Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repair Installation - Setup doesn't show C: \Windows...


  • Please log in to reply

#1
Jerry23

Jerry23

    Member

  • Member
  • PipPip
  • 44 posts
Hello,

I need some help. I messed up my Registry about a week ago & could not boot. Let me preface this by saying that even though I have been using a computer for many years, I am a novice at trying to fix Windows problems.

I tried to do a system restore using cd \, cd system~1, cd resto~1. I got back that it could not find the file. I guess this means that it could not find a viable restore point. This may be because my System Restore has not been working for a long time.

Having failed to do a system restore, I tried to do a system repair, using a Windows XP CD - sp2 level. I performed a chkdsk /p & fixboot. I eventually did a system repair, using R & enter keys - I am a little fuzzy on exactly what I did. But it took a long time to read in all the files & I eventually got a screen to enter my Windows 25 digit code. When I finally booted in Windows mode I got an error screen:

APPLICATION ERROR

OFVISEX caused an access violation in ntdll.dll at 0x7c9106c3. Click close to terminate the application. Click ignore to continue.

The computer appeared to work pretty well - a few IE freezes & Err - must shut down. I did a few things to get my computer back to the level I wanted. When I tried to update all my windows files to sp3+, using the MSFT web sites, IE vs 6 would not work - would not open. All white screens. Looked strange. Malwarebytes would not run.

I then did a system restore to the level it was when I first came out of the Windows repair procedure. The first time I booted up after this system restore, I got the Error Mssg I got above --access violation in ntdll.dll. At this time my IE worked, but not very well. I get a lot of IE freezes & shut downs. Other strange things. Can't uninstall my Malwarebytes. Can't uninstall my Realtek AC97 Audio. Got 35 copies of Windows Task Mgr on screen at one point.


I have Kapersky Internet security 2010.Ran it in regular & Safe Mode. It shows no virus/Malware. Also ran Trend Micro online scan. Ran Panda online active scan. Reinstalled Malwarebytes in different folder & it now works. Ran it in regular & Safe Mode. I don't think virus or malware is a problem.

Today I tried to run another Windows repair procedure, using the procedure you have posted on this site. When I got to the screen that shows your existing Windows XP installations, the C:\windows installation was not shown. I showed my M:\ Windows installation. This was the backup I copied when I first bought my computer. It is only to the sp1 level. My Win XP cd is to the sp 2 level.


Anyway, I don't know where to go or what to do next. Need lots of help.

Thanks in advance for any help.

Regards,

Jerry
  • 0

Advertisements


#2
othersteve

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
I know it doesn't seem likely, but you may very well be dealing with a rootkit infection of some sort, so before you go any further, I would highly recommend you post a message in the Virus, Spyware, and Trojan Removal forum via the instructions in this topic.

After properly removing any infections (or if you're simply POSITIVE that you don't have anything on there), you may be able to attempt a full permissions reset followed by what's called a system file repair (you can ask here for more help post-disinfection if that applies) to get yourself back in a functional state. From there, if you are still experiencing problems, registering certain system services and some other fixes might get things moving. Once things appear to be looking up, attempting a Service Pack 2 install and seeing where that takes you may help. Worst-case scenario, going forward with a repair install at this point could possibly locate the Windows installation correctly.

But definitely consider investigating disinfection first, just to be sure. I'd love to help you with that here, but I'm not certified for that. :D Once you finish with that step, you can return here and I'll bet we can get you up and running if it's at all within the realm of possibility.


~~~

If you'd like to attempt the permissions reset now, here's how to do it:

1. Download and install SubInACL from Microsoft. Install SubInACL in the default location.

2. Click Start > Run > type cmd and click OK

3. In the cmd prompt, type notepad reset.cmd and click yes to open Notepad.exe and create a new text file named reset.cmd

4. Copy and paste the following contents into reset.cmd:

cd /d "%programfiles%\Windows Resource Kits\Tools"

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

5. Save and close reset.cmd.

6. In the cmd prompt, type reset.cmd and press enter to run the SubInACL tool. This will take several minutes to complete.


~~~

If you can get this to work, the next thing I would try is the system file checker. Here's how to make that work:

1. Make sure you've got your Windows installation CD handy. I know you said you only have the SP2 CD; if I am not mistaken, you are currently running on SP2 however, correct? If so, this is fine.

2. Click Start > Run > type sfc /scannow

3. Insert the Windows CD if prompted to do so.


In the case of an infection, you may need to purge the sfc cache first using the sfc /purgecache command, but please be advised this will require the proper install CD for all file repairs (as it deletes the local backup copies of those files).


~~~

Once you get done with these steps, return and let us know how it's going if you don't mind.


~os

Edited by othersteve, 17 November 2009 - 10:20 PM.

  • 0

#3
Jerry23

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi OS,

Thanks for the quick reply. I have decided to take your advice & double check my security, using the link you gave me. I have been doing that all day. It is taking much longer than I expected. I just got thru running ESET online scan [with low level DSL - AT&T]. It took 5 hr 39 min!! Sorry I took so long getting back to you. I did not want to take a chance replying to you using a different IE window, because my computer/IE tends to freeze w/o warning. I wanted to let ESET finish first. So far not much to report regarding security. ESET found 1 infected file it thought probably is an unknown NewHeur_PE virus [whatever that is]. I'm not sure about that. That is a file from Magnibar - which I have had on my system at least 2 years - long before the problems started. Haven't used it in a couple years.

I haven't got to the Rootkit Detection yet - will get on that tomorrow. When I get done with that, I will start a thread on the other side to make sure it is ok to proceed here.

In the meantime, would you mind telling me a little more about what you proposed above is going to do - in terms that a layman would understand? I would appreciate it very much. That would help me understand what is going on - rather than just following directions to bake a pie! :)

Thanks again OS. Maybe I will have an update for you tomorrow - sure hope so.

Regards,
Jerry

Edited by Jerry23, 18 November 2009 - 06:57 PM.

  • 0

#4
othersteve

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Jerry,

Sure thing--no problem. The script I posted above simply performs a permissions reset on every file and registry key on your system to allow Administrator and System full access. It's the way things are supposed to be, so if you end up with some sort of infection or permissions corruption, that's how to restore it to balance. :)

~os
  • 0

#5
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts

the C:\windows installation was not shown. I showed my M:\ Windows installation. This was the backup I copied when I first bought my computer.

If you copied the entire OS install to the M drive, it will not work because all the dll files associated with the OS are not registered.
If you cloned the original OS, then it should work by cloning it back.

You need to complete the malware removal forum first because anything repairs we have you do here could interfere with what they do there.
You need to get a clean bill of health from them before coming back here.


I do want to look at something to get prepared though.

Go to start...
Go to run....
Type in sysdm.cpl and click ok
Go to advanced tab...
Go to startup and recovery and click on settings.
Under system startup... click on edit.
Copy and paste the boot.ini file in your next response.

Do not change anything in there.

123runner
  • 0

#6
othersteve

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Oh, I think I see what we are dealing with here. Is it possible you booted to the M:/ installation this time as opposed to C:\?

If so, that explains all of these issues... :) 123Runner sounds like he has a great idea with the boot.ini check.

~os
  • 0

#7
Jerry23

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OK 123 Runner, OS,

Here it is:

[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

I don't remember what I put In M:\, But I did not get a Windows cd when I bought the computer. I made the system backup partition according to the directions HP gave me. If it is important, I can look thru my HP info & try to find the directions. I got the Windows cd later, when I had a repair made to my computer. It came with no instructions :) .

By the way, when my computer boots up to the Windows welcome screen, there are 2 Icons for user Jerry, none for Administrator. Before all this started, there used to be 1 for Jerry & 1 for Administrator. I did not used to get that screen unless I looked for it. I would like to get rid of that 2nd icon for user Jerry if I can - & get rid of that screen. I am the only one using this computer. I tried to get rid of this screen using:Start> Run> [Control userpasswords2] & uncheck: user must enter a user name & password, enter in another box: Jerry, leave PW blank, OK. This worked [got rid of that screen on boot] after the repair, but does not seem to work after the update to XP sp3 & subsequent system restore to the original Repair location.

Thanks for the help & interest.

Regards,

Jerry

Edited by Jerry23, 19 November 2009 - 09:55 AM.

  • 0

#8
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts
The boot.ini file looks ok.
You are not booting to another install of XP .

We also need to find out where you created the recovery partition you speak of AND what M drive/partition is

If you have a genuine XP cd, then run SFC (system file checker)

Go Start and then to Run ("Start Search" in Vista),
Type in: sfc /scannow Note the space between c and /
Click OK (Enter in Vista).
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.
In Vista you will receive the following message: "Windows resource protection did not find any integrity violations".

123runner
  • 0

#9
othersteve

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Jerry, I would suggest you also perform the SubInACL permissions reset as I suggested earlier in conjunction with the sfc step that both I and 123Runner have suggested.

Thanks!

~os
  • 0

#10
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts
I did not catch this earlier....ESET found 1 infected file it thought probably is an unknown NewHeur_PE virus

I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the reguested logs in THAT forum. If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

123runner
  • 0

Advertisements


#11
Jerry23

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi 123runner,

[Sorry about the poor quotes references to prior posts, but I have not figured out how to do quotes the proper way yet.]

[1]I ran the System File Check you & ~OS proposed. I had a little hiccup. It asked me to insert my Windows XP Professional sp2 cd. I tried to cancel 2 or 3 times before it finally told me I had inserted the wrong cd [ I had not inserted a cd yet] , and then asked me to insert my Windows XP Home edition cd. I did this & it finished about an hour later without leaving a message. I guess that is good news.

[2]>>>We also need to find out where you created the recovery partition you speak of AND what M drive/partition is<<< Could you be more specific about what you want me to do.

[3] Re: your request to go thru the Cleaning process. I started that yesterday at the request of ~OS. See below.



Hi ~OS,

[1]Regarding your suggestion to run System file check, please see above. I was waiting until after I did the full permissions reset until 123runner asked me to do it now.


[2]>>>After properly removing any infections (or if you're simply POSITIVE that you don't have anything on there), you may be able to attempt a full permissions reset followed by what's called a system file repair (you can ask here for more help post-disinfection if that applies) to get yourself back in a functional state.<<<

I have not finished the infections check yet. I was waiting to finish that before doing the permissions reset, per your recommendation above.

Let me tell you where I am with the infections check. I have completed everything before the "Rootkit Detection" Step. I am stuck at that step because my computer keeps freezing when I attempt to run RootRepeal.exe. I have opened a link on the Security board to resolve that issue, but I have not received any responses yet. See the link below for more details on this.

http://www.geekstogo...em-t259047.html

Whatever I have done so far seems to have improved my computer performance a lot. I have not had any IE hang ups or Err mssg today & I have used it a lot. The only computer problems I have had today is with the computer freezing when I try to run the Rootkit Detection.

I am not sure why things got so much better. None of the spyware or virus programs I ran found much. The Magnibar file that ESET found has been there for years - I really doubt if that is causing my current problems.

There is one thing I did [by mistake] that may make a difference. When I ran ERUNT, it said it stored a Registry Restore File. I thought that file was NTREGOPT. I was wrong - that is a file that optimizes the registry files. I clicked it & it did its thing without asking for any input of giving any "are you sure" warnings. I reduced my registry size from 36.1 to 33.9 MB. I don't really know if this helped or not. Where did my Registry restore file go? It was supposed to be put on the desktop.

Could running TFC helped this much?? I don't know.

If you think it is safe now to run the full permissions reset, I will be happy to do it.

Have you got any ideas on how to proceed on the Rootkit Detect?

Thanks for all the help.

Jerry

Edited by Jerry23, 19 November 2009 - 05:21 PM.

  • 0

#12
Jerry23

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OK,

I guess I got a little too happy too fast about my improved computer performance. I just got a IE shut down & error. This one was specific.

EI ERR: The following add-on was running when this occured.

File: Flash10c.ocx
Company: Adobe Systems
Appilcation: Adobe Flash Player

I was not viewing a video or listening to an Audio when this happened.

I went back & checked my records. On 10/19/09 I downloaded & installed Adobe Shockwave Player. The install did not seem to complete properly - it froze - stopped. Used Ctrl Alt Del. I went back to use it later & it seemed to work OK.

Could this have any bearing on my problems??

Regards,

Jerry
  • 0

#13
othersteve

othersteve

    Member

  • Member
  • PipPipPip
  • 470 posts
Hey Jerry,

I'll leave the troubleshooting up to 123Runner from here I suppose.

Allow me to answer this question for you:

There is one thing I did [by mistake] that may make a difference. When I ran ERUNT, it said it stored a Registry Restore File. I thought that file was NTREGOPT. I was wrong - that is a file that optimizes the registry files. I clicked it & it did its thing without asking for any input of giving any "are you sure" warnings. I reduced my registry size from 36.1 to 33.9 MB. I don't really know if this helped or not. Where did my Registry restore file go? It was supposed to be put on the desktop.

It's unlikely that that helped much. The system file checker may well have been the reason for your performance improvement, but it's honestly difficult to say.

Your question about the Adobe Flash Player suggests you may need to reinstall it. But disinfection comes first if it happens to apply--that's critical.

One thing's for sure; if you're actually infected, you'll see a significant boost in speed once you're clean. And I have to say, the fact that RootkitRevealer does not wish to run certainly raises some red flags.

But as you know, I cannot provide disinfection advice on this forum, as I am not currently certified for such troubleshooting (and it's only allowed on the Virus, Spyware, and Trojan removal forum anyhow). So let's just see where this takes us I suppose. I wish you the best in this!

~os

Edited by othersteve, 19 November 2009 - 06:15 PM.

  • 0

#14
123Runner

123Runner

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,308 posts
I know it is difficult to remain patient, but it is imperative that you complete the malware forum.
Giving advise and working between 2 forums will be counterproductive. It will effect what they do in malware.

I will be monitoring this topic and the 1 you have in malware.
If your topic there has not been looked at in 3 days be sure you post in "the waiting room".

When Erunt is run (either on boot up automatically or if you run it) it is saved in C:\windows\erdnt with a folder and a date.
  • 0

#15
Jerry23

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi ~OS,

Thanks for the input. I wish you wouldn't leave. I will need your guidance in running the permissions reset. I hope you did not think I was ignoring you on running that. I thought you wanted me to wait until after I got disinfected. I really appreciate all the time & effort you are putting in on this.

I'm not sure the system file checker was responsible for the performance improvement. The file chk did not come until late in the day, & my computer was running fine all day until recently.

Now I don't think I have a big improvement in performance. All of a sudden things are headed south again. I ran BitDefender & it took twice as long to run as it should have.

I decided to run OTL.exe, while I was waiting for the other board to respond to my issue with Rootkit detection. I dl it to a folder on my E:\ drive. Double click. Got the error message that it was not a valid Win32 application. Repeated several times.

A few minutes ago I tried to open a IE window & it lagged. I hit the X to close & I got the " This prog is not responding " , End Now _ it took a long time to close. Tried to open another IE window. Had the same problem. Tried to reboot using Start>Turn off the computer> Restart. Got avp.exe " This prog is not responding ". End Now, click, This program is not responding. Tried to reboot several times. Had to do a Hard turn off [hold the on/off button in].

When I turned back on I got IE to open. Still lots of problems.

Do you want me to perform the permissions reset now - or wait until I am certified clean.

Thanks again for all your help ~OS.

Regards,

Jerry

Edited by Jerry23, 19 November 2009 - 07:45 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP