Personalize will not open..

[niemiro]

So do I run the Command Prompt after the scan or during?
After that you want me to upload the tasklist.txt to you and then download and run the batch file you provided for me after I place it in the appropriate folder. Then boot in Normal Mode (if it works) and then upload the new tasklist1.txt to you?
I just want to be clear in case I do something wrong since I don't want to be wasting your time, I'm totally thankful for sticking with me for so long. lol

It is not you who is wasting my time! It is I! For it is I who forgets you for several days before getting reminded! Anyway:

Boot into Safe Mode, and open an elevated Command Prompt, and then run tasklist /svc ... tasklist.txt should have been created on your Desktop. Ignore it for the moment.

Put the batch file into the folder previously mentioned. There is no need to run it yet. All that putting it in this folder will do is run it on startup. Boot into Normal Mode, and it should automatically run. Close it, and boot back into Safe Mode.

tasklist1.txt should have been created on your Desktop. Upload both tasklist.txt and tasklist1.txt from your Desktop to a new post here, all from Safe Mode.

Run MBAM Full Scan, and either upload the log file, or tell me that no infections were found. If no infections are found, there is no need to upload the log file, but if infections are found, I would like to see the log file please.

Thanks!

Richard

 

[Jubilee]

So do I run the Command Prompt after the scan or during?
After that you want me to upload the tasklist.txt to you and then download and run the batch file you provided for me after I place it in the appropriate folder. Then boot in Normal Mode (if it works) and then upload the new tasklist1.txt to you?
I just want to be clear in case I do something wrong since I don't want to be wasting your time, I'm totally thankful for sticking with me for so long. lol

It is not you who is wasting my time! It is I! For it is I who forgets you for several days before getting reminded! Anyway:

Boot into Safe Mode, and open an elevated Command Prompt, and then run tasklist /svc ... tasklist.txt should have been created on your Desktop. Ignore it for the moment.

Put the batch file into the folder previously mentioned. There is no need to run it yet. All that putting it in this folder will do is run it on startup. Boot into Normal Mode, and it should automatically run. Close it, and boot back into Safe Mode.

tasklist1.txt should have been created on your Desktop. Upload both tasklist.txt and tasklist1.txt from your Desktop to a new post here, all from Safe Mode.

Run MBAM Full Scan, and either upload the log file, or tell me that no infections were found. If no infections are found, there is no need to upload the log file, but if infections are found, I would like to see the log file please.

Thanks!

Richard

Hmm, just as I expected; Normal Mode was completely non-functional. Although when I tried crt+alt+delete this time a window popped up that said: "Logon process has failed to create the security options dialogue. Failure - Security Options." This is probably an entirely different problem relating to whatever is preventing Normal Mode from working, but it never happened before.

Is there anyway I can do it while remaining in Safe Mode?

 

[niemiro]

Hello again!

I don't know about you, but I have had enough of these diagnostics logs! They have provided me with a very good, and necessary insight into your computer, but now comes the time for fixing things! They did not show me a specific solution, but there is still stuff to try.

Right, I need to explain things using complex words. I have explained most of them in the next sentence, so keep reading! If you still don't understand, just ask!

As for the tasklist, it has proved more trouble than it is worth at this point. If necessary, I will come back to it later. Please run a MBAM Full Scan in Safe Mode, and upload the log anyhow.

My plan is to start a clean boot procedure, and if necessary, to delete all of the shell extensions.

From Safe Mode:
Step 1: Start the System Configuration Utility

Click Start

, type msconfig in the Start Search box, and then press ENTER.

If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.
Step 2: Configure Selective Startup options

1. In the System Configuration Utility dialog box, click Selective Startup on the General tab.
2. Click to clear the Load Startup Items check box.Note The Use Original Boot.ini check box is unavailable.
3. Click the Services tab.
4. Click to select the Hide All Microsoft Services check box.
5. Click Disable All, and then click OK.
6. When you are prompted, click Restart.

^^ Shamelessly stolen from Microsoft. Source here, but I don't want you to follow it, follow me! Perform a clean startup to determine whether background programs are interfering with your game or program


Try Normal Mode again. Hopefully all will be well, or at least something has changed. Please do not be afraid that not much will start. This is what we want to happen. Anything can become corrupt and cause these problems, and so we have to stop everything from starting up, including anti-virus software. You will be fine if we do not have it off for too long. It possibly will come on anyway from other start-ups such as O20.

STEP TWO:

If the above has changed the situation not at all, then follow these steps. If the above has changed something at all, then please do not follow this. This will disable all of your shell extensions. These are all of those extra options that you get when you right click. They can become corrupt, and cause problems, and so we will remove them all, even the good ones, for the time being.

Download ShellExView (link near the bottom) ShellExView - Shell Extension Manager For Windows

Run it from Safe Mode, and sort by Microsoft. All the red entries should appear at the top (or bottom) Use the shift key (Fat Up Arrow) and click to select all of the red entries, and only the red ones, and press F7, followed by Yes. If you get a message about disabling Microsoft extensions, click NO and make sure you are only selecting Red entries.

Check Normal Mode.

Thanks, and good luck!

Richard

 

[Jubilee]

Here's the scan's log.
If I am able to use Normal Mode after following your steps, should I attempt to run the Batch file that I wasn't able to previously or is there something else you want me to do?

 

[niemiro]

Forget about the batch file. Please now just do Clean Boot, and Shell Extensions.

Thanks!

 

[Jubilee]

When I run ShellExView, there doesn't seem to be an option to sort the list of items by Microsoft. I'm probably just missing it..

 

[niemiro]

When I run ShellExView, there doesn't seem to be an option to sort the list of items by Microsoft. I'm probably just missing it..

I will post a screenshot tonight, but you see along the top, just above all of the entries, there are certain columns, such as Name and Location and stuff like that. If you scroll to the right, you should see a column labeled Microsoft, all you have to do is click on that word: "Microsoft"

I am sorry that I cannot post a screenshot at the moment. If there are not too many, you could just select all of the red entires, it about 5 different blocks or so, and disable them all separately. Any red highlighted entries are non-Microsoft.

Richard

 

[Jubilee]

Thanks for clearing that up.
After I did that, Normal Mode function slightly better. It didn't lock up immediately after booting up but nothing was able to run at all since it was still very, slow and things became unresponsive almost instantly.

 

[niemiro]

Thanks for clearing that up.
After I did that, Normal Mode function slightly better. It didn't lock up immediately after booting up but nothing was able to run at all since it was still very, slow and things became unresponsive almost instantly.

That is probably just because you have nothing hogging resources. Almost 100% of computing power can be diverted to Windows, rather than about 25% or so. Please can you carefully describe your symptoms to me, while in Normal Mode. Thanks!

 

[Jubilee]

When in Normal Mode everything runs extremely slow to the point where nothing actually happens. For example; I click on Google Chrome and the cursor turns into an hourglass for about 10mins and then Chrome's window opens but it's just blank, 10mins later it becomes non responsive and I have to close it. Which takes another 10 minutes. Even to just right click or get the Start Menu to pop up it takes very long.
When things do manage to open, they don't function and I either have to wait around to try and close them, or hard-boot my computer and just go back to trusty Safe Mode.

 

[niemiro]

Hello!

I am just wondering whether you have got an infection. I have called in our security expert, who will take a look at your computer, and see if she can see anything. If she does, she will remove it from your computer, otherwise, you will have me back again. I will still be thinking and watching the thread, so if you have any questions for me, I will still of course see them. Anyway, watching an expert help with my training!

Our expert is called Jacee. If it is not Jacee who answers (and I shall check on this) then please do not take his/her advice, as they probably will not have a degree in malware removal as Jacee does, though this should not be a problem.

Thanks for your patience in this matter. I am sorry it is taking so long to get to the bottom of. Hopefully soon!

Richard

 

[Jacee]

Please download OTL[/url] to your desktop.

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
In the custom scan box paste the following:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
Push the Run Scan button.
Two reports will open, copy and paste them in your next reply.
OTL.txt <-- Will be opened
Extra.txt<--Will be minimized in task tray

 

[Jubilee]

Hi Jacee!
I'll try that once my computer lets me..
Safe Mode started acting up after the last step Richard told me to do. I might have messed something up..

 

[niemiro]

Hi Jacee!
I'll try that once my computer lets me..
Safe Mode started acting up after the last step Richard told me to do. I might have messed something up..

What is happening? :huh:

 

[Jubilee]

It's getting really slow and locks up, it's like a mild version of Normal Mode..

EDIT:Okay, the scan finished. I can't find the Extra.txt though..

 

[Jacee]

Jubilee ... do this first, please
Download Lop S&D < here[/url]
Disable resident protections (Antivirus/Antispyware): re-enable them after the scan
Right-click Lop S&D.exe, to run as Administrator
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

 

[Jubilee]

Oops!
I already did the scan.. *see my previous post*

Jubilee ... do this first, please
Download Lop S&D < here[/url]
Disable resident protections (Antivirus/Antispyware): re-enable them after the scan
Right-click Lop S&D.exe, to run as Administrator
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Can I still do this since I did the OTL first? Oh! The link doesn't open to anything.

 

[Jacee]

Yes!, please do

 

[Jubilee]

When I click the link you provided, it just opens to a blank page.

 

[Jacee]

Well, that's no good ... BRB ...

http://eric.71.mespages.googlepages.com/LopSD.exe