cant even run read me!!!!

mneenee · Oct 14, 2008

Hi this is my sisters laptop running windows xp home. It started when I borrowed hers to fix mine uhg. I started it up and when i did it wanted to do check disk. I didnt bother as she told me she didnt shut it down properly because it hasn't been letting her. then as it was starting to load the user screen, it said it couldnt load the local profileit as it couldnt find it. so when it started up it redid the desktop etc(like a new install of windows). then when starting internet explorer it started it like it was new? wasnt sure if she had just added it so I set it up and went on with what I was doing. when turning off IE (after downloading a few programs I needed)then restarted IE it did it again. Thats when I knew something was wrong. so I resarted the computer to see if it would do the same thing again. it did and when returning to the desktop for my downloads they were gone IE the same as before. So I checked her documents and they are all gone pictures too. I started the read me but when having to restart everything was lost from the desktop, however the mgtools is still there as well as the sas under program files. What should I do??? Is it gonna be possible to recover her files?

Thanks
Mneenee

TimW · Oct 16, 2008

Sounds like a user profile was corrupt.....we need you to attach the logs that you do have (SAS and MGLogs.zip)and try to also run Malwarebytes and get us that log.

mneenee · Oct 17, 2008

Hi Tim, first of all thanks for your help. I am going to start over as the logs are gone. They disapear if the computer is restarted which it has been since my first post. I am not going to try to run spybot as it wants to restart. So I will try sas, mbam and mgtools. I probably shouldn't do combo fix as it restarts as well. so will do these couple of things and post logs.

Thanks

Mneenee

mneenee · Oct 17, 2008

Here are the logs, however they did not find anything as I believe it was all cleaned before. I have not restarted the computer do you think I should? Files and pics are all still missing.

TimW · Oct 17, 2008

First question before I look at your logs is have you checked each of these profiles:

Code:

C:\Documents and Settings\"
DEFAUL~1      Aug 17 2004              "Default User"
ALLUSE~1      Aug 17 2004              "All Users"
USER          Aug 17 2004              "user"
ADMINI~1      Jun 10 2005              "Administrator"
TEMP          Oct 14 2008              "TEMP"
USER~1.GAR    Oct 14 2008              "user.GARY"
TEMP~1.GAR    Oct 14 2008              "TEMP.GARY"

mneenee · Oct 17, 2008

ok i found a bunch of files and pics under "user" not sure if it is everything though. Also found the combo fix log from when i did it earlier will attach it now.

TimW · Oct 17, 2008

Your logs are clean.....I would suggest that you post in the software forum in order to sort out your user profiles and recover you pictures, etc.

Let's just clean up some form the scans:

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-
Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you get a success message, then:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Click to expand...

mneenee · Oct 17, 2008

Okay did the reg thing and all went well but when uninstalling combofix through run it gives an error that says: Windows cannot find "C:\Documents and Settings\user.Gary\Desktop\combofix'. Make sure you typed the name correctly etc etc.

This is probably because I am not using Gary right? should I still go to software?

TimW · Oct 17, 2008

Yes....not sure which profile you downloaded it under....but you can manually remove it:
you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.

Then off to software and hopefully they can get your profiles straightened out.

mneenee · Oct 17, 2008

Okay Thank you so much for your help Tim it is greatly appreciated!!!!

TimW · Oct 17, 2008

You are most welcome....hope they can help you out.

mneenee · Oct 19, 2008

Hey Tim just wondering how long it takes to get a response from software forum. I still haven't had a reply since you sent me there on the 17th? And I don't want to bump Thanks

Mneenee

TimW · Oct 19, 2008

Bump!!! Not a problem in software.....

Log in or Sign up

cant even run read me!!!!

mneenee Corporal

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mneenee Corporal

mneenee Corporal

Attached Files:

mbam-log-2008-10-17 (11-00-43).txt

sas.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mneenee Corporal

Attached Files:

ComboFix.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mneenee Corporal

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mneenee Corporal

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

mneenee Corporal

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member