Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Missing Sytem Restore


  • Please log in to reply
10 replies to this topic

#1 EarlJohnson

EarlJohnson

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 27 November 2008 - 04:57 PM

Hello, Board !
I'm in desperate need of advice if anyone can kindly help me out out.
I'm running WINDOWS XP, HOME EDITION, SP3.
While I was trying to delete the unwanted BricoPack Xp theme which I downloaded. I went into (my default) D:\WINDOWS\BricoPackUninst.cmd and stupidly double clicked this file. The CMD black screen appeared and running. Unfortunately, it wiped not only the BricoPack but everything else along with it(i.e SYSTEM RESTORE, ADD/REMOVE PROGRAMS, VOLUME CONTROL...e.t.c.). However, everything works fine except for those forementioned files/appplicantions are unaccessible (missing). I went back to (my default) D:\WINDOWS\System32\restore\rstrun.exe file and open it. System Restore page opened but it is empty. It is my most important file, SYSTEM RESTORE. Can someone help me on how to retrieve it so I can access it and restore my computer to the prior working condition?

Any advice at all would tremendously appreciated.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 27 November 2008 - 05:15 PM

Hello EarlJohnson. Welcome to BC.

Let's try to find what happened here.

Is the BricoPackUninst.cmd file still present? If so, right click it, select "Open with.." select "Choose program from list", then "Notepad". Copy the contents of the notepad into your next reply.

By the way, do you have your Windows XP installation CD at hand? If it did remove some files, we can use the System File Checker to restore them.

With Regards,
The Panda

#3 EarlJohnson

EarlJohnson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 27 November 2008 - 07:46 PM

Thank you PropagandaPanda for your reply.

Yes, the BricoPackUninst.cmd file still present. However, I can not use the "Open With" option because it is not available. I assume because it is a .cmd extension, just a guess.

I do not have the XP Intallation CD because it is a laptop and it came pre-installed: therefore, no Installation CD was included. However, I have a XP Home Edition SP3 which I have downloaded to upgrade my OS. Can you please show me on how to use the System File Checker to restore the missing files?

Also, I attempted to use the Recovery Console by inserting the XP SP3 CD>Press R to repair as one of the options. The window prompt screen pops up as D:\WINDOWS>. At this point, I am clueless of what command to type next. Help me please.

Thanks againg for your help.
Anxiously waiting for your follow up advice.

Edited by EarlJohnson, 27 November 2008 - 08:19 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 27 November 2008 - 08:10 PM

Hello EarlJohnson.

That CD should work too. Refer to this article on the System File Checker. Use "sfc /scannow".

I can not use the "Open With" option because it is not available. I assume because it is a .cmd extension, just a guess.

Yup, you are right.

Please click on your Start Menu, then Run, then type
notepad.exe D:\WINDOWS\BricoPackUninst.cmd
That should open the file in the notepad. Please copy it back.

With Regards,
The Panda

#5 EarlJohnson

EarlJohnson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 28 November 2008 - 03:00 AM

First and foremmost, thanks again for your patience.
I must correct my system root. It is D:\WINDOWS.0 NOT D:\WINDOWS. Sorry about that. Anyhow, I did what you told me to do and successfully copied the entire log of the BricoPackUninst.cmd. I was in awe and horrified to see what really happened to my system32. It deleted almost everything in there and simultaneously copied its own Brico system files. I think I need to reinstall the whole system but preferably NOT if other alternative is available, such as reinstalling only system32 file, for I am not very comfortable nor knowledgeable enough to perform such a task. What a bummer. The log is pretty excessively long so I am not sure if it is possible or better yet allowed to be posted in this forum. But I'll give it a shot. Also, is there any way to reinstall the system32 file only from my XP SP3 CD? If so, any advice on how to go about of doing so would be greatly appreciated. Here is the log of the BricoPackUninst.cmd:
DEL "D:\WINDOWS.0\system32\dllcache\access.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\1_access.cpl" "D:\WINDOWS.0\system32\dllcache\access.cpl"
DEL "D:\WINDOWS.0\system32\access.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\1_access.cpl" "D:\WINDOWS.0\system32\access.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\ahui.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\2_ahui.exe" "D:\WINDOWS.0\system32\dllcache\ahui.exe"
DEL "D:\WINDOWS.0\system32\ahui.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\2_ahui.exe" "D:\WINDOWS.0\system32\ahui.exe"
DEL "D:\WINDOWS.0\system32\dllcache\appwiz.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\3_appwiz.cpl" "D:\WINDOWS.0\system32\dllcache\appwiz.cpl"
DEL "D:\WINDOWS.0\system32\appwiz.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\3_appwiz.cpl" "D:\WINDOWS.0\system32\appwiz.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\batmeter.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\4_batmeter.dll" "D:\WINDOWS.0\system32\dllcache\batmeter.dll"
DEL "D:\WINDOWS.0\system32\batmeter.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\4_batmeter.dll" "D:\WINDOWS.0\system32\batmeter.dll"
DEL "D:\WINDOWS.0\system32\dllcache\browseui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\5_browseui.dll" "D:\WINDOWS.0\system32\dllcache\browseui.dll"
DEL "D:\WINDOWS.0\system32\browseui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\5_browseui.dll" "D:\WINDOWS.0\system32\browseui.dll"
DEL "D:\WINDOWS.0\system32\dllcache\cabview.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\6_cabview.dll" "D:\WINDOWS.0\system32\dllcache\cabview.dll"
DEL "D:\WINDOWS.0\system32\cabview.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\6_cabview.dll" "D:\WINDOWS.0\system32\cabview.dll"
DEL "D:\WINDOWS.0\system32\dllcache\calc.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\7_calc.exe" "D:\WINDOWS.0\system32\dllcache\calc.exe"
DEL "D:\WINDOWS.0\system32\calc.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\7_calc.exe" "D:\WINDOWS.0\system32\calc.exe"
DEL "D:\WINDOWS.0\system32\dllcache\cleanmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\8_cleanmgr.exe" "D:\WINDOWS.0\system32\dllcache\cleanmgr.exe"
DEL "D:\WINDOWS.0\system32\cleanmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\8_cleanmgr.exe" "D:\WINDOWS.0\system32\cleanmgr.exe"
DEL "D:\WINDOWS.0\system32\dllcache\cmd.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\9_cmd.exe" "D:\WINDOWS.0\system32\dllcache\cmd.exe"
DEL "D:\WINDOWS.0\system32\cmd.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\9_cmd.exe" "D:\WINDOWS.0\system32\cmd.exe"
DEL "D:\WINDOWS.0\system32\dllcache\cmdial32.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\10_cmdial32.dll" "D:\WINDOWS.0\system32\dllcache\cmdial32.dll"
DEL "D:\WINDOWS.0\system32\cmdial32.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\10_cmdial32.dll" "D:\WINDOWS.0\system32\cmdial32.dll"
DEL "D:\WINDOWS.0\system32\dllcache\console.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\11_console.dll" "D:\WINDOWS.0\system32\dllcache\console.dll"
DEL "D:\WINDOWS.0\system32\console.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\11_console.dll" "D:\WINDOWS.0\system32\console.dll"
DEL "D:\WINDOWS.0\system32\dllcache\credui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\12_credui.dll" "D:\WINDOWS.0\system32\dllcache\credui.dll"
DEL "D:\WINDOWS.0\system32\credui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\12_credui.dll" "D:\WINDOWS.0\system32\credui.dll"
DEL "D:\WINDOWS.0\system32\dllcache\desk.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\13_desk.cpl" "D:\WINDOWS.0\system32\dllcache\desk.cpl"
DEL "D:\WINDOWS.0\system32\desk.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\13_desk.cpl" "D:\WINDOWS.0\system32\desk.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\explorer.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\14_explorer.exe" "D:\WINDOWS.0\system32\dllcache\explorer.exe"
DEL "D:\WINDOWS.0\explorer.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\14_explorer.exe" "D:\WINDOWS.0\explorer.exe"
DEL "D:\WINDOWS.0\system32\dllcache\fontext.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\15_fontext.dll" "D:\WINDOWS.0\system32\dllcache\fontext.dll"
DEL "D:\WINDOWS.0\system32\fontext.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\15_fontext.dll" "D:\WINDOWS.0\system32\fontext.dll"
DEL "D:\WINDOWS.0\system32\dllcache\hdwwiz.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\16_hdwwiz.cpl" "D:\WINDOWS.0\system32\dllcache\hdwwiz.cpl"
DEL "D:\WINDOWS.0\system32\hdwwiz.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\16_hdwwiz.cpl" "D:\WINDOWS.0\system32\hdwwiz.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\helpctr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\17_helpctr.exe" "D:\WINDOWS.0\system32\dllcache\helpctr.exe"
DEL "D:\WINDOWS.0\pchealth\helpctr\binaries\helpctr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\17_helpctr.exe" "D:\WINDOWS.0\pchealth\helpctr\binaries\helpctr.exe"
DEL "D:\WINDOWS.0\system32\dllcache\hotplug.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\18_hotplug.dll" "D:\WINDOWS.0\system32\dllcache\hotplug.dll"
DEL "D:\WINDOWS.0\system32\hotplug.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\18_hotplug.dll" "D:\WINDOWS.0\system32\hotplug.dll"
DEL "D:\WINDOWS.0\system32\dllcache\inetcpl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\19_inetcpl.cpl" "D:\WINDOWS.0\system32\dllcache\inetcpl.cpl"
DEL "D:\WINDOWS.0\system32\inetcpl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\19_inetcpl.cpl" "D:\WINDOWS.0\system32\inetcpl.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\inetcplc.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\20_inetcplc.dll" "D:\WINDOWS.0\system32\dllcache\inetcplc.dll"
DEL "D:\WINDOWS.0\system32\inetcplc.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\20_inetcplc.dll" "D:\WINDOWS.0\system32\inetcplc.dll"
DEL "D:\WINDOWS.0\system32\dllcache\intl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\21_intl.cpl" "D:\WINDOWS.0\system32\dllcache\intl.cpl"
DEL "D:\WINDOWS.0\system32\intl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\21_intl.cpl" "D:\WINDOWS.0\system32\intl.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\joy.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\22_joy.cpl" "D:\WINDOWS.0\system32\dllcache\joy.cpl"
DEL "D:\WINDOWS.0\system32\joy.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\22_joy.cpl" "D:\WINDOWS.0\system32\joy.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\keymgr.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\23_keymgr.dll" "D:\WINDOWS.0\system32\dllcache\keymgr.dll"
DEL "D:\WINDOWS.0\system32\keymgr.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\23_keymgr.dll" "D:\WINDOWS.0\system32\keymgr.dll"
DEL "D:\WINDOWS.0\system32\dllcache\logon.scr"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\24_logon.scr" "D:\WINDOWS.0\system32\dllcache\logon.scr"
DEL "D:\WINDOWS.0\system32\logon.scr"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\24_logon.scr" "D:\WINDOWS.0\system32\logon.scr"
DEL "D:\WINDOWS.0\system32\dllcache\main.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\25_main.cpl" "D:\WINDOWS.0\system32\dllcache\main.cpl"
DEL "D:\WINDOWS.0\system32\main.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\25_main.cpl" "D:\WINDOWS.0\system32\main.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\migwiz.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\26_migwiz.exe" "D:\WINDOWS.0\system32\dllcache\migwiz.exe"
DEL "D:\WINDOWS.0\system32\usmt\migwiz.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\26_migwiz.exe" "D:\WINDOWS.0\system32\usmt\migwiz.exe"
DEL "D:\WINDOWS.0\system32\dllcache\mmsys.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\27_mmsys.cpl" "D:\WINDOWS.0\system32\dllcache\mmsys.cpl"
DEL "D:\WINDOWS.0\system32\mmsys.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\27_mmsys.cpl" "D:\WINDOWS.0\system32\mmsys.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\moricons.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\28_moricons.dll" "D:\WINDOWS.0\system32\dllcache\moricons.dll"
DEL "D:\WINDOWS.0\system32\moricons.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\28_moricons.dll" "D:\WINDOWS.0\system32\moricons.dll"
DEL "D:\WINDOWS.0\system32\dllcache\msgina.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\29_msgina.dll" "D:\WINDOWS.0\system32\dllcache\msgina.dll"
DEL "D:\WINDOWS.0\system32\msgina.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\29_msgina.dll" "D:\WINDOWS.0\system32\msgina.dll"
DEL "D:\WINDOWS.0\system32\dllcache\mshtml.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\30_mshtml.dll" "D:\WINDOWS.0\system32\dllcache\mshtml.dll"
DEL "D:\WINDOWS.0\system32\mshtml.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\30_mshtml.dll" "D:\WINDOWS.0\system32\mshtml.dll"
DEL "D:\WINDOWS.0\system32\dllcache\mspaint.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\31_mspaint.exe" "D:\WINDOWS.0\system32\dllcache\mspaint.exe"
DEL "D:\WINDOWS.0\system32\mspaint.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\31_mspaint.exe" "D:\WINDOWS.0\system32\mspaint.exe"
DEL "D:\WINDOWS.0\system32\dllcache\mstask.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\32_mstask.dll" "D:\WINDOWS.0\system32\dllcache\mstask.dll"
DEL "D:\WINDOWS.0\system32\mstask.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\32_mstask.dll" "D:\WINDOWS.0\system32\mstask.dll"
DEL "D:\WINDOWS.0\system32\mstscax.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\33_mstscax.dll" "D:\WINDOWS.0\system32\mstscax.dll"
DEL "D:\WINDOWS.0\system32\dllcache\mydocs.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\34_mydocs.dll" "D:\WINDOWS.0\system32\dllcache\mydocs.dll"
DEL "D:\WINDOWS.0\system32\mydocs.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\34_mydocs.dll" "D:\WINDOWS.0\system32\mydocs.dll"
DEL "D:\WINDOWS.0\system32\dllcache\narrator.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\35_narrator.exe" "D:\WINDOWS.0\system32\dllcache\narrator.exe"
DEL "D:\WINDOWS.0\system32\narrator.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\35_narrator.exe" "D:\WINDOWS.0\system32\narrator.exe"
DEL "D:\WINDOWS.0\system32\dllcache\ncpa.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\36_ncpa.cpl" "D:\WINDOWS.0\system32\dllcache\ncpa.cpl"
DEL "D:\WINDOWS.0\system32\ncpa.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\36_ncpa.cpl" "D:\WINDOWS.0\system32\ncpa.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\netid.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\37_netid.dll" "D:\WINDOWS.0\system32\dllcache\netid.dll"
DEL "D:\WINDOWS.0\system32\netid.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\37_netid.dll" "D:\WINDOWS.0\system32\netid.dll"
DEL "D:\WINDOWS.0\system32\dllcache\netshell.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\38_netshell.dll" "D:\WINDOWS.0\system32\dllcache\netshell.dll"
DEL "D:\WINDOWS.0\system32\netshell.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\38_netshell.dll" "D:\WINDOWS.0\system32\netshell.dll"
DEL "D:\WINDOWS.0\system32\dllcache\newdev.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\39_newdev.dll" "D:\WINDOWS.0\system32\dllcache\newdev.dll"
DEL "D:\WINDOWS.0\system32\newdev.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\39_newdev.dll" "D:\WINDOWS.0\system32\newdev.dll"
DEL "D:\WINDOWS.0\system32\dllcache\notepad.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\40_notepad.exe" "D:\WINDOWS.0\system32\dllcache\notepad.exe"
DEL "D:\WINDOWS.0\system32\notepad.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\40_notepad.exe" "D:\WINDOWS.0\system32\notepad.exe"
DEL "D:\WINDOWS.0\system32\dllcache\notepad.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\41_notepad.exe" "D:\WINDOWS.0\system32\dllcache\notepad.exe"
DEL "D:\WINDOWS.0\notepad.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\41_notepad.exe" "D:\WINDOWS.0\notepad.exe"
DEL "D:\WINDOWS.0\system32\dllcache\ntshrui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\42_ntshrui.dll" "D:\WINDOWS.0\system32\dllcache\ntshrui.dll"
DEL "D:\WINDOWS.0\system32\ntshrui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\42_ntshrui.dll" "D:\WINDOWS.0\system32\ntshrui.dll"
DEL "D:\WINDOWS.0\system32\dllcache\nusrmgr.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\43_nusrmgr.cpl" "D:\WINDOWS.0\system32\dllcache\nusrmgr.cpl"
DEL "D:\WINDOWS.0\system32\nusrmgr.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\43_nusrmgr.cpl" "D:\WINDOWS.0\system32\nusrmgr.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\occache.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\44_occache.dll" "D:\WINDOWS.0\system32\dllcache\occache.dll"
DEL "D:\WINDOWS.0\system32\occache.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\44_occache.dll" "D:\WINDOWS.0\system32\occache.dll"
DEL "D:\WINDOWS.0\system32\dllcache\powercfg.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\45_powercfg.cpl" "D:\WINDOWS.0\system32\dllcache\powercfg.cpl"
DEL "D:\WINDOWS.0\system32\powercfg.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\45_powercfg.cpl" "D:\WINDOWS.0\system32\powercfg.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\printui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\46_printui.dll" "D:\WINDOWS.0\system32\dllcache\printui.dll"
DEL "D:\WINDOWS.0\system32\printui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\46_printui.dll" "D:\WINDOWS.0\system32\printui.dll"
DEL "D:\WINDOWS.0\system32\dllcache\rasdlg.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\47_rasdlg.dll" "D:\WINDOWS.0\system32\dllcache\rasdlg.dll"
DEL "D:\WINDOWS.0\system32\rasdlg.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\47_rasdlg.dll" "D:\WINDOWS.0\system32\rasdlg.dll"
DEL "D:\WINDOWS.0\system32\dllcache\regedit.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\48_regedit.exe" "D:\WINDOWS.0\system32\dllcache\regedit.exe"
DEL "D:\WINDOWS.0\regedit.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\48_regedit.exe" "D:\WINDOWS.0\regedit.exe"
DEL "D:\WINDOWS.0\system32\dllcache\shdoclc.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\49_shdoclc.dll" "D:\WINDOWS.0\system32\dllcache\shdoclc.dll"
DEL "D:\WINDOWS.0\system32\shdoclc.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\49_shdoclc.dll" "D:\WINDOWS.0\system32\shdoclc.dll"
DEL "D:\WINDOWS.0\system32\dllcache\shdocvw.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\50_shdocvw.dll" "D:\WINDOWS.0\system32\dllcache\shdocvw.dll"
DEL "D:\WINDOWS.0\system32\shdocvw.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\50_shdocvw.dll" "D:\WINDOWS.0\system32\shdocvw.dll"
DEL "D:\WINDOWS.0\system32\dllcache\shell32.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\51_shell32.dll" "D:\WINDOWS.0\system32\dllcache\shell32.dll"
DEL "D:\WINDOWS.0\system32\shell32.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\51_shell32.dll" "D:\WINDOWS.0\system32\shell32.dll"
DEL "D:\WINDOWS.0\system32\dllcache\shimgvw.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\52_shimgvw.dll" "D:\WINDOWS.0\system32\dllcache\shimgvw.dll"
DEL "D:\WINDOWS.0\system32\shimgvw.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\52_shimgvw.dll" "D:\WINDOWS.0\system32\shimgvw.dll"
DEL "D:\WINDOWS.0\system32\dllcache\shlwapi.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\53_shlwapi.dll" "D:\WINDOWS.0\system32\dllcache\shlwapi.dll"
DEL "D:\WINDOWS.0\system32\shlwapi.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\53_shlwapi.dll" "D:\WINDOWS.0\system32\shlwapi.dll"
DEL "D:\WINDOWS.0\system32\dllcache\sndrec32.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\54_sndrec32.exe" "D:\WINDOWS.0\system32\dllcache\sndrec32.exe"
DEL "D:\WINDOWS.0\system32\sndrec32.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\54_sndrec32.exe" "D:\WINDOWS.0\system32\sndrec32.exe"
DEL "D:\WINDOWS.0\system32\dllcache\sndvol32.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\55_sndvol32.exe" "D:\WINDOWS.0\system32\dllcache\sndvol32.exe"
DEL "D:\WINDOWS.0\system32\sndvol32.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\55_sndvol32.exe" "D:\WINDOWS.0\system32\sndvol32.exe"
DEL "D:\WINDOWS.0\system32\dllcache\stobject.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\56_stobject.dll" "D:\WINDOWS.0\system32\dllcache\stobject.dll"
DEL "D:\WINDOWS.0\system32\stobject.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\56_stobject.dll" "D:\WINDOWS.0\system32\stobject.dll"
DEL "D:\WINDOWS.0\system32\dllcache\sysdm.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\57_sysdm.cpl" "D:\WINDOWS.0\system32\dllcache\sysdm.cpl"
DEL "D:\WINDOWS.0\system32\sysdm.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\57_sysdm.cpl" "D:\WINDOWS.0\system32\sysdm.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\sysocmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\58_sysocmgr.exe" "D:\WINDOWS.0\system32\dllcache\sysocmgr.exe"
DEL "D:\WINDOWS.0\system32\sysocmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\58_sysocmgr.exe" "D:\WINDOWS.0\system32\sysocmgr.exe"
DEL "D:\WINDOWS.0\system32\dllcache\syssetup.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\59_syssetup.dll" "D:\WINDOWS.0\system32\dllcache\syssetup.dll"
DEL "D:\WINDOWS.0\system32\syssetup.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\59_syssetup.dll" "D:\WINDOWS.0\system32\syssetup.dll"
DEL "D:\WINDOWS.0\system32\dllcache\taskmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\60_taskmgr.exe" "D:\WINDOWS.0\system32\dllcache\taskmgr.exe"
DEL "D:\WINDOWS.0\system32\taskmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\60_taskmgr.exe" "D:\WINDOWS.0\system32\taskmgr.exe"
DEL "D:\WINDOWS.0\system32\dllcache\telephon.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\61_telephon.cpl" "D:\WINDOWS.0\system32\dllcache\telephon.cpl"
DEL "D:\WINDOWS.0\system32\telephon.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\61_telephon.cpl" "D:\WINDOWS.0\system32\telephon.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\themeui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\62_themeui.dll" "D:\WINDOWS.0\system32\dllcache\themeui.dll"
DEL "D:\WINDOWS.0\system32\themeui.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\62_themeui.dll" "D:\WINDOWS.0\system32\themeui.dll"
DEL "D:\WINDOWS.0\system32\dllcache\timedate.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\63_timedate.cpl" "D:\WINDOWS.0\system32\dllcache\timedate.cpl"
DEL "D:\WINDOWS.0\system32\timedate.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\63_timedate.cpl" "D:\WINDOWS.0\system32\timedate.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\url.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\64_url.dll" "D:\WINDOWS.0\system32\dllcache\url.dll"
DEL "D:\WINDOWS.0\system32\url.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\64_url.dll" "D:\WINDOWS.0\system32\url.dll"
DEL "D:\WINDOWS.0\system32\dllcache\urlmon.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\65_urlmon.dll" "D:\WINDOWS.0\system32\dllcache\urlmon.dll"
DEL "D:\WINDOWS.0\system32\urlmon.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\65_urlmon.dll" "D:\WINDOWS.0\system32\urlmon.dll"
DEL "D:\WINDOWS.0\system32\dllcache\webcheck.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\66_webcheck.dll" "D:\WINDOWS.0\system32\dllcache\webcheck.dll"
DEL "D:\WINDOWS.0\system32\webcheck.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\66_webcheck.dll" "D:\WINDOWS.0\system32\webcheck.dll"
DEL "D:\WINDOWS.0\system32\dllcache\wiaacmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\67_wiaacmgr.exe" "D:\WINDOWS.0\system32\dllcache\wiaacmgr.exe"
DEL "D:\WINDOWS.0\system32\wiaacmgr.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\67_wiaacmgr.exe" "D:\WINDOWS.0\system32\wiaacmgr.exe"
DEL "D:\WINDOWS.0\system32\dllcache\wiashext.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\68_wiashext.dll" "D:\WINDOWS.0\system32\dllcache\wiashext.dll"
DEL "D:\WINDOWS.0\system32\wiashext.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\68_wiashext.dll" "D:\WINDOWS.0\system32\wiashext.dll"
DEL "D:\WINDOWS.0\system32\dllcache\wininet.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\69_wininet.dll" "D:\WINDOWS.0\system32\dllcache\wininet.dll"
DEL "D:\WINDOWS.0\system32\wininet.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\69_wininet.dll" "D:\WINDOWS.0\system32\wininet.dll"
DEL "D:\WINDOWS.0\system32\dllcache\WINNTBBU.DLL"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\70_WINNTBBU.DLL" "D:\WINDOWS.0\system32\dllcache\WINNTBBU.DLL"
DEL "D:\WINDOWS.0\system32\WINNTBBU.DLL"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\70_WINNTBBU.DLL" "D:\WINDOWS.0\system32\WINNTBBU.DLL"
DEL "D:\WINDOWS.0\system32\dllcache\winsrv.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\71_winsrv.dll" "D:\WINDOWS.0\system32\dllcache\winsrv.dll"
DEL "D:\WINDOWS.0\system32\winsrv.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\71_winsrv.dll" "D:\WINDOWS.0\system32\winsrv.dll"
DEL "D:\WINDOWS.0\system32\dllcache\wscui.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\72_wscui.cpl" "D:\WINDOWS.0\system32\dllcache\wscui.cpl"
DEL "D:\WINDOWS.0\system32\wscui.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\72_wscui.cpl" "D:\WINDOWS.0\system32\wscui.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\wuauclt.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\73_wuauclt.exe" "D:\WINDOWS.0\system32\dllcache\wuauclt.exe"
DEL "D:\WINDOWS.0\system32\wuauclt.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\73_wuauclt.exe" "D:\WINDOWS.0\system32\wuauclt.exe"
DEL "D:\WINDOWS.0\system32\dllcache\wuauclt1.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\74_wuauclt1.exe" "D:\WINDOWS.0\system32\dllcache\wuauclt1.exe"
DEL "D:\WINDOWS.0\system32\wuauclt1.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\74_wuauclt1.exe" "D:\WINDOWS.0\system32\wuauclt1.exe"
DEL "D:\WINDOWS.0\system32\dllcache\wuaucpl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\75_wuaucpl.cpl" "D:\WINDOWS.0\system32\dllcache\wuaucpl.cpl"
DEL "D:\WINDOWS.0\system32\wuaucpl.cpl"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\75_wuaucpl.cpl" "D:\WINDOWS.0\system32\wuaucpl.cpl"
DEL "D:\WINDOWS.0\system32\dllcache\xpsp2res.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\76_xpsp2res.dll" "D:\WINDOWS.0\system32\dllcache\xpsp2res.dll"
DEL "D:\WINDOWS.0\system32\xpsp2res.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\76_xpsp2res.dll" "D:\WINDOWS.0\system32\xpsp2res.dll"
DEL "D:\WINDOWS.0\system32\dllcache\zipfldr.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\77_zipfldr.dll" "D:\WINDOWS.0\system32\dllcache\zipfldr.dll"
DEL "D:\WINDOWS.0\system32\zipfldr.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\77_zipfldr.dll" "D:\WINDOWS.0\system32\zipfldr.dll"
DEL "D:\WINDOWS.0\system32\dllcache\logonui.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\78_logonui.exe" "D:\WINDOWS.0\system32\dllcache\logonui.exe"
DEL "D:\WINDOWS.0\system32\logonui.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\78_logonui.exe" "D:\WINDOWS.0\system32\logonui.exe"
DEL "D:\WINDOWS.0\system32\dllcache\msimn.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\80_msimn.exe" "D:\WINDOWS.0\system32\dllcache\msimn.exe"
DEL "D:\Program Files\Outlook Express\msimn.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\80_msimn.exe" "D:\Program Files\Outlook Express\msimn.exe"
DEL "D:\WINDOWS.0\system32\dllcache\msoeres.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\81_msoeres.dll" "D:\WINDOWS.0\system32\dllcache\msoeres.dll"
DEL "D:\Program Files\Outlook Express\msoeres.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\81_msoeres.dll" "D:\Program Files\Outlook Express\msoeres.dll"
DEL "D:\WINDOWS.0\system32\dllcache\moviemk.exe"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\82_moviemk.exe" "D:\WINDOWS.0\system32\dllcache\moviemk.exe"
DEL "D:\Program Files\Movie Maker\moviemk.exe"
DEL "D:\WINDOWS.0\system32\dllcache\uxtheme.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\Ux_uxtheme.dll" "D:\WINDOWS.0\system32\dllcache\uxtheme.dll"
DEL "D:\WINDOWS.0\system32\uxtheme.dll"
COPY "D:\WINDOWS.0\BricoPacks\SysFiles\Ux_uxtheme.dll" "D:\WINDOWS.0\system32\uxtheme.dll"

Edited by EarlJohnson, 28 November 2008 - 07:07 AM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 28 November 2008 - 08:11 AM

Hello EarlJohnson.

We will not be needing the recovery console here.

It deleted almost everything in there and simultaneously copied its own Brico system files.

That .cmd file removed the files, which where in the system32, that were part of the theme, then replaced them with the backups it stored in the "BricoPacks\SysFiles" folder. However, it was written carelessly, as it did not first check if those backups exists. Neither did it unregister the files, or register the new ones. This probably caused some of the files to be missing or notworking.

Reinstalling SP3 should restore the files. If it appears in your uninstall list, remove it, then install it again using your CD, or Windows Updates.

With Regards,
The Panda

#7 EarlJohnson

EarlJohnson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 28 November 2008 - 10:08 PM

Thank you once again for taking your time to walk me through the step-by-step process.
O.K, I tried to reinstall the XP SP3 as you advised. As usually, it started the installation process: however when finished, tt prompted this message:
  • your computer may not have enough memory to examine the driver or your windows xp cd may contain some corrupted files.
    Press Enter to continue Setup.
I pressed Enter. Then the following message prompted
  • Setup was unable to verify drive c:
I ran the Windows Diagnostic Tool test(For IDE/ATA Hard Drive)
and the result came back OK. As for the XP CD, It is also undamaged. The only thing left(my guess) is the memory. Wouldn't the memory be automatically installed along with the rest of the XP OS when a fresh new installation is created? If not, how can I increase my computer's memory so I can proceed with the installation process?

Thanks for your help.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 29 November 2008 - 09:50 AM

Hello EarlJohnson.

I have no idea what is causing that error.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please let us know.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.
--
Tell me how it goes.

With Regards,
The Panda

#9 EarlJohnson

EarlJohnson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 25 December 2008 - 03:14 AM

It's too long to post the entire copy of the log. I don't think it is permitted on this forum.

Thanks

#10 midnight51

midnight51

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, United States
  • Local time:06:53 AM

Posted 25 December 2008 - 09:12 AM

Why is your Operating System installed on drive D? Are you dual booting? By the way, that cmd file that you ran deleted lots of system files and applications which is why you now cannot access certain parts of your operating system. Try executing this command from the run prompt on your start menu: %SystemRoot%\system32\restore\rstrui.exe - Once the applet loads try using it to restore your system to a time BEFORE you installed the BrickPack theme.

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,870 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:53 AM

Posted 25 December 2008 - 09:44 AM

...and the fact that your windows folder reads "Windows.0" indicates that a dual-install of XP in the same folder took place at some time.

It might be worth considering a clean install to set things right.

Out of curiosity...what is on the C: partition?

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users