Regedit Problem

By alpenarchitek
Mar 9, 2009
Topic Status:
Not open for further replies.
  1. I'm having the same problems w/ regedit and cmd exe files. I wasn't aware of the problem until I was attempting to reload Trend Micro Internet Security 2009 and tech support asked me to start/run/regedit. When nothing happened I began to research. I've followed this and other threads and have downloaded and run everything noted in "8-steps" and Combofix. Things seem to be better, but I thought someone should take a look at the log files. I can't seem to locate the log file from SuperAntiSpyware.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please uninstall Norton SystemWorks fully
    Then run the Norton Removal tool
    Then restart

    Then re-open Malwarebytes and run another full scan
    Regarding Superantispyware log, just do another scan, and save the log

    Then restart

    And provide a new HJT log as well (restart is required before scanning with HJT again)

    Actually run IE Reset before the restart as well : http://www.techspot.com/vb/post682762-2.html
  3. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Tried the Add/Remove in Control Panel. Won't remove. Norton SW seems to be missing a key in the registry. Using the Norton Removal Tool and it seems to be hung up, but still running. Any suggestions?
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  5. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Norton products uninstalled. All scans completed. Log files attached.
    Thanks for the help.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Norton is still there so try running this tool again: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
    You also have Trend Micro Internet Security running so check Add\Remove Programs to uninstall that too
    Spyware Doctor was listed as well (as a missing entry) so uninstall that too
    Ad-aware is starting up as well, please uninstall that too
    You may as well uninstall SUPERAntiSpyware whilst you're at it
    Registry Defense is starting with Windows, personally I'd say uninstall too

    Restart (probably a couple of times with all the above)

    Run IE Reset: http://www.techspot.com/vb/post682762-2.html (as there's a few strange settings presently being used)

    Install Avira free AntiVirus

    Then startup Malwarebyres again, update it, and run a full scan (make sure Avira is actively protecting as per default) Remove anything found

    Restart

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply

    Restart

    Then do another scan with HJT
    Locate any entry that has "file missing" at the end of that specific entry (there may be a few)
    Tick the boxes on those entries ("file missing" or even "not found")
    Then select Fix
    Close HJT

    Restart

    Then do another scan with HJT (scan and log file) and attach this to a new reply



    Pretty sure at that stage your computer will be running well :)
  7. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Thanks for the "to do list". I will get busy shortly. I do have a couple questions. Trend Micro is my AV software. Is this a problem? I had to uninstall Avira AV to reinstall Trend Micro after an upgrade. Do you recommend Avira over Trend Micro? Is Ad-Aware a problem? Registry Defense was a download recommended by "CNet" for registry issues. Didn't do a thing for my situation. They offer a 100% satifaction guarantee. I will be requesting a refund.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well yes to all I said ;) :)

    But regarding specifically Trend

    Trend Micro is not exactly "Mico" it has many startups and many system files running, usually (well always) causing considerable slowness on a users system
    Now if you have just paid up your subscription to Trend, you may actually want to keep it, but if your version of Trend is nearing expiry I would remove it

    Basically all Internet Securities are just way over the top these days. You just need a good (and Avira is the best) Antivirus. Not all this other included stuff. Internet Security software packages just started going over the top, about 2 years ago, and since then, all of them run slow. (or cause slowness) Trend IS and even the Antivirus on its own, being one of those.
  9. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Thank you for the information. All tasks completed. Attached logs for review. Thank you again for all your help.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Ok from all of that here are the issues:
    Here is the fix:

    1.
    Code:
    1. Click on the link [URL="http://www.cexx.org/LSPFix.exe"][B][COLOR="Blue"]HERE [/COLOR][/B][/URL]to download LSPFix to your desktop.
    2) Once the exe file is on your desktop, double-click on it to open
    3) In the left hand column, you should see the NWPROVAU.DLL file listed. Click on it to highlight, then click the arrow in the middle of the screen that points to the right
    
    This will move the filename to the right-hand column labeled Remove
    
    NOTE: If the arrow is greyed out and does not allow you to click it, you need to check the box above labeled "I know what I'm doing"
    
    4) Once the file has been transferred to the Remove column, click Finish at the bottom of the screen. You'll be presented with a results screen showing the file was removed from the Winsock layer entries in the registry. Close the LSPFix program now.
    2.
    Code:
    Run IE Reset to default all Internet settings and remove all those zones
    Info [URL="http://www.techspot.com/vb/post682762-2.html"]H E R E[/URL]
    3.
    Code:
    [URL="ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe"]Norton Removal tool[/URL]
    Restart

    4.
    Provide a new HJT log as an attachment :)
  11. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    New HJT log attached.
     
  12. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Did you get a chance to review the newest HJT log?
    Have we achieved success in removal of everything?
    Thanks.
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I cannot see any Malware in your HJT log
    Did you run IE Reset though, because there are many extra entries (that are not Malware) in your IE settings

    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • When shown the disclaimer, Select "2"
    (Note: 1 space after ComboFix in that uninstall command)

    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
  14. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Ran another IE Reset.
    Uninstalled Combofix.
    Reset System Restore point.
    Ran HJT, attached latest log.

    How's it looking?
  15. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please re-open HijackThis and place a tick next to the following entries
    Close all\any Internet browsers, then select Fix
    Restart
  16. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Completed above.
    Attached new HJT log file.

    Thank you.
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    This one still remains:
    You may have missed it?

    Anyway, other than that missing entry (which really doesn't matter) I cannot see any Malware in your log
  18. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    No, I haven't been missing this string. I've run HJT, ticked its box and selected fix, only to find nothing happened. Any other suggestions?
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Re-install Spyware Doctor
    Restart
    Uninstall Spyware Doctor
    Restart

    Or just leave it, as file missing
  20. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    Tried reinstall and uninstall of Spyware Doctor a couple of times, but the string still exists in the HJT log. Any other suggestions? If not, we can close this thread. Thanks again for all your help.
  21. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Start->Run-> services.msc

    Maximize the Services Window that opens
    Scroll down the list to locate: PC Tools Spyware Doctor (may be listed as SDhelper, I don't know)
    Double click on this entry
    Change the Startup to disabled
    Apply ok Close

    Restart, and check HJT again

    By the way, I'm pretty sure it's located here in Registry (start->run->regedit)
    ‘HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services’
    But it's not advised to edit the registry without some experience and knowledge
    ie PC Tools Firewall (as an example) Should be removed from network connections first

    Another option is to try Revo Uninstaller
  22. alpenarchitek

    alpenarchitek Newcomer, in training Topic Starter

    That took care of it. Thanks again for all your help.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.