Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I am going to take up knitting [RESOLVED]


  • This topic is locked This topic is locked

#16
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I just looked in my windows directory and I see that "C:\WINDOWS\RMAgentOutput.dll" is still there even though I selected it for deletion on reboot...
  • 0

Advertisements


#17
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Interesting...

Please attempt to delete it. If you get an error message when you try, than reboot to safe mode and attempt to delete it there, please.
  • 0

#18
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I was able to delete it...
  • 0

#19
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello sinisfun,

Try #214 Here

Reboot, then check to see if it's greyed out still.
  • 0

#20
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Is there some special way that I need to format that text file? I tried saving it as a .reg and also using the import function in regedit. It returns the error "The specified file is not a registry file, you can only import registry files"
When I try and save it as .reg and run it from the desktop I get a "You can only import binary registry files from inside the editor" Sending me in circles.... :tazz: I do believe we are almost finished here though... I hope..
  • 0

#21
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, sinisfun.

Let's try this

Copy and paste the below text into notepad, make sure to save it as fixme.reg and that it's saved as file type All Files

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SetVisualStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
  00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
  6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
  00,00,00
"ColorName"="NormalColor"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

Double click it, answer yes when it asks if you want to merge it with the registry.
  • 0

#22
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Same error...
  • 0

#23
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
If I format it like this...
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SetVisualStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
  00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
  6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
  00,00,00
"ColorName"="NormalColor"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000


It seems to take it, when I restarted I verified that the data had been written to those keys.. however I still cannot change my wallpaper..

Edited by sinisfun, 23 November 2005 - 12:20 AM.

  • 0

#24
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, sinisfun.

Looks like my REGEDIT4 didn't paste. :tazz:

Try this real quick:
  • Click Start>Control Panel>Display
  • Go to the Desktop tab and click on the Customise Desktop button.
  • Go to the Web tab
  • In the web page box, click on the page that is checkmarked and then click the Delete button.
  • Ok your way out of the dialog and check your desktop
From the looks of your logs, your registry entries should be fine. It's possible something has gotten corrupted due to the infection you had. I'll ask an expert in the morning about this. Until then, you can try what I listed below. :)

Open the CD ROM Drive used to install Windows, insert the XP CD but leave the drawer open. Click start then run, type sfc /scannow then press enter and close the CD ROM Drive drawer. You will get a blue progress bar, after the bar goes, reboot. This will check for and replace missing or corrupt system files.

You can check for an improvement after running sfc /scannow then after each step until you have run through them all, if necessary

Click start, all programs, accessories, system tools to run disc clean up, then from system tools, run disc defragmenter.

Click start then run, type prefetch then press enter, click edit then select all, all the files in the folder will now be highlighted, right click any file, click delete, a box will appear asking if you want to delete all the files, confirm the delete then reboot

Click start then run, type chkdsk /f /r then press enter, type Y to confirm for next boot, press enter then reboot.

This will take an hour, it will appear to load normally then either the monitor will show progress or the screen will go blank, do not disturb this.

When it gets to the desktop, the system files and the hard drive will be as they should

If no change

Please go here to repair your operating system

Repair XP

If you are unable to run Repair XP

Alternate XP Repair Guide

Use the last one - Windows Installation CD to repair the current installation, which uses a slightly different method

Windows XP repair feature won't delete your data, installed programs, personal information, or settings. It just repairs the operating system
  • 0

#25
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
There is an entry there called "My Current Home page" however the delete option is greyed out...
  • 0

Advertisements


#26
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
sinisfun.

Let's try 1 last barrage before I go to bed.

All of the fixes will be on This site.

Let's try:

#256, on the right side.
#128 on the right side.
#142 on the right side.

Make sure to reboot after applying them.
  • 0

#27
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
No change, just set me back to classic view... Have a good night and thanks for your help, I am sure I will talk to you tomorrow.

Edited by sinisfun, 23 November 2005 - 01:11 AM.

  • 0

#28
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
So there is still no change in the ability to change the wallpaper, I cannot seem to get chkdisk to scan any drives other than A:. I would like to avoid going the whole repair windows route as I do not have a floppy installed and I require sata raid drivers in order for windows to see my drives. Is there any other possible solution that you have come across or should I go buy a floppy and slap it in my machine?
  • 0

#29
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, sinisfun.

When you try to run chkdsk it's probably saying the drives are locked, it should ask if you wish to allow it on reboot, answer yes when it does.

Also, believe me when I understand about having no floppy drive and needing sata/raid drivers, I'm in the exact same situation. I finally just slipstreamed the drivers onto a new windows disc mirrored from my current one.

I havn't had much time to research the problem as I was working a double shift today, and am working 7-5 tomorrow. (Thanksgiving) I may not be able to come online that day.

I am sorry for the delay.

Happy Thanksgiving! :tazz:
  • 0

#30
sinisfun

sinisfun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I do select the option to scan on reboot, when it boots back up it briefly flashes the checking volumes screen... and I can see that it is checking the A: drive, howver no other drives apear and it boots into windows. Total time for process ~2 mins max.

Well anyways I can hold off until you get back into the swing of things, enjoy your time off!

-Sin
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP