Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Registry file failure, now got 2 versions of windows!


  • Please log in to reply

#16
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
And the fun begins... :tazz:

In Windows Explorer (right click "My Computer" and choose "Explore" - right click "Local Disk C:" and choose "Explore"), find Windows.0, right-click on it and choose "Delete"...click "Yes" to confirm the deletion of the folder. Then select Windows.1 and delete it, as well.

Click Start, right-click My Computer, and then click Properties. On the "Advanced" tab, under "Startup and Recovery", click "Settings". The "Startup and Recovery" dialog box appears. Under "System startup", click "Edit" to modify the Boot.ini file.

The Boot.ini file opens in Notepad and looks similar to the following:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home"
/fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home"
/fastdetect

On the "File" menu in Notepad, click "Save As", and then save a backup copy of the Boot.ini file that is named Boot.old. On the "File" menu, click "Exit" to close the backup copy of the Boot.ini file.

In the "Startup and Recovery" dialog box, under "System startup", click "Edit" to reopen the Boot.ini file.

In the [boot loader] section of the Boot.ini file, identify and then delete the following lines of text.

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home"
/fastdetect


multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home"
/fastdetect


On the "File" menu, click "Save" to save your changes to the Boot.ini file. On the "File" menu, click "Exit" to close the Boot.ini file. Click "Ok" to close the "Startup and Recovery" dialog box.

Restart your computer.

Let me know how this goes...

wannabe1
  • 0

Advertisements


#17
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
i have carried this out (well happy i managed it!!)...on re-boot the computer did not stop at the screen it used to...no choice to make!! it sped on straight into the normal desktop. looking much better. i am sooo grateful for your help.

the exploerer has still got refrences to windows.0 and .1 on folders like all users and default users...shoud these go.....do you have further instructions for me?

also, i have my favourites from internet 'trapped' on one of the other operating systmes...i cant seem to drag and drop across.


there are several folders that are blue in colour of text....is this right...as i dont think it was like this before....how can i change this back?

music there which is the big one tho, so chuffed with that.



Dave
  • 0

#18
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Well done, Dave!! :) That wasn't TOO bad, was it?

do you have further instructions for me?

Oh yeah.... :) We're not done yet...

The music files are good! :tazz:

Let's make sure you are set up as an Administrator. Click "Start", then "Control Panel", and double-click the "User Accounts" icon. In the User Accounts window. click on "Change an Account", then on "Your Account", and then on "Change my account type". Make sure the button next to "Computer Administrator" is ticked. "Apply" any changes you make.

I figured there would be a few things to recover. You'll need to take ownership of the files from the other OS's folders in order to move them. See this Microsoft Procedure to take ownership. Recover all the files you need in this manner. Once you have all the files recovered we'll get rid of the wayward folders.

If the files and folders with blue text you refer to are in the Windows folder, they are probably hidden files. You can check this by opening "My Documents", clicking on "Tools" on the toolbar, and choosing "Folder Options". Under the "View" tab, find "Hidden files and folders" in the list, put a tick next to "Do not show hidden files and folders", and "Apply" the change.

If you haven't run Windows Update, you should go ahead and make sure your computer has all the updates from Microsoft. You also need to be thinking about a working Anti Virus application in case your Norton turns out to be fubar. Avast is a good, free AV and, if you so choose, can be downloaded from the link in my signature. If you have to remove the Norton application, let me know...we may have to run a couple removal tools to get rid of it.

Overall, how does the machine seem to be running? Let me know about any "hiccoughs" you run across. When loophole gives you a clean bill of health, we'll run a few final checks and finish cleaning out the unwanted bits.

Hang in there...almost done!

wannabe1
  • 0

#19
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Wannabe1,

good news that we are getting there...enjoying the learnign experience tho!! :tazz:

Generally the system is running much better.

The blue folders seemed to be compressed files (i had tried to save space this way...probs not a good idea tho).

did the administrator bit...no probs...and think i have reclaimed all my files.

run into prblems on malware side....i will post once its fixed.

Dave
  • 0

#20
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
All righty then...

If you have recovered all your files, go ahead and delete the folders related to Window.0 and Windows.1 that you mentioned. How much space have we regained on the drive?

I've been discussing the issues you've run across in the Malware forum with loophole. He's most concerned about the activeX issue, so let's see if we can sort that out next.

Click Start, then Control Panel, and double-click on the "Internet Options" icon. Select the "Internet Zone" icon (should be default) and click the "Custom Level" button.

In the list, under "ActiveX controls and plug-ins", make sure the following are ENABLED:
  • Binary and script behaviors
  • Run activeX controls and plug-ins
  • Script ActiveX controls marked safe for scripting
Select PROMPT for "Download signed activeX controls"
All others in the catagory (ActiveX controls and plug-ins) should be disabled.

"Apply" the changes.
_______________________________

loophole has asked that we remove the Norton for the time being. Download the Avast Anti Virus from the link in my signature, but don't install it yet.

Go to Control Panel and double-click "Add or Remove Programs". Find the Norton applications in the list of programs and remove all Norton entries beginning with the main program.

Then download SYMClean and run it.

Reboot your machine, install the Avast, and update it.

Then post a fresh HJT log HERE for me so I can see if we got the Norton off.

For the files displayed in blue, open My Documents, click on "Tools" on the toolbar, and choose "Folder Options". Under the "View" tab, look near the bottom of the list and remove the tick next to "Show encrypted or compressed NTFS files in color". "Apply" the change.

wannabe1

Edited by wannabe1, 16 February 2006 - 09:04 PM.

  • 0

#21
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Wannabe1,

okdoky...I have the drive stats for you...we are getting somwhere....

Prior to removing windows.0 .1 :

Used : 8.51GB Free 879MB

After removing windows.0 .1 :

Used : 8.3GB Free 1.05GB


The changes have been made to the activeX as requested.

I am in the middle of downloading the anti virus...adn will report back once I have finished the items on your last post.

Dave
  • 0

#22
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
hi,

Norton has been uninstalled.

Avast is now on my computer, registered, activated, and updated. I ran it.

SYMCLEAN has been downloaded and installed (I re-booted as asked also).....however, it did not seem to do an awful lot when run...never the less, the output was as follows....

'The SYMClean tool has detected no additional items that need to be removed.

You can proceed to install your Symantec Applications.'


Here is the hijackthis log you asked for.....

Logfile of HijackThis v1.99.1
Scan saved at 23:59:30, on 17/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Computer Maintenance\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140136282822
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05442AD9-2416-41A6-B2C7-7B7B3A173836}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFEF0CAF-26AF-4910-BE31-62BC29A92CDC}: NameServer = 213.18.68.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{05442AD9-2416-41A6-B2C7-7B7B3A173836}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)


Look forward to hearing from you... :tazz:
  • 0

#23
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Have you run disc clean up, clicked more options, clicked clean up restore points, rebooted and checked the free space on the drive
  • 0

#24
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I have done as you asked...the new drive stats are :

Used : 7.79GB Free 1.56GB
  • 0

#25
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
As usual, the Norton has shredded on removal... :tazz:

I need you to run another little application on that for me...it will run just like the last one, that is, appear to do very little...that's normal. Once this has run, navigate to C:Program Files and delete any Norton or Symantec folder found there and reboot.

SymNRT

Do you have duplicates of your music still on the machine? Do a search (Start > Search) for one of your songs or albums and see where all it is found. Post that information back to me.

We're getting close, Dave!

wannabe1

Edited by wannabe1, 17 February 2006 - 06:58 PM.

  • 0

Advertisements


#26
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
music files are only in one location.

ran the SymNRT and then deleted a syman folder.

do u need another HJT log?


after doing this a couple things were thrown up...there are now files (probs were there before but never notcied them...) called NETWORKSERVICE.NT AUTHORITY and the sam .000 i have 3 folders for localservice and 3 for networkservice....1 blac...2 blue....tried deleting and it wont allow.

Dave
  • 0

#27
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Yepper...post me a fresh log. Also...turn your System Restore back on if you haven't already.

How much free space did you have on your machine before you reinstalled the OS. Seems like we have quite a bit of space to recover. I was hoping a lot of it was music files you had copied from one os to the next... :tazz:

Click Start, then Control Panel, and open "Internet Options". Under the "General" tab, in the "Browsing History" section, click on the "Delete" button to empty the Temporary Files folder.

Click Start, then Run, type prefetch, and click "Ok". Right click in the open folder and choose "Select All"...right click again and choose "Delete". Accept the change and Reboot.

And I guess I'll need a little more comprehensive informations on your machine. Download and run SIW (Download link at the top of the page). Click on "File" on the toolbar and select "Create a log file" and save the file to your desktop. Right click on the log (on desktop) and point to "Send to" and choose "Compressed (zipped) Folder". Attach (don't try to post this or attach it unzipped...it will be a quite large file) this zipped log to your next post.

wannabe1
  • 0

#28
DaveGuyan

DaveGuyan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Wannabe1,

the log is below.

where exactly is the system restore option?

i cant be sure of how much space i had before.....if it helps, there is 4.94GB of music

temporary internet files have been deleted


Prefetch files have been deleted.....I rebooted computer and then ran the downloaded SIW.exe the results are attached for you.

Dave



Logfile of HijackThis v1.99.1
Scan saved at 17:36:08, on 18/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Administrator\Desktop\Computer Maintenance\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.afc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140136282822
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05442AD9-2416-41A6-B2C7-7B7B3A173836}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFEF0CAF-26AF-4910-BE31-62BC29A92CDC}: NameServer = 213.18.68.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{05442AD9-2416-41A6-B2C7-7B7B3A173836}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Attached Files


  • 0

#29
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
The Norton is history... :tazz:

For the System Restore...Click Start, point to "All Programs", then to "Accessories", then to "Sysem Tools", and click on "System Restore". In the System Restore window's left pane, click the link System Restore Settings. If it is Enabled, (there is no check next to "Turn off System Restore on all drives" we need to toggle it off and then back on. Tick the above mentioned box, click "Apply" then "Ok". Close the System Restore window. This will clear all old Restore Points. Now open System Restore again, remove the tick, "Apply" the change, and click "Ok".

If it is Disabled (Box is checked), uncheck the box and "Apply" the change.

In the right pane of the System Restore window, tick the button next to "Create a restore point", click "Next", and follow the prompts to set a fresh restore point.

We need to be watching for duplicate files on this machine. Documents, music files, images, any files that you may have "copied over" during the reintalls. They shouldn't be too hard to spot if they are there. If you find any, please make note of the file path (where they are located) and let me know what some of them are. That might give me and idea on how to remove them without doing it one file at a time.

Let's do one more search for music files. This time...in the "Search" window, click on "More advanced options" in the left pane. Select the first three check boxes under this section, and click "Search". We're looking for any "nearly identical" file names. (music.wma and music1.wma as an example) If you see something like this, make note of where each file is located.

Repeat this search with a document file.

wannabe1

Edited by wannabe1, 18 February 2006 - 04:05 PM.

  • 0

#30
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
I see in your other topic, that the ActiveX is still giving you fits.

Go to Control Panel and open "Internet Options" Under the "Security" tab (Internet Zone selected), click on the "Default Level" button. Click "Apply".

Then, under the "Advanced" tab, under "Browsing", make sure that the following are selected:
  • Enable Install On Demand or Enable Install On Demand (Internet Explorer)
  • Enable Install On Demand (Other)
Click "Apply" then "Ok".

Try the website again and see if ActiveX will install.

wannabe1

Edited by wannabe1, 18 February 2006 - 04:00 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP