
    Error: Unable to interpret <dir /b "%systemroot%\*.exe" | find /i " " /c> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Microsoft\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\System32\Wbem\proquota.exe> in the current context!
    Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\*.dat> in the current context!
    Error: Unable to interpret <%USERPROFILE%\Cookies\*.txt /x> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\fonts\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\winlog\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\Language\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\Settings\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\*.quo> in the current context!
    Error: Unable to interpret <%SYSTEMROOT%\AppPatch\*.exe> in the current context!
    Error: Unable to interpret <%SYSTEMROOT%\inf\*.exe> in the current context!
    Error: Unable to interpret <%SYSTEMROOT%\Installer\*.exe> in the current context!
    Error: Unable to interpret <%systemroot%\system32\config\*.bak2> in the current context!
    Error: Unable to interpret <%systemroot%\system32\Computers\*.*> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\Sound\*.*> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\SpecialImg\*.*> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\code\*.*> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\draft\*.*> in the current context!
    Error: Unable to interpret <%SystemRoot%\system32\MSSSys\*.*> in the current context!
    Error: Unable to interpret <%ProgramFiles%\Javascript\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\pchealth\helpctr\System\*.exe /s> in the current context!
    Error: Unable to interpret <%systemroot%\Web\*.exe> in the current context!
    Error: Unable to interpret <%systemroot%\system32\msn\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\*.tro> in the current context!
    Error: Unable to interpret <%AppData%\Microsoft\Installer\msupdates\*.*> in the current context!
    Error: Unable to interpret <%ProgramFiles%\Messenger\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system32\systhem32\*.*> in the current context!
    Error: Unable to interpret <%systemroot%\system\*.exe> in the current context!
    Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU> in the current context!
    Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs> in the current context!
    Error: Unable to interpret </md5start> in the current context!
    Error: Unable to interpret </md5stop> in the current context!

    OTL by OldTimer - Version 3.2.31.0 log created on 12042011_164130
    Brutal Black, Dec 4, 2011
    #82

  3. Broni Malware Annihilator Posts: 40,091   +187

    You missed 1st line of my script:
    Redo
    Broni, Dec 4, 2011
    #83

  4. Brutal Black Newcomer, in training Posts: 75

    I was trying to run the wrong script entirely, we've created quite the long thread. haha

    Running it now, thanks for pointing that out.
    Brutal Black, Dec 4, 2011
    #84

  5. Broni Malware Annihilator Posts: 40,091   +187

    May be a record....5 pages...LOL
    Broni, Dec 4, 2011
    #85

  6. Brutal Black Newcomer, in training Posts: 75

    Alright, since running the OTL fix windows refuses to boot up. I ran an automatic repair that did nothing to fix the issue. Recovery disk time?
    Brutal Black, Dec 4, 2011
    #86
     

  7. Brutal Black Newcomer, in training Posts: 75

    It's currently attempting another automatic repair, it's searching longer this time instead of immediatley attempting to repair, could stumble on the problem so going to let it run.
    Brutal Black, Dec 4, 2011
    #87

  8. Broni Malware Annihilator Posts: 40,091   +187

    Since running correct OTL fix?

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    bootrec /fixboot

    exit

    Restart computer.
    Broni, Dec 4, 2011
    #88

  9. Broni Malware Annihilator Posts: 40,091   +187

    If not follow my latest reply.
    Broni, Dec 4, 2011
    #89

  10. Brutal Black Newcomer, in training Posts: 75

    The extended search ended in offering a system restore. Hmmm...
    Brutal Black, Dec 4, 2011
    #90

  11. Broni Malware Annihilator Posts: 40,091   +187

    Try my previous reply first.

    You didn't say:
    Broni, Dec 4, 2011
    #91

  12. Brutal Black Newcomer, in training Posts: 75

    So windows cannot make it past the 4 glowing lights that form the windows flag. System restore comes up with the error that startup repair cannot automatically fix this computer.

    I ran the commands you wrote out in bold but nothing changed, it still stops just short of the windows password screen and tells me windows failed to launch.

    Both those commands entered successfully.
    Brutal Black, Dec 4, 2011
    #92

  13. Brutal Black Newcomer, in training Posts: 75

    Yes, it was ever since running the correct fix, the wrong one simply froze the program forcing me to restart it.
    Brutal Black, Dec 4, 2011
    #93

  14. Brutal Black Newcomer, in training Posts: 75

    I still have the restore point you told me to create if all else fails.
    Brutal Black, Dec 4, 2011
    #94

  15. Broni Malware Annihilator Posts: 40,091   +187

    Did you read my reply #88?
    Broni, Dec 4, 2011
    #95

  16. Broni Malware Annihilator Posts: 40,091   +187

    Go ahead with restore point then.
    Broni, Dec 4, 2011
    #96

  17. Brutal Black Newcomer, in training Posts: 75

    Uh oh...

    I'm slightly worried now. Even though I "KNOW" I created a restore point, and had multiple ones besides the one I created. The system isn't finding any restore points.
    Brutal Black, Dec 4, 2011
    #97

  18. Brutal Black Newcomer, in training Posts: 75

    I see a system image is different, however I don't have one of these. :(
    Brutal Black, Dec 4, 2011
    #98

  19. Broni Malware Annihilator Posts: 40,091   +187

    I'm afraid we're dealing with some serious Windows corruption.
    Did you try to boot to Safe Mode?
    Broni, Dec 4, 2011
    #99

  20. Brutal Black Newcomer, in training Posts: 75

    Safe mode stops loading waaaaaay too earlier at something like WMLIB.sys and reboots the computer. Same any other safe mode.
    Brutal Black, Dec 4, 2011
    #100
Page 5 of 6

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.