Solve : Registry help? – InterviewSolution

InterviewSolution

1.	Solve : Registry help?
Answer» Does anyone have a good recommendation for a free registry cleaner that REPAIRS the files for free, not just scans them? I have a DLL error that prevents me from using the internet and freezes my computer. If anyone has a solution I'd gladly appreciate it.First and most important to know is that any Registry cleaner DO NOT repair the registry. The descriptions are misleading and have caused even 'healthy' computers to not boot back to Windows. NEVER run a registry cleaner on a PC that is having performance issues. You might as well just reformat and reinstall as that's LIKELY what will happen if you do. What is the exact .dll error or ERRORS? Well when I log-in to Windows this pops up, "Unable to display C:\Windows\Uhitovo.dll" then the background turns blue and I can't access the internet...any idea what this could be?That is a virus. Can you go to C:\Windows\Uhitovo.dll and TRY to delete the Uhitovo.dll file? Do you have a flash drive to transfer over some tools so we can clean the malware?How would I go about getting to that file and delete it? Sorry I'm somewhat new at this whole virus thing.And yes I do have a flash drive to transfer over software to clean the malware.First, what OS are you using? XP or Vista.Its Windows XPUse these directions and transfer the file (SDFix) to the infected computer. It will create a log when complete and hopefully it will get your Internet connection back. Either way I need to see the log. Download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account or an account with Administrative rights * Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button. * A window will now open showing SDFix being extracted into the C:\SDFix folder. * Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions. * DO NOT use it just yet. Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". When your computer has started in safe mode, and you see the desktop, close all open Windows. * Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button. Code: [Select]C:\SDFix\RunThis.bat * SDFix window will open containing some brief info and a disclaimer on the use of the tool. * Type Y on your keyboard and then press Enter to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).I'm using roomates computer and can't copy the report from my infected laptop to this computer since my Internet on the infected one isn't working. However, the scan finished up and found a few trojans. Any way I can copy it over?Yes you can put the .txt file on the flash drive and transfer it like you did SDFix. Also transfer this next tool over and run it now please. Don't worry, well get it back to normal. Hopefully after running this next scan. I need the ComboFix log even more than I do the SDFix log. It will tell me exactly what needs to be done next. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your ANTIVIRUS, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.When I try to run ComboFix, something pops up that says I don't have Windows Recovery Console and that I need to install it, but I need an internet connection, which I don't have. Do you think I should continue on WITHOUT it or do I absolutely need it?Yes please continue on. You can install it later but it won't be needed for what we are doing.ComboFix 09-02-02.04 - Bob 2009-02-02 22:52:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.254 [GMT -5:00] Running from: E:\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bob\Application Data\NI.GSCNS c:\documents and settings\Bob\Application Data\NI.GSCNS\dl.ini c:\documents and settings\Bob\Application Data\NI.GSCNS\settings.ini c:\windows\system32\cLkjQqru.ini c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekaubqsxjol.sys c:\windows\system32\PVGgQqss.ini c:\windows\system32\PVGgQqss.ini2 c:\windows\system32\senekaaqpmepcf.dll c:\windows\system32\senekalnkpaswu.dat c:\windows\system32\test.ttt c:\windows\system32\uniq.tll c:\windows\system32\win32hlp.cnf c:\windows\Tasks\sackzllj.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))) . 2009-02-02 22:01 . 2009-02-02 22:01578,560--a--c---c:\windows\system32\dllcache\user32.dll 2009-02-02 21:59 . 2009-02-02 22:00d--------c:\windows\ERUNT 2009-02-02 21:53 . 2009-02-02 22:27d--------C:\SDFix 2009-02-02 17:25 . 2009-02-02 17:25d--------c:\program files\RegCure 2009-02-02 17:06 . 2009-02-02 17:06d--------c:\program files\CCleaner 2009-02-02 16:58 . 2009-02-02 16:58d--------c:\program files\RegSweep 2009-02-02 16:58 . 2009-02-02 16:58d--------c:\documents and settings\Bob\Application Data\RegSweep 2009-02-01 23:53 . 2009-02-01 23:53125,440--a--c---c:\windows\system32\dllcache\userinit.exe 2009-02-01 23:49 . 2009-02-01 23:50135,168--a------c:\windows\ikoqurihikicil.dll 2009-01-27 00:53 . 2009-01-27 00:53d--------c:\program files\NBA Jam Tournament Edition 2009-01-16 00:10 . 2009-01-16 00:10d--------c:\documents and settings\Bob\Application Data\Viewpoint 2009-01-13 20:32 . 2009-01-13 20:32d--------c:\program files\SUPERAntiSpyware 2009-01-13 20:32 . 2009-01-13 20:32d--------c:\documents and settings\Bob\Application Data\SUPERAntiSpyware.com 2009-01-13 20:32 . 2009-01-13 20:32d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-13 20:18 . 2009-01-13 20:18d--------c:\program files\Common Files\Wise Installation Wizard 2009-01-11 19:46 . 2009-01-11 19:46655--a------c:\windows\wininit.ini 2009-01-11 18:22 . 2009-01-13 21:31d--------c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 17:52---------d-----wc:\documents and settings\Bob\Application Data\MSN6 2009-02-02 07:30---------d-----wc:\documents and settings\All Users\Application Data\avg8 2009-02-01 18:57325,128----a-wc:\windows\system32\drivers\avgldx86.sys 2009-02-01 18:57107,272----a-wc:\windows\system32\drivers\avgtdix.sys 2009-01-06 23:14---------d-----wc:\program files\Google 2009-01-05 05:26---------d-----wc:\documents and settings\Bob\Application Data\AVGTOOLBAR 2009-01-02 09:17---------d-----wc:\program files\Soulseek 2008-12-12 08:10---------d-----wc:\documents and settings\Bob\Application Data\Twain 2008-12-11 10:57333,952----a-wc:\windows\system32\drivers\srv.sys 2008-12-11 03:30---------d-----wc:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-11 03:19---------d-----wc:\program files\Microsoft Works 2008-12-11 03:02---------d-----wc:\program files\Microsoft SQL Server 2008-12-11 03:02---------d-----wc:\documents and settings\Bob\Application Data\GetRightToGo 2008-11-16 01:0565,848----a-wc:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- 2002-08-29 05:41 22016 e931e0a2b8bf0019db902e98d03662cbc:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 04:42 26112 a93aee1928a9d7ce3e16d24ec7380f89c:\windows\ServicePackFiles\i386\userinit.exe 2009-02-01 23:53 125440 b6fe9dcc2857c2d8e472d260b5735ecfc:\windows\system32\userinit.exe 2009-02-01 23:53 125440 b6fe9dcc2857c2d8e472d260b5735ecfc:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AIM Toolbar 5.0\aoltb.dll" [2008-03-07 1090912] [HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}] [HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}] [HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "RegSweep"="c:\program files\RegSweep\RegSweep.exe" [2008-12-16 6751480] "Vwagux"="c:\windows\ikoqurihikicil.dll" [2009-02-01 135168] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-09-01 45056] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-01 13:57 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecuteREG_MULTI_SZ \0 [HKLM\~\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Adobe Media Player.lnk] path=c:\documents and settings\Bob\Start Menu\Programs\Startup\Adobe Media Player.lnk backup=c:\windows\pss\Adobe Media Player.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-01 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-01 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-01 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-01 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-04 33752] . Contents of the 'Scheduled Tasks' folder 2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-03 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 12:58] 2009-02-02 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 12:58] 2009-02-03 c:\windows\Tasks\RegSweep Scheduled Scan.job - c:\program files\RegSweep\RegSweep.exe [2008-12-16 17:01] 2009-02-03 c:\windows\Tasks\RegSweep Scheduled Scan.job - c:\program files\RegSweep [2009-02-02 16:58] . - - - - ORPHANS REMOVED - - - - BHO-{3332E765-3AFF-4823-BBF5-E09CBC32FCE4} - (no file) BHO-{46487b65-3a2b-5f8c-4cbf-d0078049467c} - (no file) BHO-{E075AEFB-325C-402A-82C3-59AC363FF35B} - (no file) Notify-iifeeFYP - iifeeFYP.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 22:55:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wbem\wmiadap.exe . ************************************************************************ . Completion time: 2009-02-02 23:00:20 - machine was rebooted [Bob] ComboFix-quarantined-files.txt 2009-02-03 04:00:16 Pre-Run: 128,087,625,728 bytes free Post-Run: 127,998,791,680 bytes free 194--- E O F ---2009-01-15 08:02:01 OK I see what the problem is now. This is a very nasty rootkit you have picked up. Are you able to connect to the internet with the infected computer now? We can fix it but it will be easier with a net connection.

Discussion

No Comment Found

Related InterviewSolutions