hijack log check please

[sUBs]

Quote:

fix.bat file dissaperas when I click on it, should it?

That's what it's supposed to do. If there's any file it couldn't delete, it will pop up a log for you. Since you received no such log, everything got deleted correctly.

Quote:

hmm just found file recycler in D drive where I download and keep all my files non operational version when I delete anything it shows up in there too

I don't quite understand. Kindly elaborate on the above

Do you still have any issues with the machine?

[lyric39]

still getting error message when I boot up, even though I have downloaded and installed it into windows system32
This application has failed to start because MSVCR70.DLL was not found. Reinstalling the application may fix this problem.

Re the other problem... I now have a recycle icon in my D drive (where I store everything) it's like the one one the desk top only it is a folder rather than a copy of the recycle icon on the desktop. When I open it it shows all all my recently deleted files but none of the functions work though such as empty the recycle bin etc, it wasn't there before.
Thanks
lyric39

[sUBs]

Quote:

I now have a recycle icon in my D drive (where I store everything) it's like the one one the desk top only it is a folder rather than a copy of the recycle icon on the desktop. When I open it it shows all all my recently deleted files but none of the functions work though such as empty the recycle bin etc, it wasn't there before.

Does the other Recycle bin work? If so, have you tried deleting this one?

Quote:

still getting error message when I boot up, even though I have downloaded and installed it into windows system32
This application has failed to start because MSVCR70.DLL was not found. Reinstalling the application may fix this problem.

This problem is caused by one of startup programs. We need to identify which one.
I suspect that it's any one of these:

* [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
* [C-Media Mixer] Mixer.exe
* [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
* [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
* [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe"
* [InternodeUsage] D:\INTERN~1\mum.exe ... most likely this one

Here's a self -test you can perform:

Launch Windows System Configuration utility by doing so ...

• Click the Start button, select Run & in the ensuing window, type in msconfig <Press Enter>
• Under the StartUp Tab, select InternodeUsage & click OK
• Reboot when prompted & see if the error message goes away.

If it's not InternodeUsage, try each of the above programs listed

[lyric39]

The recycle bin folder in D Drive isnt functunal and I cant delete it either
lyric39
will do what you asked re the error problem shortly and let you know how i\I went
thanks subs

[sUBs]

Quote:

The recycle bin folder in D Drive isnt functunal and I cant delete it either

I'm trying to figure out why your machine is experiencing registry corruption. Have you ever used one of those freeware automated registry programs? Kindly take note that usage of such programs may result in long term corruption of the Windows Registry.

I'm not 100% certain if this will fix your Recycle bin issue but it will restore the settings back to default Windows values. Let's give it a try ...

Open NOTEPAD.exe and copy/paste the text in the quotebox below:
(don't forget to copy and paste 'Windows Registry Editor Version 5.00')

Quote:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,32,00,32,00,39,00,31,00,35,00,00,00
"SortOrderIndex"=dword:00000060
"IntroText"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,33,00,31,00,37,00,34,00,38,00,00,00
"LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
2c,00,2d,00,38,00,39,00,36,00,34,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,31,00,00,\
00
"Empty"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,31,\
00,00,00
"Full"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,\
68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,32,\
00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{645FF040-5081-101B-9F08-00AA002F954E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\PropertySheetHandlers\{645FF040-5081-101B-9F08-00AA002F954E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:40,01,00,20
"CallForAttributes"=dword:00000040

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


Reboot the machine & let me know if we got lucky

[lyric39]

Hi subs
Just before I take the next step how do I copy and paste Windows Registry Editor Version 5.00 I just want to make sure I do it right
Thanks
lyric39

[lyric39]

hey again on the subject of the extra recycle folder in my D drive I found someone elses blog while I was waiting for your next post, they also discovered the same thing..... this is the response they got from their question

By default, you have a recycle bin on each drive. Clicking on the Recycle bin on your desktop accesses all the bins at once. You will not see it in Windows Explorer unless you enable viewing Protected System Files.

is it possible that I've done this and that's why it's showing up, thought I'd ask before I do anything
Thanks subs
lyric39

[lyric39]

ps just letting you know that although in the recyle folder (the one on the D Drive) I cant empty or restore using the commands found in that folder ...when I empty the recycle bin on the desktop, it also empties the D drive version.

[lyric39]

PPS success I tried copying and pasting MSVCR70.DLL into windows sysyem32 one more time and it seems to haveworked! no more error message on start up.

[sUBs]

Quote:

Just before I take the next step how do I copy and paste Windows Registry Editor Version 5.00 I just want to make sure I do it right

LOL ...I'll make it easier for you.

Please download the file attached to this post.
From within it, double click on RecycleBinFix.reg & allow it to merge into the Registry.

[lyric39]

ok done thank you will reboot and see what happens
thanks lyric 39

[lyric39]

no difference subs recycle folder still in D drive

[sUBs]

Quote:

recycle folder still in D drive

I initially thought you meant there were 2 recycle bins on Desktop.

Reading this, I think I may have mistaken your statement.
Do you mean to say there is a folder named Recycler in Drive D?

As in .... D:\Recycler ?

[lyric39]

yes it has only become visible recently so I wasn't sure what it was
thanks
lyric39

[lyric39]

Everything else seems to be running well, no more dll problems or virus messages ...your a genius subs ha ha.
Thank you
lyric39

[sUBs]

Quote:

Originally Posted by lyric39

yes it has only become visible recently so I wasn't sure what it was
thanks
lyric39

I'm not skilled at explaining things. Please give this webpage a peek. It does a better job than me at explaining why you have a D:\Recycler folder.

You're able to see that particular folder now because you have set your Folder Options to enable the display of hidden/system files. You can rehide them by doing this ...

From Windows Explorer, go to Tools>Folder Options> View tab.

• Untick - Show hidden files and folder
• Tick - Hide file extensions for known types
• Tick - Hide protected operating system files

Click Yes to confirm & then click OK

Please let me know if there's any more issues

[lyric39]

Thanks subs my pc is running great again, I'm going to recommend you to everyone I know (if that's ok with you) My brother is a bit of a pc tech he said I'd probably have to reformat and that Ive prob always have problems if I dont...but thanks to you I dont have to...Great job subs thanks a million!!!!!
lyric39
If I have anymore problems I'll sure know where to go for help.

[sUBs]

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
4. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
5. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
6. IE-SPYAD
   IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Window