All files are there.
Weird Shortcut in C: (snqn) and suspected Ramnit?
Started by
roadran
, Mar 10 2012 09:35 AM
#31
Posted 12 March 2012 - 04:03 PM
All files are there.
#32
Posted 12 March 2012 - 04:08 PM
Sounds to me like player.exe is still there and hiding. Did you do the:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd "\program files\apoint"
attrib -r -h -s *.exe
dir /a *.exe
(Do you see player.exe ? If so see if you can submit it now. If not let's see if it is really there but hiding)
mkdir player.exe
Does it create the folder or say that it can't because there is already a folder or file of the same name?
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd "\program files\apoint"
attrib -r -h -s *.exe
dir /a *.exe
(Do you see player.exe ? If so see if you can submit it now. If not let's see if it is really there but hiding)
mkdir player.exe
Does it create the folder or say that it can't because there is already a folder or file of the same name?
#33
Posted 12 March 2012 - 04:11 PM
Well, the file already exists. But after making that player.exe folder, I'd reckon it's that...
#34
Posted 12 March 2012 - 04:12 PM
You can't change a file into a folder. You have to delete the file first then make a folder of the same name. If it let's you make the folder then the file is not there.
#35
Posted 12 March 2012 - 04:13 PM
At first it let me make a folder named player.exe
I now removed the folder, and it still shows up in sigverif...
I now removed the folder, and it still shows up in sigverif...
#36
Posted 12 March 2012 - 04:41 PM
It must be a mistake in the drive table.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.
Reboot. The disk check will run and will probably take an hour or more to finish.
Then run sigverif and see if it still sees player.exe.
The file is part of Alps Pointing-device Driver so you may want to try redownloading and installing the driver for the Alps Pointing-device.
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.
Reboot. The disk check will run and will probably take an hour or more to finish.
Then run sigverif and see if it still sees player.exe.
The file is part of Alps Pointing-device Driver so you may want to try redownloading and installing the driver for the Alps Pointing-device.
#37
Posted 12 March 2012 - 08:34 PM
And sigverif can not find player.exe anymore!
#38
Posted 13 March 2012 - 01:17 AM
So how is it running now?
#39
Posted 13 March 2012 - 05:15 AM
Everything seems great!
Now my time is messed up, and I can't update my internet time sync. If I press update now, it says "An error occurred, your changes changes could not be saved"
Now my time is messed up, and I can't update my internet time sync. If I press update now, it says "An error occurred, your changes changes could not be saved"
Edited by roadran, 13 March 2012 - 06:03 AM.
#40
Posted 13 March 2012 - 11:53 AM
Open regedit and make sure that you have "Full Control" permissions to these keys (right click each key, Permissions, then select Adminstrators):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime\Servers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime\Servers
#41
Posted 13 March 2012 - 12:04 PM
Yes, yes I do.
#42
Posted 13 March 2012 - 12:37 PM
Copy the next 6 lines of text:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 0 /t REG_SZ /d tick.usno.navy.mil
yes
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d time-b.nist.gov
yes
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d time.windows.com
yes
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you see an error please report it.
If that doesn't work then copy these 2 lines:
reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time /s > \junk.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime /s >> \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.
right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter.
Copy and paste the text from notepad into a reply.
Ron
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 0 /t REG_SZ /d tick.usno.navy.mil
yes
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 1 /t REG_SZ /d time-b.nist.gov
yes
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v 2 /t REG_SZ /d time.windows.com
yes
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
net stop w32time
right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter. If you see an error please report it.
net start w32time
w32tm /resync
If that doesn't work then copy these 2 lines:
reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time /s > \junk.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime /s >> \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.
right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter.
notepad \junk.txt
Copy and paste the text from notepad into a reply.
Ron
#43
Posted 13 March 2012 - 12:45 PM
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
DisplayName REG_SZ @%SystemRoot%\system32\w32time.dll,-200
ObjectName REG_SZ NT AUTHORITY\LocalService
Description REG_SZ @%SystemRoot%\system32\w32time.dll,-201
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeSystemTimePrivilege
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config
FrequencyCorrectRate REG_DWORD 0x4
PollAdjustFactor REG_DWORD 0x5
LargePhaseOffset REG_DWORD 0x2faf080
SpikeWatchPeriod REG_DWORD 0x384
HoldPeriod REG_DWORD 0x5
LocalClockDispersion REG_DWORD 0xa
EventLogFlags REG_DWORD 0x2
TimeJumpAuditOffset REG_DWORD 0x7080
PhaseCorrectRate REG_DWORD 0x1
MinPollInterval REG_DWORD 0xa
MaxPollInterval REG_DWORD 0xf
UpdateInterval REG_DWORD 0x57e40
MaxNegPhaseCorrection REG_DWORD 0xd2f0
MaxPosPhaseCorrection REG_DWORD 0xd2f0
AnnounceFlags REG_DWORD 0xa
MaxAllowedPhaseOffset REG_DWORD 0x1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters
ServiceDllUnloadOnStop REG_DWORD 0x1
ServiceMain REG_SZ SvchostEntry_W32Time
ServiceDll REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
NtpServer REG_SZ time.nist.gov,0x9
Type REG_SZ NTP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Enabled REG_DWORD 0x1
InputProvider REG_DWORD 0x1
AllowNonstandardModeCombinations REG_DWORD 0x1
CrossSiteSyncFlags REG_DWORD 0x2
ResolvePeerBackoffMinutes REG_DWORD 0xf
ResolvePeerBackoffMaxTimes REG_DWORD 0x7
CompatibilityFlags REG_DWORD 0x80000000
EventLogFlags REG_DWORD 0x1
LargeSampleSkew REG_DWORD 0x3
DllName REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
SpecialPollTimeRemaining REG_MULTI_SZ time.nist.gov,0
SpecialPollInterval REG_DWORD 0x93a80
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
InputProvider REG_DWORD 0x0
AllowNonstandardModeCombinations REG_DWORD 0x1
EventLogFlags REG_DWORD 0x0
DllName REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
Enabled REG_DWORD 0x0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider
Enabled REG_DWORD 0x1
InputProvider REG_DWORD 0x1
DllName REG_EXPAND_SZ %SystemRoot%\System32\vmictimeprovider.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo\0
Type REG_DWORD 0x3
Action REG_DWORD 0x1
Guid REG_BINARY BA0AE21C5198214494301DDEB766E809
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo\1
Type REG_DWORD 0x3
Action REG_DWORD 0x2
Guid REG_BINARY 6E51AFDDC25866489574C3B615D42EA1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
(Default) REG_SZ 2
1 REG_SZ time-b.nist.gov
2 REG_SZ time.windows.com
3 REG_SZ time-nw.nist.gov
4 REG_SZ time-a.nist.gov
5 REG_SZ time-b.nist.gov
0 REG_SZ tick.usno.navy.mil
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
DisplayName REG_SZ @%SystemRoot%\system32\w32time.dll,-200
ObjectName REG_SZ NT AUTHORITY\LocalService
Description REG_SZ @%SystemRoot%\system32\w32time.dll,-201
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeSystemTimePrivilege
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config
FrequencyCorrectRate REG_DWORD 0x4
PollAdjustFactor REG_DWORD 0x5
LargePhaseOffset REG_DWORD 0x2faf080
SpikeWatchPeriod REG_DWORD 0x384
HoldPeriod REG_DWORD 0x5
LocalClockDispersion REG_DWORD 0xa
EventLogFlags REG_DWORD 0x2
TimeJumpAuditOffset REG_DWORD 0x7080
PhaseCorrectRate REG_DWORD 0x1
MinPollInterval REG_DWORD 0xa
MaxPollInterval REG_DWORD 0xf
UpdateInterval REG_DWORD 0x57e40
MaxNegPhaseCorrection REG_DWORD 0xd2f0
MaxPosPhaseCorrection REG_DWORD 0xd2f0
AnnounceFlags REG_DWORD 0xa
MaxAllowedPhaseOffset REG_DWORD 0x1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters
ServiceDllUnloadOnStop REG_DWORD 0x1
ServiceMain REG_SZ SvchostEntry_W32Time
ServiceDll REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
NtpServer REG_SZ time.nist.gov,0x9
Type REG_SZ NTP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Enabled REG_DWORD 0x1
InputProvider REG_DWORD 0x1
AllowNonstandardModeCombinations REG_DWORD 0x1
CrossSiteSyncFlags REG_DWORD 0x2
ResolvePeerBackoffMinutes REG_DWORD 0xf
ResolvePeerBackoffMaxTimes REG_DWORD 0x7
CompatibilityFlags REG_DWORD 0x80000000
EventLogFlags REG_DWORD 0x1
LargeSampleSkew REG_DWORD 0x3
DllName REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
SpecialPollTimeRemaining REG_MULTI_SZ time.nist.gov,0
SpecialPollInterval REG_DWORD 0x93a80
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
InputProvider REG_DWORD 0x0
AllowNonstandardModeCombinations REG_DWORD 0x1
EventLogFlags REG_DWORD 0x0
DllName REG_EXPAND_SZ C:\Windows\system32\w32time.DLL
Enabled REG_DWORD 0x0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider
Enabled REG_DWORD 0x1
InputProvider REG_DWORD 0x1
DllName REG_EXPAND_SZ %SystemRoot%\System32\vmictimeprovider.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo\0
Type REG_DWORD 0x3
Action REG_DWORD 0x1
Guid REG_BINARY BA0AE21C5198214494301DDEB766E809
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TriggerInfo\1
Type REG_DWORD 0x3
Action REG_DWORD 0x2
Guid REG_BINARY 6E51AFDDC25866489574C3B615D42EA1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
(Default) REG_SZ 2
1 REG_SZ time-b.nist.gov
2 REG_SZ time.windows.com
3 REG_SZ time-nw.nist.gov
4 REG_SZ time-a.nist.gov
5 REG_SZ time-b.nist.gov
0 REG_SZ tick.usno.navy.mil
#44
Posted 13 March 2012 - 01:10 PM
Attached is a file called w32sec.zip. Download and save it then right click on it and Extract All. Find w32sec.reg and right click on it and Merge.
This should replace the missing security info. Perhaps now it will work?
This should replace the missing security info. Perhaps now it will work?
#45
Posted 13 March 2012 - 01:16 PM
Nope... It still says settings can't be saved?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users