Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NEW HERE _ CHEK MY LOG OUT? thx [CLOSED]

Started by kjt817 , Aug 26 2005 05:39 PM

  • This topic is locked This topic is locked

#16
tampabelle
Posted 30 August 2005 - 07:16 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download the Regsrch.zip from here - http://www.geekstogo...pe=post&id=3063.

Unzip the file and extract regsrch.vbs file and save it on your desktop.

Double click on regsrch.vbs. Type in winik and hit enter.

This tool will search your registry for the keyword typed in. Your anti-virus may give a warning that a script is running and ask you what to do. Let the script run.

Be patient as the tool will take a few minutes to search your entire registry. After the search is complete, it will generate a log file. Please post back the log file here.
  • 0

Advertisements

#17
kjt817
Posted 30 August 2005 - 04:26 PM

kjt817

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "winik" 8/30/2005 6:25:12 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control]
"ActiveService"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]
"DisplayName"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK]
"DisplayName"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control]
"ActiveService"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]
"DisplayName"="WinIK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"
  • 0

#18
tampabelle
Posted 30 August 2005 - 06:24 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fix.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]



naviagte to C:\WINDOWS\system32\drivers\winik.sys. Right click and rename it to winik.old.


reboot into safe mode



Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [Zk0GYcov] C:\PROGRA~1\tqvxrvtq\GowCfgBN.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.



Delete the file C:\WINDOWS\system32\drivers\winik.old

Locate fix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".


Reboot into normal mode


Delete the folder - C:\Program Files\tqvxrvtq

Post back a fresh HJT log
  • 0

#19
kjt817
Posted 30 August 2005 - 07:17 PM

kjt817

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I can not rename the winik.sys file - when I try to, I am told that: Access is denied.
It says to be sure that the disk isn't write protected and that its not in use.

Any suggestions. I have administrative rights, I don't understand why I don't have access?
  • 0

#20
tampabelle
Posted 31 August 2005 - 08:21 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Lets try the fix in a different sequence.


Launch Notepad, and copy/paste the box below into a new text file. Save it as fix.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]



reboot into safe mode


Locate fix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".


Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [Zk0GYcov] C:\PROGRA~1\tqvxrvtq\GowCfgBN.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

naviagte to C:\WINDOWS\system32\drivers\winik.sys. Right click and rename it to winik.old.


Reboot into normal mode

Delete the file C:\WINDOWS\system32\drivers\winik.old

Delete the folder - C:\Program Files\tqvxrvtq

Post back a fresh HJT log
  • 0

#21
tampabelle
Posted 23 September 2005 - 08:50 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP