Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registery Issue


  • Please log in to reply
4 replies to this topic

#1 Samboy

Samboy

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 12 June 2008 - 08:48 PM

Hello,

I am using Windows Vista Home Premium and have recently had a virus attacked my system which I have removed. However, ever since then, I am getting 2 'High Priority' issues when I scan with Registery Mechanic. The only problem to the computer I have encountered thus far is that every so often Windows Explorer crashes and has to restart.

The registery files are:
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\systemindex.hash.gthr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex
c:\programdata\microsoft\search\data\applications\windows\projects\systemindex\systemindex.idm.gthr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex
Registery Mechanic says the "Highlighted value is either missing or invalid".

I was just wondering if there is anything I can do to resolve the issue?

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:02 AM

Posted 13 June 2008 - 05:21 AM

This is (IMO) one of the problems with registry cleaners - it identifies a problem that may or may not be significant.

In this case, I'd suggest conducting several searches for information on your system to see if the Indexing is working. Don't use the Search Everywhere option, just the normal search. If it appears to be working, then I'd suspect that these entries were not affected by the virus and are not essential for the functioning of your system.

If your search function is giving problems, then we'll have to look deeper to see what other damage may have been done.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Samboy

Samboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 13 June 2008 - 10:03 PM

Ok, I think the indexing is working fine, when I search files such as "calc" I get hits for Calculator and OpenOffices Calc. Then I added more folders to index and had it reindex; all seems to be working fine there as the filese in that folder I could find with the index search tool. However, recently I've been getting increasingly frequent messages that Windows explorer has encountered an error and I'm prompted to search for a solution online or restart windows explorer.

Moreover, I tried creating a new user for the system and logging in and I got an error message saying that sockins32.dll could not be found. To the best of my knowledge, sockins32.dll is malware so I am somewhat disconcerted about what else may be up. I closed the error box and things ran more or less the same as they did on my normal account (i.e. still getting Windows explorer needs to restart messages).

When I do tell it to restart windows explorer, it only takes a couple seconds to reset and it seems fine. However, these errors only seem to occur when I close a folder. I haven't had any errors occur when running Programs such as Work, Excel, Endnote, Firefox etc.

So far I've run scans with:
avast! Antivirus
Registry Mechanic
Glary Utilities
Spybot S&D
CCleaner

Avast found:

32379.exe saying it was a Trojan-gen
snaptor[1].exe saying it was a Trojan-gen
tuVLbBst.dll syaing it was a 'VunDrop'

I've moved all of these into the 'Virus Chest' as recommended by avast. I've googled the 3 above files and didn't find anything :S

Any ideas what I should do?
Thanks for all help in advance.

Edited by usasma, 14 June 2008 - 05:34 AM.
Removed HJT Log File


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:02 AM

Posted 14 June 2008 - 05:37 AM

I think that the sockins32.dll file indicates that you're infected.
I'm going to move this post over to the "Am I Infected" forum where you can receive some more expert assistance with the infection.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Samboy

Samboy
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 15 June 2008 - 04:17 AM

kk thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users