Corrupted Registry File?

Help!

I am not sure what is wrong, but it seems to be getting worse. The current status is that I cannot open several Windows tools (User Profiles, System Restore, Search, MS Help) and MS Programs (IE and Outlook). The problem with Outlook can be avoided by not opening "Personal Folders"--individual folders such as the "Inbox" can be opened and mail read. All the other Tools and IE either open a window then disappear or simply do nothing when the icon is double-clicked, except for a brief activity on the hard disk.

I ran most of the recommended software programs in the following order: I run Avast! continuously, and yesterday ran SpyBot (which did find some suspicious registry entries that I deleted, but with no change in the situation), Ad-Aware (nothing found), cCleaner, MS Malware Removal (nothing found), and MS AntiSpyware (nothing found).

My system is a Presario X1000 with Pentium M processor, 1400 MHz, 512 Mb RAM running Windows XP SP2 (with automatic updates).

I am not exactly sure when the problem started, but it got my attention several days ago when I could not open the User Profiles, then found that the System Restore could also not be opened. I did a full Avast! scan at that point and found only a minor threat, which it put in the "Chest." Then a couple of days later I found out I could not open the Search and MS Help files. I currently use Firefox, which words fine, but when trying to run the recommended "Bitdefender" and "PandaActiveScan" they required IE. So I reinstalled it and found that it would not run, which really got me worried. Then yesterday Outlook started acting up, as I described.

I have been recieving several emails a day containing the "Sober-AB2" worm, which Avast! deletes. However, the first one I recieved several weeks ago got through because I was using an out-of-date Norton Anti-virus (the update subscription ran out two weeks prior). I did not open the zip file and deleted it because it looks suspicious, so I don't think any harm was done. That is when I installed Avast! and Firefox.

After I installed Firefox (maybe a coincidence), I starting getting a prompt at what seems to be random times asking if I want to allow an ActiveX to run on the desktop (there are usually several prompts windows that are stacked on top of each other). I now say no to all such prompts, but did allow a few of the earlier ones--before the problems started.

Other suspicious activity that I can recall is a Google Toolbar appeared in IE several weeks before I switched to Firefox, and an AdWare window appeared for no reason after accessing a site using IE. I cannot recall what the site was, but it was business related, and no further such Windows have appeared.

I am thinking to reinstall the original operating system, but since SP2 was installed afterward, I cannot do this without removing SP2 first. When I try to remove SP2, I get a warning saying that most programs will be inoperable after I delete SP2, which sounds like a big mess...

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Sorry for the confusion. I did all the steps described, as I described previously. I also ran the HJT, but did not attach it the first time. It is attached now. There have been no changes to the system since then.

 

As I stated in my original post, I cannot run Internet Explorer. If I try to open it, a window appears, then closes before anything loads. I am using Firefox. When I go to the BitDefender site they require downloading IE before beginning. When I try to download, I get a message saying that a newer version is already loaded. What to do.

The Panda ActiveScan site lets me start a scan from Firefox, but then informs me that I must use IE.

 

Scan with HijackThis and fix the following:

Follow the directions for Running Ewido Security Suite.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Post the Ewido log, WinPFind.txt and a fresh HijackThis log.

 

After using HJT to correct registry entries as instructed I rebooted, and it took a very long to get my desktop--but it finally reappeared. The Ewido scan took over an hour. The WinPFind only took a few minutes.

The three files requested are attached.

 

Scan with Hijackthis and fix teh follwoing:

Other thna that your logs are clean.

REBOOT.

How is your computer running?

 

I deleted the default IE start page qus8l.hpwis.com, which is what it was set to when I bought the computer. The domain lcmtech.com is our domain, which is hosted by our ISP, so I did not fix those entries.

I rebooted and unfortunately still have all the problems opening Tools (System Restore, Search, Users, and MS Help) and "Personnal Folders" in Outlook that I had before.

 

I am running MS Anti-spyware. It just gave me the following warning:
_____________________________________________________________
C:\Documents and Settings\Gary Loge (LCM)\Local Settings\Temporary Internet Files\Content.IE5\ZMOHWF87\C__SPY_AD~1_REGSEE~1_Backup_CLEAN-~1[1].REG is trying to run. This change generally occurs when software is installed. You can allow this change if it is recognized and expected.

A Registry file (.reg) is a script that can add, remove or modify any values within your Windows registry.
_____________________________________________________________

I did not allow it to run. When I tried to find the file using Windows Explorer, I could not find the ...\Temporary Internet Files\Content.IEF folder. Any significance?

 

In Safe mode do the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

The new HJT file is attached.

I noticed while in Safe Mode that IE opens--although no web pages open, and also the folder ...\local settings\Temporary Internet Files\Content.IE5 is available is safe mode. In Normal mode this file is there for all other users: administrator, default, and a second user that I use for home. It still is not available for my office user.

I reinstalled Spyware Doctor and ran it. It did not find anything either.

 

Your log is clean.

Something you could do is clear your internet cache on all accounts, and if your still get that message. Manually clear your internet cache by deleting all the files in the cache.

 

Maybe I should just try uninstalling SP2 so I can reinstall the operating system.

 

Your call.

 

I will proceed. At least I am confident that the Spyware is gone. Thanks for your help.