Solved No icons, black screen, all programs gone from menu.

[Jay Pfoutz]

You're welcome. It's my pleasure...

Anyway, let's do some more diagnostics...Usually, SVCHOST high running will drastically slow your computer down at random times. You'll know it, as it's pretty evident.

Right-click on the Desktop, please, and select Personalize. Then, press Screen Saver on the far right bottom. Make sure it is set to None. Hit Apply & OK.


Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.


Let me know if the problem with the Start Menu is resolved...

 

[Budgiebyrd]

Good morning;

1. when I went to download the Windows repair, there were many options. I picked the one for Techspot. I hope that was correct.
2. The screen shots you included in your post are now different from the ones that displayed during the process. just so you are aware.
3. after completing the repair, the system rebooted and the Windows firewall became active again and blocked the following:
a. Epson (my printer)
b. CLMSService
c. DMR Engine
I "allowed" all. But am unsure of what CLMSService and DMR are.
4. Am I able to reinstate my BELL anti-virus, firewall, etc, or should I wait?
5. The windows menu now has many more folders but they're all still empty when clicked on.
6. the error message "Catalyst Control Centre: Host application has stopped working. windows is checking for a solution to the problem." Still appears twice.
7. when I open the internet, a message stating "You are now entering a secure connection..." This message appears after the screen has opened and I'm partway through entering my passwords. Not sure if this is an issue, or if I'm just impatient

Tara

 

[Jay Pfoutz]

Do you have the Avant web browser? That's what I'm finding CLMSService is related to.

DMR Engine is by CyberLink PowerCinema.

Update your display/graphics card drivers
Visit the link below to download and install the latest drivers for your display card, which should help resolve the Catalyst Control Center problem...
ATI Support link:
http://support.amd.com/us/gpudownload/Pages/index.aspx



Let's do that for now, then we can move on to the other issues later...

 

[Budgiebyrd]

We are using Internet Explorer as our web browser.

Graphics/display card driver now updated.

Yes...that seems to have gotten rid of the CCC problem.

 

[Jay Pfoutz]

SystemLook x64 scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *CLMSService*
  
  :regfind
  CLMSService

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Budgiebyrd]

I haven't gotten the Firewall message for CLMSService, DMR Engine, or Epson since running the last fix instructions.

Here's the System look text.


ySystemLook 30.07.11 by jpshortstuff
Log created at 15:50 on 12/03/2013 by Detlor main
Administrator - Elevation successful
========== filefind ==========
Searching for " *CLMSService*"
No files found.
Searching for " :regfind"
No files found.
Searching for " CLMSService"
No files found.
-= EOF =-

 

[Jay Pfoutz]

Hi, There was a space in the script for this, please do this again the same way as earlier:

:regfind
CLMSService

 

[Budgiebyrd]

SystemLook 30.07.11 by jpshortstuff
Log created at 16:26 on 12/03/2013 by Detlor main
Administrator - Elevation successful
========== regfind ==========
Searching for " CLMSService "
No data found.
-= EOF =-

 

[Jay Pfoutz]

Excellent work. What other problems shall we diagnose, if any?

 

[Budgiebyrd]

Windows/start menu is still empty.
That's the only thing I can still see, but it worries me because it still looks the same as when the system first was affected by this bug.

 

[Jay Pfoutz]

• Please download Unhide by Grinler from here and save it to your desktop.
• Double click unhide.exe to run the tool.
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

 

[Budgiebyrd]

Everything looks good now. The menu items are back in my start menu.
So....next questions.
1. Can I reactivate my firewall, anti-spam etc now?
2. I have an external harddrive that has been giving me trouble accessing the files. Is this the right forum to discuss or should I post this concern/trouble in a different heading?

 

[Budgiebyrd]

AND....
3. Can I now uninstall all the "fixit" programs that we used? Are there any that I should keep?

Thanks
Tara

 

[Jay Pfoutz]

Go ahead with re-activation, remove the fix-it tool, and please let me know more details about the hard drive trouble:

• What method do you try to use to access the files?
• Are there any error messages?
• Have you tried unplugging the device, rebooting the system, and then plugging it back in?
• When did this occur? At the time of infection?

Let me know that info, and we will continue from there.

 

[Budgiebyrd]

Ummmm....as I went to investigate, I'm able to get access now.
The issue had been happening for many months. Long before this infection.

I guess everything is fine then.
thank you so much for all of your help.
I really appreciate the time and effort you put into this.
Tara

 

[Jay Pfoutz]

Excellent!

We will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advanced System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Remove tools, temp files, old Restore Points

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :files
  ipconfig /flushdns /c
  
  :commands
  [CREATERESTOREPOINT]
  [CLEARALLRESTOREPOINTS]
  [emptyflash]
  [emptytemp]
  [emptyjava]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
• It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Budgiebyrd]

I've completed all but the Security Check.
When I click on the Spyware link it comes up as a "404 Not found" error.
When I type it in, the page says "Apache is functioning normally".

I tried the Changelog.fr link and it goes to a page that says "Welcome to screen317's little corner of the Internet". There is a link that says "Click here for screen317's Security Check", but when clicked goes to a "404 not found" error message.
I tried typing in the address and get to a website in French. I don't speak or read French. :-(

I have been unable to do the Security check. :-(

 

[Jay Pfoutz]

Okay, download it from my attachment, extract the zip file by right-clicking and selecting Extract all...

Once done, you should see the securitycheck.exe, double-click on that and run it, just as instructed above.

Note to outside readers: Please don't download this SecurityCheck.zip. Its version is dated Mar. 10, 2013, therefore it may be out of date.

 

[Budgiebyrd]

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?

 

[Budgiebyrd]

No other questions. Thank you so much again for all of your help.
Tara

 

[Jay Pfoutz]

You're welcome. Thanks for contribution.

Topic solved.