| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56953 | 2005-04-19 09:13:00 | Laptop problems: Corrupted Registry | Overdrive_5000 (4950) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 346648 | 2005-04-19 09:13:00 | Hi people I have been given a laptop to try and fix its a 'hp pavillion ze4103s' and its running Xp home. It appears to me that the registry has been corrupted at some stage most likely by a virus which there was two of (now removed). The reasons that make me think the registry is corrupted: 1: When you go start programs the list doesn't open. 2: Cant open Defrag or anything to do with mmc 3: When you try to open search or run etc it wants to place a shortcut on the desktop. What would be the easyist way to fix this without deleting any of the users programs, files etc. Any suggestions or ideas would be appreciated :badpc: |
Overdrive_5000 (4950) | ||
| 346649 | 2005-04-19 09:19:00 | Have u done a scan for viruses, and spyware . Does regedit open when u type regedit under start/run? And does msconfig work? |
Speedy Gonzales (78) | ||
| 346650 | 2005-04-19 09:22:00 | I removed the two viruses and all spyware etc and you cant run anything because all it wants to do is keep placing shortcuts on the desktop (even in safe mode) its infuriating :badpc: | Overdrive_5000 (4950) | ||
| 346651 | 2005-04-19 09:27:00 | I would get Hijackthis and post a log here. See what else shows that hasnt been picked up. | Speedy Gonzales (78) | ||
| 346652 | 2005-04-19 09:27:00 | Just ran RegScrubXP it found 339 problems waiting on it to fix and see what happens | Overdrive_5000 (4950) | ||
| 346653 | 2005-04-19 10:30:00 | Might be better to back up their data and do a restore off its restore CDs/partition. | pctek (84) | ||
| 346654 | 2005-04-19 14:37:00 | Agreed, Back and reinstall . Also install antispyware software and remember to teach the user how to use it . Quote For The Week Retirement means twice as much husband and half as much money - Anonymous |
merlin (256) | ||
| 346655 | 2005-04-19 21:42:00 | Here is the log file from HijackThis Speedy: Logfile of HijackThis v1.99.1 Scan saved at 9:20:52 p.m., on 19/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Utilities\Notebook Utilities\hptasks.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe E:\stinger.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe E:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtramsn.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-nz\msntb.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\Utilities\Notebook Utilities\HpTvNow.exe /RK O4 - HKLM\..\Run: [Display Settings] C:\Program Files\Utilities\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\UTILIT~1\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Presentation Ready] C:\Program Files\Utilities\Presentation Ready\PresRdy.exe -r O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SmartUI.lnk = ? O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/auhomepage-p O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\Utilities\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
Overdrive_5000 (4950) | ||
| 346656 | 2005-04-19 22:11:00 | Most of whats there looks OK to me but these. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe This is a valid file, BUT it can casue probs if left idle for 15-20 mins support.microsoft.com It says to get an updated driver from here www.synaptics.com Does this file crash at all with the error on the MS site? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll This is part of Spybot, but its annoying. It isnt needed. O4 - Global Startup: SmartUI.lnk = ? O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/auhomepage-p Hmm this may have reset your homepage? Or is this what the homepage is now. O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) I would tick these and click on fix. And also get the update for the touchpad, if the driver u have now, isnt the latest. |
Speedy Gonzales (78) | ||
| 346657 | 2005-04-19 22:18:00 | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; quite likly an about:blank infection. |
tweak'e (69) | ||
| 1 2 | |||||