Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Fix


  • Please log in to reply
34 replies to this topic

#1 mooah

mooah

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 08:26 AM

Hey,

My pc rebooted itself earlier saying windows had installed important updates. When it started back up, my desktop was missing! Instead of the usual picture it was all black and there were no icons. When I press Start it also tells me I have no programs. Things were popping up left right and centre telling me my hard drive couldn't be found and there were critical errors etc... all coming from Windows XP Fix. I didn't touch anything, borrowed a laptop and googled it which led me to you (bleeping computer).
I've followed the instructions it gave ie downloaded RSKill and tdsskiller. RSKill stopped the Windows XP Fix from popping up all over the place but the tdsskiller said no infections were found. I then tried to run Malware Bytes but everytime it comes up with Access Denied and I can't go any further and so it tells me to post here asking for help.

Thanks in advance!

Lena.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 12:05 PM

Welcome aboard Posted Image

Did you try to run rKill + MBAM in Safe Mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 12:18 PM

Hi,
I looked about 'n found something so I could run malware bytes. It worked and found 6 things, I followed the instructions and removed them but after rebooting it all started again so I'm just going through it again. I'm hoping it'll do the trick this time round.

Thanks for taking the time to reply :thumbup2:

Lena.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 12:20 PM

OK, keep me posted and when you're done with MBAM post its log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 01:38 PM

Hello again,

Just one showed up this time but Windows XP Fix is still showing when I press Start>All Programs but can't see it anywhere on the Add/Remove programs and it isn't coming up with messages after I've rebooted so it's better than it was B)

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/07/2011 19:06:34
mbam-log-2011-07-09 (19-06-34).txt

Scan type: Full scan (C:\|D:\|J:\|K:\|)
Objects scanned: 299632
Time elapsed: 1 hour(s), 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{1a2fe54d-9d26-4b44-adca-479ebee5a642}\RP1222\A0187425.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 02:03 PM

Windows XP Fix is still showing when I press Start>All Programs


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\Documents and Settings\All Users\Start Menu
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 02:07 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:05 on 09/07/2011 by user
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Start Menu - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 272 bytes [15:23 09/07/2011] [21:17 02/09/2008]
HP Director.lnk --a---- 808 bytes [15:23 09/07/2011] [17:51 19/03/2007]
HP Image Zone.lnk --a---- 906 bytes [15:23 09/07/2011] [17:50 19/03/2007]
Microsoft Update.lnk --a---- 1570 bytes [15:23 09/07/2011] [18:00 19/03/2007]
Set Program Access and Defaults.lnk --a---- 1567 bytes [15:23 09/07/2011] [21:17 02/09/2008]
Windows Catalog.lnk --a---- 398 bytes [15:23 09/07/2011] [04:05 20/10/2005]
Windows Update.lnk --a---- 1511 bytes [15:23 09/07/2011] [00:00 01/06/2007]

---Folders---
Programs dr----- [23:29 12/05/2006]

-= EOF =-

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 02:09 PM

One more time with little bit different code:

:dir
C:\Documents and Settings\All Users\Start Menu\Programs

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 02:11 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:10 on 09/07/2011 by user
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Start Menu\Programs - Parameters: "(none)"

---Files---
Adobe ImageReady 7.0.lnk --a---- 823 bytes [15:23 09/07/2011] [17:11 24/03/2007]
Adobe Photoshop 7.0.lnk --a---- 818 bytes [15:23 09/07/2011] [17:11 24/03/2007]
Adobe Reader 7.0.lnk --a---- 2321 bytes [15:23 09/07/2011] [11:05 18/05/2008]
desktop.ini --ahs-- 150 bytes [15:23 09/07/2011] [04:04 20/10/2005]
I.R.I.S. OCR Registration.lnk --a---- 731 bytes [15:23 09/07/2011] [17:51 19/03/2007]
Microsoft Works.lnk --a---- 1930 bytes [15:23 09/07/2011] [15:56 11/09/2008]
Mozilla Firefox.lnk --a---- 734 bytes [15:23 09/07/2011] [07:13 23/03/2011]
MSN.lnk --a---- 1894 bytes [15:23 09/07/2011] [04:03 20/10/2005]
Windows Messenger.lnk --a---- 609 bytes [15:23 09/07/2011] [04:03 20/10/2005]
Windows Movie Maker.lnk --a---- 694 bytes [15:23 09/07/2011] [04:04 20/10/2005]

---Folders---
Accessories dr----- [04:03 20/10/2005]
Acer d------ [19:43 26/02/2007]
Acer Empowering Technology d------ [19:40 26/02/2007]
Acer WLAN 11g USB Dongle d------ [23:29 12/05/2006]
AcerSystem d------ [23:20 12/05/2006]
Administrative Tools dr----- [04:03 20/10/2005]
Advanced WindowsCare V2 Personal d------ [06:08 23/10/2008]
AVG 2011 d------ [19:02 15/10/2010]
CCleaner d------ [20:24 29/05/2011]
CUE Splitter d------ [07:31 07/01/2011]
CyberLink PowerDVD d------ [04:17 20/10/2005]
DivX Plus d------ [09:16 03/05/2010]
EPSON d------ [09:52 14/01/2009]
EPSON Creativity Suite d------ [10:09 14/01/2009]
EPSON PRINT Image Framer d------ [10:02 14/01/2009]
Games dr----- [04:03 20/10/2005]
Google Updater d------ [20:16 18/07/2009]
HP d------ [17:49 19/03/2007]
Malwarebytes' Anti-Malware d------ [14:06 09/07/2011]
Microsoft Clip Gallery d------ [15:56 11/09/2008]
Microsoft Office d------ [15:51 17/02/2011]
Microsoft Works d------ [15:56 11/09/2008]
Philips Wireless USB Adapter 11g d------ [17:29 12/06/2007]
Pivot Stickfigure Animator d------ [20:15 09/10/2008]
QuickTime d------ [16:06 22/11/2009]
SmartCamera d------ [15:28 25/08/2007]
Sony d------ [16:15 06/12/2010]
Sony Ericsson d------ [19:34 05/12/2010]
SpeedTouch USB d------ [22:32 19/03/2007]
Startup dr----- [23:29 12/05/2006]
Test My Hardware d------ [23:12 14/05/2010]
USB PC Cam Plus d------ [15:24 25/08/2007]
VideoLAN d------ [13:36 04/05/2010]
VxViewer d------ [20:03 16/05/2011]
Windows Live d------ [23:52 11/11/2007]
WinRAR d------ [13:10 28/12/2007]
Zoom ADSL Modem d------ [14:32 24/12/2008]

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 02:14 PM

Windows XP Fix is still showing when I press Start>All Programs

What's the exact name of that entry?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 02:16 PM

I press Start>All Programs and then it says Windows XP Fix (exactly like that) the sub menu on it says Uninstall Windows XP Fix and Windows XP Fix.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 02:20 PM

Re-run SL with this code:

:folderfind
*Windows*XP*Fix*
:filefind
*Windows*XP*Fix*

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 02:22 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:21 on 09/07/2011 by user
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Windows*XP*Fix*"
C:\Documents and Settings\user\Start Menu\Programs\Windows XP Fix d------ [11:46 09/07/2011]

========== filefind ==========

Searching for "*Windows*XP*Fix*"
C:\Documents and Settings\user\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk --a---- 897 bytes [11:46 09/07/2011] [11:46 09/07/2011] 3D4641A9BE286F38520051B8DE0CDD45
C:\Documents and Settings\user\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk --a---- 825 bytes [11:46 09/07/2011] [11:46 09/07/2011] C9BCEADA23D9AB52B9436B7B855942FA

-= EOF =-

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:12 AM

Posted 09 July 2011 - 02:27 PM

Go Start>Run, type in:
cmd
Click OK.

Paste this into command prompt window:
rd "C:\Documents and Settings\user\Start Menu\Programs\Windows XP Fix"
Press Enter.
You should see a message about successful deleting.
Let me know.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 mooah

mooah
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 July 2011 - 02:29 PM

After pressing enter after the command it says "The directory is not empty"

Has it worked?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users