Tech Support banner

Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter #1
I am new to this website and forum so I hope I am doing this correctly.

I also don't know how to look up a response to this posting.

I've tried everything to get Surf Side Kick 3 off of my computer. Ran everything that it tells me to on your website: ad-aware, all anti-virus, etc.

Even after reading a posting about running the computer in safe mode didn't help because everytime I turn the ssk file off from startup, it comes back when I restart. The file won't let me delete because it says it is being used in another program even though there is nothing running.

I followed the step-by-step process for the security center to no avail.

Please help me to get rid of this and restore my computer. Thank you muchly.

Her is my log that comes form HijackThis Analyzer:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:52:19 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - AppInit_DLLs: repairs.dll


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Registered
Joined
·
2,009 Posts
Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".


regards
alba
 

·
Registered
Joined
·
2,009 Posts
Hello BigMoneyYea welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Uninstall Microsoft Antispyware - As you have all ready experienced, it's not very good as a form of protection. I recommend you read the following thread that discusses this product being RogueWare:

ViewMgr.exe is an advertising program by Viewpoint. This process monitors your browsing habits and distributes the data back to the author's. We always recommend removal.

==================================================

Downloads
Download
KillBox v2.0.0.175

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Viewpoint
SurfSideKick 3


==============================================

Next, please reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


Locate and delete the following folder(s), if present:

* C:\Program Files\viewpoint
C:\Program Files\ SurfSideKick 3


===============================================


When doing the fix, you shall be viewing these instructions from Wordpad.
Copy the filename(s) listed below.
Select/Highlight all the filenames & then click on Wordpad's 'Edit' menu & select 'copy'



  • LIST OF FILES THAT NEED TO BE KILLBOXED

    C:\Windows\system32\repairs.dll

Launch KillBox.exe
  1. Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox
    Click the dropdown-arrow next to the "Full Path of File to Delete" field.
    Verify that the filenames you pasted are found in there.
  2. Select/tick the following:
    • Delete on Reboot
      [*] End Explorer Shell While Killing File
      [*] Unregister.dll Before Deleting
      * if it's not grayed out
  3. Click the RED X button.
  4. Click Yes at the 'Delete on Reboot' prompt.
  5. Click Yes at the 'Pending Operations prompt'.
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

• If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


===============================================

Reboot in normal mode

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O20 - AppInit_DLLs: repairs.dll



Please remember to close all other windows, including browsers then click Fix checked.

============================================

Then do a fresh online scan at Panda ActiveScan
  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Next'
  3. Enter your e-mail address & click 'Send' ...begins downloading Panda's ActiveX controls.- 8MB
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (heuristic)
    • Detect spyware
  5. Begin the scan by selecting All My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  6. If it finds any malware, it will offer you a report. Click on see report
  7. Then click Save report
  8. Post the contents of the report in your next reply
Please do a fresh scan with HJT and save the log


Please post a fresh
Hijack This log,
Panda scan report

so that we can check if your system is clean.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #4
I followed your post step by step as told. The SurfSideKick 3 still will not let me delete the folder as you told me to do so and it doesn't appear on the add/remove program list.

Here is the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 6:21:43 PM, on 9/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - AppInit_DLLs: repairs.dll



and here is the panda activescan log:

Incident Status Location
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskCore.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskBho.dll
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\repairs.dll Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\STEVEN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\Ssk.log
Adware:adware/delfinmedia No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl Adware:adware/savenow No disinfected Windows Registry Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Steven\Local Settings\Temp\bundlep.exe Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Steven\Local Settings\Temp\i29.tmp
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Steven\Local Settings\Temp\w181609.Stub.exe
Adware:Adware/ExactSearch No disinfected C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\4T2FKDMJ\installer_VENDARE[1].cab[installer_VENDARE.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\8527ST2N\upexactpop[1].html
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\Ssk.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskBho.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick 3\SskCore.dll
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\bk.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\system32\repairs.dll
Spyware:Spyware/Altnet No disinfected D:\Documents and Settings\Default User\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected D:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab[asm.exe]
Adware:Adware/SAHAgent No disinfected D:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP695\A0057065.dll
Adware:Adware/SaveNow No disinfected D:\System Volume Information\_restore{BFC56D8C-863A-44A3-B07E-D806F81CEB57}\RP1\A0000028.exe
Adware:Adware/P2PNetworking No disinfected D:\System Volume Information\_restore{BFC56D8C-863A-44A3-B07E-D806F81CEB57}\RP1\A0000033.dll
Adware:Adware/P2PNetworking No disinfected D:\System Volume Information\_restore{BFC56D8C-863A-44A3-B07E-D806F81CEB57}\RP1\A0000034.DLL
Adware:Adware/P2PNetworking No disinfected D:\System Volume Information\_restore{BFC56D8C-863A-44A3-B07E-D806F81CEB57}\RP1\A0000036.cpl
 

·
Registered
Joined
·
2,009 Posts
Hi again BigMoneyYea

When you are doing your HJT scan for reposting, are you in safe mode, if so Please do the next one in normal mode.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).


==================================================

Please download one of the following AntiVirus programmes, Update the virus definitions
We will use this later

AVG Anti-Virus
Avast Home Edition
BitDefender Free Edition v7


The Temp folders must be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download Cleanup! (Alternate Link) if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Download
RegLite

==================================================

Reboot into Safe Mode

Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

In the smaller left hand pane-> Right Click the Windows folder(Highlighted in Blue)

Select Rename-> Rename it to Windoz-> Hit Enter

Now look in the larger right hand pane-> locate and double click AppInit_DLLs

Under Value-> Remove(Delete)-> repairs.dll

Locate and delete the following files,

C:\WINDOWS\system32\ repairs.dll
C:\WINDOWS\system32\bk.exe

Reboot and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again, back to Windows.

======================================================

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs.dll



Please remember to close all other windows, including browsers then click Fix checked.

Locate and delete the following folder(s), if present:

* C:\Program Files\ SurfSideKick 3
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl


Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files


Click OK, Press the CleanUp! button to start the program and reboot when prompted.

Run the antivirus programme scanner, you downloaded earlier and tell us what it finds if anything

Run another Panda scan.

Please post a fresh
Hijack This log,
Antivrus scan log,
Panda scan report

so that we can check if your system is clean.


regards

alba :smile:
 

·
Registered
Joined
·
9 Posts
Discussion Starter #6
What did you do?

I followed the previous reply to a "T". And what I have to say is...

WHAT DID YOU DO TO MY COMPUTER?

Again side kick wouldn't let me delete when you told me to, but after rebooting and everything it finally showed up in the add/remove programs list and after removing it, I could finally delete the folder.

The good note is, the SideKick 3 is gone and so are the popups and the slowness. However, my main problems now are:

1) My recycle bin is gone and nowhere to be found
2) I can't use the search feature, A "Search Companion" window comes up with the message: "Unexpected error. Search could not be completed.
And the windows installer window comes up asking for a cd rom or something to install whatever
3)I cannot access the "All Programs" tab from the Start menu. It refuses to do anything when I click on the All programs arrow.

So can you please help me fix these things now?

Here is a fresh hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:32:27 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\Program Files\Avast Antivirus\ashSimpl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

The Avast! antivirus didn't have a log that I could copy and paste.
And the panda scan didn't work properly as you explained it on the previous log.
 

·
Registered
Joined
·
2,009 Posts
Hi BigMoneyYea

Sorry about what happened, unfortunately the removal of the virus affected the windows components in the registry.

what do you mean?
And the panda scan didn't work properly as you explained it on the previous log
What happened?

Please carry out the fixes first and then we will fix the Windows settings.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)


Please remember to close all other windows, including browsers then click Fix checked.


Please carry out the following instructions to restore your settings

1. From start menu click Run
enter "sfc /scannow" (no quotes)
Click OK

The command "sfc /scannow" tells Windows to perform a complete Windows file check and replace any missing or corrupt OS files to original Microsoft specifications. Note that you'll need the Windows XP CD to complete this task.

If your recycle bin hasn't returned, please do the following;

2. Restore reycycle bin
Download the recycbin-2.reg file and save it to your hard drive (you may want to right click and use Save Target As).
Double-click the recycbin-2.reg file. You will be prompted to enter the information into the Registry. Answer Yes. REG files can be viewed in Notepad or any text editor, as to the specific Registry keys and values that are updated. After the REG file has been imported, right click on the Desktop and select Refresh

I'm sure you will let us know how you got on

warm regards

alba
 

·
Registered
Joined
·
9 Posts
Discussion Starter #8
Okay, what next

A major problem I have is that I don't have Windows XP disc because my comp came with it already on there and didn't come with a disc. Is there anyway I could get it online or from somewhere without paying?

Thank you for the help restoring my recycle bin, I downloaded and it works fine.

In addition to my problems last time, I can't change my power settings on my screensaver, as well still look at "all programs" or run the search feature. I also can't open any word or excel and I know that it is all related. Also my windows media player is gone.

I did what I was told in the last log concerning hijackthis and pandascan. The following is the pandascan log run before I did the hijackthis:

Incident Status Location

Adware:adware/popmonster No disinfected C:\DOCUMENTS AND SETTINGS\STEVEN\FAVORITES\SHOPPING\Best Buy.url Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\STEVEN\APPLICATION DATA\Sskcwrd.dll Adware:adware/whenusearch No disinfected C:\DOCUMENTS AND SETTINGS\STEVEN\START MENU\PROGRAMS\WhenU Adware:adware/savenow No disinfected Windows Registry
The hijackthis log now is follows after performing the checks and fixes you said previously:

Logfile of HijackThis v1.99.1
Scan saved at 11:42:05 AM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

Thank you again, and please help me finish this.
 

·
Registered
Joined
·
2,009 Posts
HI BigMoneyYea,

I can see your problem, I think it is a disgrace that when you buy a new pc, with the cost of xp built into the price that you don't get the disc with it.

Could you borrow a XP disc from a friend, any XP disc would do, if so try doing this again;
Please carry out the following instructions to restore your settings

1. From start menu click Run
enter "sfc /scannow"(no quotes)
Click OK

The command "sfc /scannow" tells Windows to perform a complete Windows file check and replace any missing or corrupt OS files to original Microsoft specifications. Note that you'll need the Windows XP CD to complete this task.

Please do the following
Delete the following files in red and Folder in Blue

C:\DOCUMENTS AND SETTINGS\STEVEN\FAVORITES\SHOPPING\Best Buy.url

C:\DOCUMENTS AND SETTINGS\STEVEN\APPLICATION DATA\Sskcwrd.dll

C:\DOCUMENTS AND SETTINGS\STEVEN\START MENU\PROGRAMS\WhenU


Now please run HJT and save the log do not fix anything.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.
Reboot your computer.
In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Then do a fresh online scan at Kaspersky

Make sure that you choose the "fix" or "clean" option when available
Please Take note of any files that were uncleanable and post the filenames here in your next reply




Please post a fresh
Hijack This log,
Antispyware.log
kaspersky scan report




regards
alba
 

·
Registered
Joined
·
9 Posts
Discussion Starter #10
I just don't know...

OKAY. So after waiting for a few days to get the cd from across the country it doesn't fix the problems because the CD is actually a Microsoft Office XP Standard cd. But why doesn't this fix my word so I can at least open and write papers. I'm a student.

Is there any other way I can get ahold of something to fix my computer?

In response to your last entry:
1) the trend micro website doesn't work, go try it (and why should I download more things that have done nothing but take away parts of my computer that can't restore?)
2) I don't know what the Kapersky does other than disappear
3)here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:12 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVASTA~1\ashDisp.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avast Antivirus\aswUpdSv.exe
C:\Program Files\Avast Antivirus\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast Antivirus\ashMaiSv.exe
C:\Program Files\Avast Antivirus\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

So lets see:
1) can't open documents or make new ones on word, excel, etc (I AM A STUDENT!)
2) Can't use the search function for anything
3)can't browse 'all programs' from start menu
4)don't have media player all music and movies have been affected or can't be seen
5)can't change power settings for my screensaver and my monitor just shuts off now quickly
6)has deleted my creative mediasource player for my mp3 player and even the disc for that won't correctly install it back onto my comp, says it is missing a file, even after downloading it from the website, error message appears when trying to open the application saying can't find the folder even though it is friggin in it

So this has been a boatload of good since god knows what thing i downloaded and ran as told by you deleted god knows what in my comp. Any ideas that don't involve deleting other stuff that is imperative to a normal functioning computer?

I AM A STUDENT, I NEED MY COMPUTER, I AM TIRED OF THE SAME 30 SONGS ON MY MP3 PLAYER AND CAN'T CHANGE THEM WITHOUT THAT STUPID MEDIASOURCE THING

AND HOW DO I GET AN XP CD THAT I NEVER WAS GIVEN??
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
BigMoneyYea:

Reboot and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again, back to Windows.
Did you rename that folder back to Windows as instructed??

I've went back over all the entrys that "Alba" listed and NONE were system critical that would cause the issues your having. It could be that the spyware corrupted the operating system. Can you do a system restore to a earlier date? If not...you will need to check for missing or corrupt system files my typeing the sfc /scannow from the RUN box.

If it finds missing or corrupt files it will ask for the XP CD. So..you need to either find someone with a CD or check your hard drive for a backup location as most PC's that have the OS already installed...has a recovery partition with XP on it.

Microsoft Office XP Standard <-- this CD does you no good. You need the Windows XP CD.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #12
Quote:
Reboot and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again, back to Windows.

I did rename that folder back to Windows. However, when Alba told me to originally rename it, he didn't specify which folder to rename Windoz and there was 2 different folders under that name. I believe I renamed the wrong one at first because it won't let me change it back, it says error renaming. In order to change the other one to Windoz, i made that folder Windowss and that is how it is now. Perhaps that is causing the problem.

This is what comes up when the Windowss folder is highlighted:'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\Help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\HTML Help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\ITStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss\\(default)

As opposed to the folder that was Windoz, but is back to Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\(default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\DeviceNotSelectedTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\GDIProcessHandleQuota
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Spooler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\swapdisk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\TransmissionRetryTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\USERProcessHandleQuota

When I run sfc /scannow nothign comes up so I assume there are no missing or corupt files. I don't know anyone with a cd, so where would the backup location be of the "recovery partition"?
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss <--why did you rename this? This folder isn't even in the fix.

You were supposed to rename the windows folder under this key...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

There should be only 1 windows folder under each KEY. Did you try a system restore??
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Unless mistaken, you should have these keys in your Registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows > > > > contains few entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowsss > > > > contains many entries


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

IF THE ABOVE IS INCORRECT, STOP & INFORM ME NOW

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If the above is correct, I want you to do this...

Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

In the smaller left hand pane-> Left-click once on the Windows folder

**Look at the Address bar & confirm that the location remains the same

Right-click & select Rename-> Rename it from Windows to Windows2 -> Hit Enter



After you have done that, Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_CURRENT_USER\Software\Microsoft\Windowsss

In the smaller left hand pane-> Left-click once on the Windowsss folder

**Look at the Address bar & confirm that the location remains the same

Right-click & select Rename-> Rename it from Windowsss to Windows -> Hit Enter

Exit Registrar Lite & reboot your computer

Disclaimer:

Ask me not for a gurantee because I offer none.
I have tried this on another computer & it has worked.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #15
I attempted what was told in the last entry with naming the other folder windows2 and trying to name the windowss back to windows. There is still an error when trying to rename the windowss folder.

Furthermore, now that I have named the other folder Windows2, I cannot name it back to Windows. There is an error renaming window that comes up for that now as well.

In response to the entry before that:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowss <--why did you rename this? This folder isn't even in the fix.

You were supposed to rename the windows folder under this key...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

There should be only 1 windows folder under each KEY. Did you try a system restore??"

I renamed that folder because it was the first windows folder I saw and wasn't directed which one I was supposed to do. I now know it wasn't in the fix but Alba didn't specify. How do I try a system restore???
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Alba posted...

Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

In the smaller left hand pane-> Right Click the Windows folder(Highlighted in Blue)

Select Rename-> Rename it to Windoz-> Hit Enter

Now look in the larger right hand pane-> locate and double click AppInit_DLLs

Under Value-> Remove(Delete)-> repairs.dll

Locate and delete the following files,

C:\WINDOWS\system32\ repairs.dll
C:\WINDOWS\system32\bk.exe

Reboot and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again, back to Windows
So he sent you to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows but you renamed the one located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

So it's not really his fault as he did specify the folder and location. Anyway..let's try to address your issue. First lets try to rename the Windows folder again..

Reboot into safe mode and make sure you are logged in as the administrator of the PC.

Open Reglite again and navigate to this folder....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

*Note* The orginal windows folder is the one we are after so navigate to whatever you named it. It should have 5 sub keys in it. Highlight the folder...click properties. Then click 'Permissions' and make sure your user has FULL access to it. Then click "Take OwnerShip" of the folder.

You should then be able to rename it back to Windows. There should be ONLY 1 folder named Windows in this key..HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft The others will be WindowsNT, Windows Media...ect

If that doesn't work..then try system restore...

To start system restore click Start>>>All Programs>>>Accessories>>>System Tools>>>>System Restore.

If you can not launch it by that method...reboot into safe mode and select "Command Prompt Only" Then type in the following command and hit enter.

%systemroot%\system32\restore\rstrui.exe

Both those will open the restore wizard. Choose a date prior to when this issue occured and restore your PC back to that date. We can then start over and address your issues.
 

·
Registered
Joined
·
9 Posts
Discussion Starter #17
That didn't work either

"Taking ownership" didn't work also so I still have 1 folder named Windowss and 1 named windows2.

The system restore also didn't work by trying both methods.

The same window came up when I tried the regular opening method and the command prompt method. The window said: "System restore cannot protect your computer now. Please restart computer and ope system restore"

When I did that it didn't make a difference either.

any other ideas please?
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Okay.. I'm running out of ideas here. No idea why my last fix didnt work. :4-dontkno

Let's try one last time.

READ THIS OVER CAREFULLY BEFORE PROCEEDING


Open Reglite and Navigate to these keys: (they are all located near each other)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowsss


Click on the [+] sign next to each folder to expand each folder till you get something that looks like this..





From the Windows2 folder, copy CurrentVersion & paste it into the Windows folder

Microsoft\Windows2\CurrentVersion --->> Microsoft\Windows

From the Windowsss folder, do the same .. (all of it goes to the Windows folder)
  • CurrentVersion --> Windows
    Help --> Windows
    Html Help --> Windows
    ITStorage --> Windows
    Shell --> Windows


The end result looks like this



Close reglite & reboot your computer
 

·
Registered
Joined
·
9 Posts
Discussion Starter #19
YES! Success!!

Thank you very much. That finally worked. All of my problems have been resolved as everything is working fine now.

Two last questions though:

1) Whenever I run the search, it works however the window pops up asking my that it is trying to install the XP again and me not having a disk can't shut it up, but the search works fine, just annoying canceling it out like 3 times for every search. So is there anyway to stop that?

2) When I open my word and excel, it says I must register it, however I already did that before and now it says its already registered with my number. It says it will expire after so many more times use, will it actually stop working and force me to re register or whatever?


Thank you so much for your help, my computer is almost back to normal.
 

·
Registered
Joined
·
2,009 Posts
Hi BigmoneyYea

On your second question If you call microsoft helpline, tell them about the virus thing they will reregister, so that will solve that problem, sUBs may have an idea about the other problem with searches, if not mention that to the MS support

glad everything is fixed for you
alba
 
1 - 20 of 20 Posts
Status
Not open for further replies.
Top