System Restore Cannot Protect Your Computer and Worse!A total nightmare! Timewarp!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Roobarb

Thread Starter
Joined
Nov 9, 2011
Messages
8
A total nightmare! Computer gone through a timewarp! This may answer some questions but requires information, too. Sorry its a bit long, but it may help somebody!

For a few weeks my Fujitsu Siemens 1.2 Ghz 512Ram AMD Athlon PC was taking ages to boot up and was very slow once it started.

I use Avira and SuperAntiSpyware (SAS) Pro , so I did a scan with both - Nothing.
I cleaned out unwanted files (temps etc.) and the registry with Easycleaner - still the same.
I have an old 2006 XP Repair Pro program so I used that to clean the Registry etc. as it is more thorough.
It found loads of unnecessary stuff so I let it delete it all.
I have done this many times with no ill effects.

Once it had rebooted, Windows behaved weirdly. The wallpaper screen came up but it took ages for the icons to appear. When it loaded there was no bottom toolbar or Start menu. Pushing the Windows buttons did nothing.
I right clicked on Time and opened a toolbar from the menu. This brought up the Start menu again, but strange things were happening. No icons for open windows were shown on the toolbar, although they were open according to task Manager, and only one window would show at a time.
I thought a System Restore might solve it, but on clicking I got "System Restore is Unable to Protect your Computer - Restart etc."
Search did not work from Start or on a window.
The Firewall was off and I could not alter that.
Updates were off and both Antiviruses had not started up on boot.

I looked on the net and saw various remedies for the System Restore....etc. message. One said to cut and paste some text and make it into a .reg file. Tried but found cut and paste would not work.
Another said to boot from a backup disk.

I have Spotmau 2009 and thought it might be an idea to boot from that. So I did.

I did the mildest Registry repair it allows - no overwrite of data and everything started okay except the clock was wrong.

I had to reinstall Avira and reset SAS and decided to do another scan.

I got this:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/09/2011 at 12:44 PM

Application Version : 5.0.1134

Core Rules Database Version : 7917
Trace Rules Database Version: 5729

Scan type : Complete Scan
Total Scan Time : 02:36:05

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 38227
Registry threats detected : 91
File items scanned : 48842
File threats detected : 0

Adware.E404 Helper/Variant-R
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\InprocServer32
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\InprocServer32#ThreadingModel
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\ProgID
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\Programmable
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\TypeLib
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}
HKCR\CLSID\{DCA2089A-9FFE-4025-869D-6DF987858DB9}
HKCR\x123.x123mgr.1
HKCR\x123.x123mgr.1\CLSID
HKCR\x123.x123mgr
HKCR\x123.x123mgr\CLSID
HKCR\x123.x123mgr\CurVer
HKCR\TypeLib\{E63648F7-3933-440E-AAAA-A8584DD7B7EB}

Adware.Vundo/Variant
HKCR\CLSID\{9965BD3C-0C2F-48C2-B574-3B2C586F1B0C}
HKCR\CLSID\{9965BD3C-0C2F-48C2-B574-3B2C586F1B0C}\InprocServer32
HKCR\CLSID\{9965BD3C-0C2F-48C2-B574-3B2C586F1B0C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{9965BD3C-0C2F-48C2-B574-3B2C586F1B0C}
HKCR\CLSID\{9965BD3C-0C2F-48C2-B574-3B2C586F1B0C}

Adware.MyWebSearch/FunWebProducts
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\Enum#NextInstance

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CPS
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\MS Track System#Shows
HKLM\SOFTWARE\Microsoft\MS Track System#Uqs

Rogue.Component/Trace
HKLM\Software\Microsoft\3A2F04F8
HKLM\Software\Microsoft\3A2F04F8#3a2f04f8
HKLM\Software\Microsoft\3A2F04F8#Version
HKLM\Software\Microsoft\3A2F04F8#3a2fa978
HKLM\Software\Microsoft\3A2F04F8#3a2fc09d

So for weeks my a/v software had been telling me the system was clean when it was highly infected.

Secondly, the computer has reverted from Windows SP3 to SP2

When I looked into Control Panel, I found that add/remove programs showed that the last time anything had been used was 2008! (timewarp!)

I now cannot update Windows or Windows Live. It tells me the Window installer is missing, but it won't let me download one. I can't upgrade to SP3. The MS site just refuses to let me access anything.
Auto updateswere fine before and I had upped to SP£ with no problems.

WMP didn't work but I managed to repair it by finding an older wmp.dll file and replacing the newer one.

It looks like anything that was on the computer in 2008 and has been updated since, needs reinstalling or tweaking, but any newer programs seem to be ok.

All my Sys Restore points have been wiped.

Should I try a Windows Repair with the XP Pro Disk. or is there a way around the problem with being unable to update the computer. I use MSN a lot and the version I have on the PC now is 4.7 (2004). I was using the most recent version before this, but now it won't even start up.

Help!
 

SUEOHIO

SUE
Joined
Jan 30, 2007
Messages
3,754
All i can say to this is when you used a registry cleaner we can only guess at the damage it did.Thats why we say over and over again dont use them at all ever.The only thing you can try is to do a complete fresh reinstall because i think its in to much of a mess for a repair install to work.
 

Roobarb

Thread Starter
Joined
Nov 9, 2011
Messages
8
I think you've missed the point. The reg cleaner was a last resort and actually brought the real problem to my attention.
It was the Adware that was causing the problem. Which of those trojans had hijacked my a/v software and made it appear to work, scan and update normally without showing how infected the system was?
What had it been doing while the system was crawling along?
There is a company in India that plants Trojans that get info from your pc, and then phones you offering to remove them for a charge. They then keep charging your credit card for monthly cover. They phoned me last week. The same thing happened a couple of years ago. They haven't caught me yet but they have conned thousands.
Look it up on the net -SupportOnClick, now calling themselves something else.
I knew they had accessed my computer as they called me by a name that only somebody who had read my emails would have known! This use of personal details has been reported by other people, as well.

My main questions are:
Which of these Trojans was the culprit?

The computer is working much faster now. It flies! Its just the MS programs that are the problem.
Is there a source for Windows loader, Windows Live and SP3 that doesn't entail verification, or is there a way around this?
 
Joined
Jul 29, 2001
Messages
21,334
For a few weeks my Fujitsu Siemens 1.2 Ghz 512Ram AMD Athlon PC was taking ages to boot up and was very slow once it started
So then you ran a registry "cleaner" to fix a computer that was slow as a last resort? It sounds like that was the first thing you did.
It found loads of unnecessary stuff so I let it delete it all.
I have done this many times with no ill effects.
Registry cleaners generally do more harm than good
Once it had rebooted, Windows behaved weirdly
A 2006 Repair Pro program may have seen any recent and necessary updates as not being needed and wiped everything back to the stone age. I would not blame system restore for any of your issues
Personally I think you have done more harm than good to your system and recovery may not be an option at this point. Save all of your important files and reinstall Window as this is the only sure way to get things back to normal.
 

Roobarb

Thread Starter
Joined
Nov 9, 2011
Messages
8
No When I say last resort, I mean after about four hours of running full virus scans which gave "clear" results and trying all kinds of checks and remedies from sites like this.
The real thing that I want to discover is which of the Trojans listed could hijack the antivirus and antispyware software so they appeared to be working, updating and scanning ok, but were obviously not!
The registry cleaner did not put 91 infections on my PC, they were there before I used it, but my antivirus had been prevented from seeing them!!!
The reg cleaner removed the references the Trojan had added to the Registry and stopped it controlling the antivirus software. I have seen the same thing attack and disable McAfee, NOD and other antiviruses.
If the reg cleaner had not done that I would not have found the infections.
I know the Vundo trojan does do really horrible things. it acts as a means of opening up the computer to other nasties.
The computer is working normally now, but I will have to do some tweaks to reinstall Windows Installer, but that won't be a problem. I have found a SP3 source, so I intend to get that sorted.
My reason for posting my question was to make people aware that the "System Restore Cannot protect...." message could be the result of a Trojan infection that hijacks the a/v software.

Cheers!
 

Roobarb

Thread Starter
Joined
Nov 9, 2011
Messages
8
I have just had another call from SupportOnClick that is now calling itself 24/7 Computer Services. The caller Knows I have had a serious fault with my computer and says they can clear the problem for me remotely. The only way they can know, plus having my name and phone number, is because they put the fault on there in the first place.
The computer is now all ok and I am in the process of reinstalling SP3. I realized that the programs that don't work, won't work on SP2, so it is just a case of installing SP3 using subinacl.msi and the reset.cmd as outlined in:
http://support.microsoft.com/kb/949377#
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top