Registry help

[msu715]

Yes I have internet access now, what is the next step....

[evilfantasy]

Good!

Give me a second to finish up with the fix.

In the mean time I need you to take the combofix.exe from E:\ComboFix.exe and move it directly to the desktop. It needs to be there for the next set of instructions.

BRB

[evilfantasy]

OK here we go. I will need this next log as well to be sure it got everything.

RegSweep and RegCure are rouge security programs and we will get them with this fix.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\userinit.exe | c:\windows\SYSTEM32\userinit.exe
c:\windows\ServicePackFiles\i386\userinit.exe | c:\windows\SYSTEM32\DLLCACHE\userinit.exe

Folder::
c:\program files\RegSweep
c:\documents and settings\Bob\Application Data\RegSweep
c:\program files\RegCure

File::
c:\windows\ikoqurihikicil.dll
c:\windows\Tasks\RegCure Program Check.job
c:\program files\RegCure\RegCure.exe
c:\windows\Tasks\RegCure.job
c:\windows\Tasks\RegSweep Scheduled Scan.job
c:\program files\RegSweep\RegSweep.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegSweep"=-
"Vwagux"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[msu715]

I have big problems for some reason now...after I did the last step, it rebooted Windows and a blue screen popped up saying STOP: c0000135 (Unable to locate component) This applicatio nhas failed to start because USER32.dll was not found. Re-installling the application may fix the problem.  I'm not sure what this is about.

[evilfantasy]

I was afraid of that.

Does it go to the login screen?

[msu715]

No after the Windows XP thing shows up loading it goes to the blue screen. Please please tell me this is fixable...

[evilfantasy]

When restarting the computer tap the F8 key and see if it will boot into safe mode.

Do you have an XP CD or can you borrow one?

[msu715]

It won't let me boot into safe mode and unfortunately I don't have an XP CD with me but I can get one soon.  What exactly does this user32.dll mean?

[msu715]

I actually do have an XP CD i just found it.

[evilfantasy]

What is the User32.dll file? http://support.microsoft.com/kb/142676

Once you have the CD you will need to do a repair install. How to Perform a Windows XP Repair Install http://www.michaelstevenstech.com/XPrepairinstall.htm#RI

[msu715]

I put in the CD but that blue screen still pops up, how do I boot it by using the CD, it says something about the BIOS but I don't know how to get to that.

[evilfantasy]

Are you restarting the computer with the disk in?

[evilfantasy]

I'll be away from the computer  for a few minutes.

If needed see this link also. FREE F-Secure Rescue CD 3.00 to Clean Virus from Unbootable Windows http://www.raymond.cc/blog/archives/2008/07/26/free-f-secure-rescue-cd-300-to-clean-virus-from-unbootable-windows/

[msu715]

Yes but it still goes to that blue screen....is this error caused by the rookit or virus?

[evilfantasy]

Caused by the rootkit. Try the rescue CD. It should work.