Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop on it's last leg In Desperate need of lamens backup instructions


  • Please log in to reply
40 replies to this topic

#1 briannab1369

briannab1369

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 12 March 2014 - 04:57 AM

Best way I know how to explain all this is to paste this link it includes everything I can think of that you might need to know and if not I'm ready to provide any info... Desperatly begging for help in lamens terms to backup all my stuff before it's too late. have been trying on my own since.. forever and just not doing it right apparently.

 

http://www.sysnative.com/forums/bsod-crashes-kernel-debugging/9126-help-laptop-on-its-last-leg.html#post68784

 

Thank you in advance



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:01 AM

Posted 12 March 2014 - 11:38 AM

Is your system functional...can you boot and install programs?

 

If so, try Macrium Reflect or any other reliable backup program.

 

I see this in the topic you linked to:

 

"Well I haven't had a blue screen since about 9:30pm 3/10/14. But have had more than a dozen in the last week and a half. I do believe I followed the BSOD instructions correctly.. I attached all the files. Here is a copy of my Microsoft Support Question that explaines what I've had going on:

Very possible I had/have infections, but defintly screwed up my windows files in registry.. Someone PLZ HELP

*Got infected with moneypak last summer
*laptop (toshiba satellite A-665) Windows 7 Home Premium SP1 x64 bit been going down hill ever since
*First started withh MMC snapin errors just with event viewer
now nothing that utilizes MMC works
*have had many BSOD's to the point that laptop was unbootable
had recently just made disks to boot from, not sure if I did them right but they never reall worked
*Now having problems with Windows update as well as backup.. Read an article today that explained how to fix backup with regedit"

 

I would say that it won't do much good to back up an infected system...so the first order of business should be to determine if you are currently infected.  Moving topic to Am I Infected forum.

Louis
 

 

Louis



#3 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 12 March 2014 - 12:39 PM

First I'd like to thank you for taking the time to help....  Is my system functional.... Barely... and I have macrium... I'm afraid to do anything else without help so.... what should I do next?



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:01 AM

Posted 12 March 2014 - 02:32 PM

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Please copy the Malwarebytes log and paste it in your next post.
 
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
 
When the C: drive opens click on the following:  ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.  
 
If there is more than one log, choose the log with the date that you ran scan that I requested.
 
 
If there are a large number of items found you can go into Settings and click on Scanner Settings to change the setting in Action for potentially unwanted programs (PUP) to Show in results list and check for removal.
 
Malwarebytessettings_zpsb9b50638.png
 
 
Running Malwarebytes Chameleon.
 
1. Please open Malwarebytes' Anti-Malware.
 
2. Click on More Tools, then open click on Chameleon.
 
3. An image like the one below will appear on your screen. Follow the instructions to get Malwarebytes Anti-Malware running.
 
Chameleon_zpsfd335ac6.png
 
 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET Online Scan in a new window.
    ESET OnlineScan

  • Click the esetonlinebtn.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.

       

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

       

  • Check "YES, I accept the Terms of Use."

  • Click the Start button.

  • Accept any security warnings from your browser.

  • Under scan settings, check "Scan Archives"and "Remove found threats"

  • Click Advanced settings and select the following:

     

    • Scan potentially unwanted applications

    • Scan for potentially unsafe applications

    • Enable Anti-Stealth technology

       

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes, click List Threats

  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Click the Back button.

  • Click the Finish button.

 

Please download AdwCleaner and run it.

 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 
 
Double click on the download and choose to run the program.
 
A screen similar to the one below will open, click any key to run the program.
 
securitycheck_zpscfb86945.png
 
When the scan is finished there will be a log, copy and then paste your log in your next post.
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 12 March 2014 - 04:59 PM

So I ran mbam per instructions.. under logs for today this is all that I found

 

No scan logs.. Just Protection logs like this one from today:

 

2014/03/12 10:31:46 -0600    KAYLYNN    kaylynn    MESSAGE    Starting database refresh
2014/03/12 10:31:55 -0600    KAYLYNN    kaylynn    MESSAGE    Database refreshed successfully
2014/03/12 14:28:45 -0600    KAYLYNN    kaylynn    MESSAGE    Starting database refresh
2014/03/12 14:29:07 -0600    KAYLYNN    kaylynn    MESSAGE    Database refreshed successfully
2014/03/12 15:08:04 -0600    KAYLYNN    kaylynn    MESSAGE    Starting database refresh
2014/03/12 15:08:11 -0600    KAYLYNN    kaylynn    MESSAGE    Database refreshed successfully
 

 

which I'm almost positive is not what your looking for

 

Currently waiting on chameleon scan



#6 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 12 March 2014 - 05:18 PM

here are the results from chameleon

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
kaylynn :: KAYLYNN [administrator]

3/12/2014 3:47:40 PM
mbam-log-2014-03-12 (15-47-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 454573
Time elapsed: 28 minute(s), 39 second(s)

 On to eset



#7 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 11:39 AM

Wow!!! So confused, I've been checking my system with the same programs your asking me to run and this is a first! Never have I ever had scan results like this before...

 

Eset scan results:

 

C:\Users\FML\Documents\samsung\Kies\Backup\SGH-T999L\SGH-T999L_17209373769\SGH-T999L_20131214080225\Others\BackupYourMobile\applications\bys.apps.easygreetings-1    a variant of Android/Adware.Startapp.A application    deleted - quarantined
C:\Users\kaylynn\Desktop\DesktopFolder\PCcleanup21214\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid.zip    multiple threats    deleted - quarantined
C:\Users\kaylynn\Downloads\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\kaylynn\Downloads\Mobogenie_Setup_2.1.28_21.exe    Win32/Mobogenie.B potentially unwanted application    deleted - quarantined
C:\Users\kaylynn\Downloads\SARDU_2.0.6.5.zip    Win32/InstallMonetizer.AN potentially unwanted application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\Camera360.apk    a variant of Linux/Igexin.C potentially unsafe application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\Easy Greetings.apk    a variant of Android/Adware.Startapp.A application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\Fotos.apk    a variant of Android/Adware.Startapp.A application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\Glide.apk    a variant of Android/Glspam.A potentially unwanted application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\MusicManiac - Search and Download.apk    a variant of Android/Adware.Startapp.A application    deleted - quarantined
C:\Users\kaylynn\Downloads\Apps_downloaded_by_AirDroid\Next Launcher 3D Lite.apk    a variant of Linux/SMSreg.FB potentially unsafe application    deleted - quarantined
 



#8 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 11:44 AM

So clicked on the adware link.. any idea why it's giving me a french version?



#9 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 11:52 AM

I meant adwcleaner link



#10 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 12:26 PM

ok.. Part of my problem is I have corrupted files or something in my registry.. adwcleaner came back with a bunch of registry stuff to delete are you sure I should do that?

Bcz I think I figured out what I did the other day to cause me to be locked out of most of my administrative stuff.. I changed the permission on something and ever since it's not just mmc I can't use it's everything.. and when I clicked on show hidden folders last night it showed me abunch of lnk files that i googled and it came back with 'they are registry files and that there was a way from microsoft to fix them' o yeah plus it came back with somethings that looked like all my user accounts were changed to NT users?



#11 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 12:35 PM

here is my adwcleaner logs before cleaning anything.. awaiting your approval

 

# AdwCleaner v3.021 - Report created 13/03/2014 at 10:50:16
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kaylynn - KAYLYNN
# Running from : C:\Users\kaylynn\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

[ File : C:\Users\kaylynn\AppData\Roaming\Mozilla\Firefox\Profiles\eam72m2k.default-1364494947301\prefs.js ]


[ File : C:\Users\kaylynn\AppData\Roaming\Mozilla\Firefox\Profiles\flsp9fyo.default-1386095439897\prefs.js ]

Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394488956318");

[ File : C:\Users\kaylynn\AppData\Roaming\Mozilla\Firefox\Profiles\jok6onhz.default\prefs.js ]


[ File : C:\Users\FML\AppData\Roaming\Mozilla\Firefox\Profiles\5kc1ed6u.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [2269 octets] - [13/03/2014 10:50:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2329 octets] ##########
 



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:01 AM

Posted 13 March 2014 - 01:06 PM

I would suggest NOT using the registry cleaner option in CCleaner.  The use of registry cleaners and optimizers are not endorsed here at Bleeping Computer.

 

Please provide the scans which I've requested and do not do anything other than that until we get this problem/s figured out.  You can complicate the repair if you do other things unrequested.  Running the registry cleaner in CCleaner is a good example.

 

 Please download MiniToolBox  , save it to your desktop and run it.

 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:01 AM

Posted 13 March 2014 - 01:16 PM

I just noticed that you have another topic in the Am I Infected forum which no one addressed over the two week period it sat there.  If you haven't heard back from anyone in a week contact a moderator and let the know that you have yet to receive any help.

 

Please post the make and model of this computer.

 

You posted that you have a repair disk, do you have a installation disc?

 

Please download MiniToolBox  , save it to your desktop and run it.
 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 briannab1369

briannab1369
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 March 2014 - 01:35 PM

'I would suggest NOT using the registry cleaner option in CCleaner.  The use of registry cleaners and optimizers are not endorsed here at Bleeping Computer.'

 

I think I mis-stated something or something bcz you misunderstood... I've done everything exactly per your instructions and so far this is the best help I've gotten so, thank you for that! :bananas:

 

The scan you asked me to complete after eset was ADWCleaner which is what came back with all of the registry keys selected for deletion which I chose to wait to hear from you before doing anything. Also instead of posting my scan results in an all in 1 post I've been posting them individually step by step so if you saw anything you could stop me before I did anymore damage.

 

 

My laptop is a Toshiba Satellite A665

I can't find my installation disks and I don't think I made the repair disks correctly so I'm Not exactly sure they work.



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:01 AM

Posted 13 March 2014 - 01:56 PM

In post #4 I requested that you run Security Check.  This is still not done.

 

Have you been backing up all of your important data to an external form of media?

 

The reason I ask is because you the possible registry problems.  If a Startup Repair can't resolve these problems then you may need to use the System Recovery partition on your computer to restore the operating system to the condition it came out of the box.

 

Instructions for a Windows 7 Repair installation.
 
A Windows 7 Repair Installation will require a installation disc.
 
If you do not have a Windows 7 installation disc you can download a free legal ISO image of Windows 7 SP1 at  Windows 7 Forums.  You will need to download the same version of Windows 7 that you have installed,  This image is hosted by the Digital River store which is an official distribution partner of Microsoft.  This is a genuine untouched image which is safe to download. 
 
 
Attention:  If you do have a Windows installation disc, skip Part A and go to Part B, Step 1b.
 
 
Part A, Steps 1a - 6a
 
The ISO image will need to be burned to a DVD in order to create a bootable installation disc.
 
1a)  To burn a ISO file to a DVD please download ImgBurn and install it.
 
2a)  Insert a blank DVD into your CD/DVD drive tray, and then close the tray.
 
3a)  Open ImgBurn, and click on Write image file to disc.
 
ImgBurn1_zps715cb1c2.png
 
4a)  Click on the Browse for a file icon:
 
ImgBurn2_zpsaea72ba9.png
 
5a)  Locate the ISO file you want to burn, and click on the Open button.
 
6a)  Click on the blue arrow to start burning the bootable DVD.
 
imageburn11_zpse44f577b.png
 
 
Please note:  In order to boot from this DVD you may need to change the boot order in the BIOS so that the CD/DVD-ROM is the first device in the boot order, and the hdd is the second device.
 
 
Part B, Steps 1b - 10b
 
1b)  Place the installation disc in the tray of the CD/DVD drive, close the tray and restart the computer.
 
2b)  You will be prompted to press any key to start the installation, I find the space bar handy.
 
At this point the setup process will load files, this will take several minutes.
 
3b)  You will now need to choose the  Language, Time, currency format, and Keyboard or input method that you'd like to use.
 
After this is done click on Next.
 
w71_zps6dbda47e.png
 
4b)  Click on the Repair your computer link at the bottom-left of the Install Windows window.
 
This link will begin the Windows 7 System Recovery Options.
 
w72_zps2a656a0c.png
 
5b)  System Recovery Options will now search your hard drive(s) for any Windows 7 installations.  This will take several minutes.
 
No participation is required on your part at this time, wait till it has finished and the next window opens.
 
w73_zpsd5483f05.png
 
6b)  Choose the Windows 7 installation that you'd like to perform the Startup Repair on, then click on Next
 
w74_zps490f9a17.png
 
7b)  Click on the Startup Repair link from list of recovery tools in System Recovery Options.
 
w75_zps9941e858.png
 
For a future reference, there are several other diagnostic and recovery tools available in the Windows 7 System Recovery Options including System Restore, System Image Recovery, Windows Memory Diagnostic, and Command Prompt.
 
8b)  The Startup Repair tool will now search for problems in the system files.
 
If Startup Repair finds a problem with any system files the tool may suggest a solution which you will need to confirm, or may solve the problem automatically.
 
w76_zps3dd75d83.png
 
9b)  Startup Repair will now attempt to repair whatever problems it found with system files.  
 
Note:  If Startup Repair did not find any problems with system files you won't see this step.
 
w77_zpsd8be95eb.png
 
Important: Your computer may or may not restart several times during this repair process.  This is normal, you should allow it to continue until you see the Restart your computer to complete the repairs window. 
 
10b)  Click on Finish, this will restart your computer.
 
w78_zpsd49257fb.png
 
It is possible that the Startup Repair will not be able to fix the problem.  If the Startup Repair tool determines this, it may automatically run the the repair after your computer restarts.  If it does not automatically run the repair but you are still having problems with Windows 7 repeat these steps to run Startup Repair again manually.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users