New
#21
Would the UsrClass.dat file be one that Carbonite would normally back up? I can check my on-line backup for the file & date...
Would the UsrClass.dat file be one that Carbonite would normally back up? I can check my on-line backup for the file & date...
omegatx,
My apology, but just realized that I had you download the wrong version of SystemLook.
You need to use the 64-bit version.
Download:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
The basic instructions for usage are the same as that in Post #2, except for the quote, which will change, depending on what we are looking for.
With that said, please remove the current SystemLook you have on the Desktop, and download the 64-bit version from the link above.
Run SystemLook, as in Post #2, this time with the following:
Also, you can check the Carbonite backup, if you wish, but doubt that it will back up this type of file.:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-2542295906-685563110-2760403507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
It looks as if Carbonite backs up files that you created, but, I am really not familiar with the program.
Please bear with me. Have to know where is whatever in order to engage in a Registry modification.
These modifications cannot be taken lightly.
Last edited by cottonball; 03 Mar 2013 at 13:39.
OK, here are the results from System Look 64x:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:59 on 03/03/2013 by Paul Christensen
Administrator - Elevation successful
No Context: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
No Context: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
No Context: HKEY_USERS\S-1-5-21-2542295906-685563110-2760403507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
-= EOF =-
omegatx,
Since you cannot use Folder Options to enable the viewing of hidden files, etc., please go to Start > All Programs > Accessories > Command Prompt
At the blinking cursor of the Command Prompt, copy/paste, using right-click menu, the following (elevation not necessary), and press: Enter
dir /a:h %userprofile%\AppData\Local\Microsoft\Windows
It should show the UsrClass.dat file, it's size, modification date and time, etc.
To provide the info in your reply, right-click the Command Prompt frame at the top, and go to
Edit > Select all
The black Command Prompt turns white. Next, go to back to Edit > Copy
Open Notepad, and post the information in your reply.
~~~~
Now, please go to the Run prompt, (Windows key and R key), and type in: regedit
Navigate to the following Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Do so by clicking the > to the left of each of the following:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Explorer
Under Explorer, find: User Shell Folders
Highlite: User Shell Folders
Go to File (at the top), and select: Export
In Export Registry File, Save in: Desktop
File name: PaulUSF
Click: Save
Please provide the PaulUSF reg file in your reply.
~~~~
Back to the Registry Editor and the same key...
Right-click User Shell Folders, and select: Permissions
In the Permissions for User Shell Folders, click the entry that shows your User name
Next, click: Advanced
Now you are at: Advanced Security Settings for User Shell Folders
Maximize the Advanced Security Settings for User Shell Folders window to fill your entire screen.
Capture its image by using this Tutorial:
Screenshots and Files - Upload and Post in Seven Forums
Please provide the image in your reply
BTW, no need to quote my posts.
Last edited by cottonball; 04 Mar 2013 at 01:44.
The reason I am including the quotes is I may be replying to several of your posts and want top keep them straight for me. It helps me go back a& review.
OK, I ran the command prompt search for the hidden files. The search returned nothing. I did it twice. The results are in the attached txt file. The second entry in that txx file are the results of copying the contents of the explorer folder. There are no other folders or keys in that area except the one indicated, Session Info. In other words, there are no User Shell Folders folder, only a Sessions Info folder. Could not locate any of the keys you requested in part 2 of your post, since none of those folders are under explorer. Hope I am making myself clear? Pretty Weird...
Re-ran the System Look x64 app by double clicking it rather than right clicking. File attached, appears to be the same. BTW, Why is the date the same as when I first ran the app? I deleted the earlier txt file a re-ran the app and still got the same date?
omegatx,
It looks as if we are banging our heads against the wall.
If you wish to use the Carbonite program to fix your system, do so, if you are sure of how to do it. If not, you may want to go to their websie, and obtain some help.
An issue of concern with Carbonite is whether it backed up the corruption or part of the ransomware.
To my understanding, with the help of a colleague who uses Carbonite, a plan that mirrors the system being backed up picks up everything, including any system errors.
~~~~
If you decide you do not want to use Carbonite, we can start with the following...
First: System Restore Point - Create
Next, please download ReProfiler:
IWR Computer Consultancy - Technical Support and advice on IT issues for Small Businesses.
(Download link near the bottom of the page.)
Save to the Desktop.
Unzip the file.
You can use this program when Windows no longer recognises a profile as belonging to its User.
If you are using the account with the problem, you need to logoff.
When you logoff, if the only account showing is yours,open it, and enable the (hidden) Administrator account in Windows 7 as follows:
Right-click a Command Prompt and select: Run as Administrator
Type in the following command:
A message appears: The command completed successfully.net user administrator /active:yes
Log off, and the Administrator account is now a choice.
There’s no password for this account.
Now, from the Administrator account as the only active user, select your User Account (top panel) and its Profile Folder (bottom panel) and press: Assign
Your User account and the profile folder should both have your name.
Please capture an image (as explained previously) and post it, if you can, so I can see what is showing and confirm what to use.
When done, restart the computer.
Logged on to your regular User account, disable the Administrator account that was previously enabled:
Open an administrator mode command prompt as above.
Type the following command:
Log back into your regular account, and see if tou are still having the same problems.net user administrator /active:no
If so, we have another option.
Thanks for all the help you have provided so far. Believe it or not I had been operating my PC with everything working except the corrupted user profile. Today, however, I opened MSIE, and went to a site I maintain. When I clicked on a page I uploaded yesterday, Vipre blocked several files from opening. In other words, the malware was somehow still present and I have allowed it to upload to this particular site. I call the host company and they are running walwear checks on the site files as well as installing an app that blocks scripts from running. In the mantime, I have no more good restore points left. I will contact Carbonite to see what they say, but I may just do a complete re-install.
Further info: Dell provides a re-image disk partition. I am restoring the PC to factory condition.