Solved

Cannot run various programs

Posted on 2007-03-23
8
394 Views
Last Modified: 2013-12-08
PC has: Windows XP Home SP1, IE 6, AOL 9.0 SE

Unable to view any https:// pages in IE or AOL. Can view http:// fine in IE or AOL.

Unable to run any Active X controls - settings are all default under Internet Options. Have also tried setting Internet Zone to low and also manually setting Active X to enabled. Uninstalled Flash

Uninstalled expired Norton AV 2004. Wanted to clean up using Norton Uninstall tool. Unable to run Norton Uninstall tool - error msg: "SymNRT: Invalid Signature. This file is unsigned so it won't run"

Removed several viruses (trojans) with current AVG and a lot of spyware (180Solutions, Gator, ISTbar, etc.) with current SpyBot.

Cannot install Windows XP Service Pack 2 - it unpacks everything, then ends with a pop-up that says "Setup Error: The system cannot find the file specified."

Cannot run SFC /scannow - After about 1 minute of no progress, the Windows File Checker window simply closes with no error message.

Cannot run WIndows Update or Online scans due to Active X failure.

I think one of the viruses altered the registry or the TCP/IP stack or Internet settings, but I can't figure out how to correct it. Any help would be appreciated.
-Dan
0
Comment
Question by:HighTechGeek
  • 4
  • 3
8 Comments
 
LVL 7

Expert Comment

by:concretesailors
ID: 18780232
Re-install Windows XP with a complete format. Too many issues to address one at a time.

Unless you've done a back-up which you can apply to your computer;  re-installing would be the best solution at this time.
0
 
LVL 5

Author Comment

by:HighTechGeek
ID: 18781393
I guess I feel that they are all related to a single issue and if we can figure it out, all the other problems will fall in line. Before re-installing do you have any suggestions that I might try?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18783814
Check the links below for inability to access secure sites:
http://www.bleepingcomputer.com/forums/topic41067.html
http://www.duxcw.com/faq/win/xp/secure.htm

If it's not caused by the above, then maybe some nasties are causing it.
Can you show us a hijackthis log.
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

You can either upload the log to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
0
 
LVL 5

Author Comment

by:HighTechGeek
ID: 18840768
I thought all secure sites started with "https://", but the test sites that are referenced in the articles that you sent me to all begin with "http://" (eg. http://www.ebay.com, http://www.microsoft.com, ). I can access them, but still can't access "https://" sites.

Also, the verisign SSL checker at http://www.verisign.com/advisor/check.html  referenced in your second link says I am fine, yet all their sites also do not begin with "https://", so they work.

Here is the link to my hijackthis log:
https://filedb.experts-exchange.com/incoming/ee-stuff/3072-hijackthis.txt
(at least the log is relatively short)

Thanks,
Dan
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 125 total points
ID: 18840850
Yeah, a secure site is supposed to have https:// and has a padlock at the bottom page.

Anyway, these nasties showing in your log could be the culprit or part of it.
You have some bad entries in your log, not sure that all are showing, some could still be hiding.
You need to uninstall this toolbar if present in Add/remove:
"SafeGuard Protect PCShield"

and delete these files if still present:
C:\WINDOWS\Akakznhe.dll
C:\WINDOWS\System32\sfg.dll


Or use Killbox to delete them. Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "All Files"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Akakznhe.dll
C:\WINDOWS\System32\sfg.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.


Then fix these entries in Hijackthis, while all browsers and other windows are closed:
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - (no file)  
O2 - BHO: (no name) - {7AED1664-4CF6-3EFF-809A-F7DFE69D59D5} - C:\WINDOWS\Akakznhe.dll
O3 - Toolbar: Search - {CF1E70B2-6818-9488-DAC4-36F068F59828} - C:\WINDOWS\Akakznhe.dll
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: sprio600 - Unknown owner - C:\WINDOWS\System32\sprio600.exe (file missing)


Download SUPERAntispyware:
http://www.superantispyware.com/

Let us know how it goes.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18840868
O23 - Service: sprio600 - Unknown owner - C:\WINDOWS\System32\sprio600.exe (file missing)

Instead of fixing the above entry with Hijackthis, you could just use the command prompt to stop and delete that service.

Start > Run > type in

cmd

press Enter, and enter these commands pressing Enter after each one.
sc stop sprio600
sc delete sprio600



C:\WINDOWS\System32\sprio600.exe<-- also make sure that this file is really gone off your system, Hijackthis has a bug that says an 023 entry has "file missing" when in reality it is not, so make sure that's gone, probably hidden too and if you use "search" it won't find it unless you configure it to search for hidden files and folders.

SUPERAntispyware is a really good scanner so I hope you'll use that.
0
 
LVL 5

Author Comment

by:HighTechGeek
ID: 18843459
Well, so far it seems to be working. I eliminated the HiJackThis items you suggested, then I was able to get to https:// pages. Then I tried WindowsUpdate (which wasn't working) and it still failed, but it got further than before and it gave me an error message. Following some of the links from Microsoft regarding these errors, I was told to re-register a series of dlls. Some of the dlls were missing (3 of 8), but after registering the other 5 (using the regsvr32 command), WindowsUpdate proceeded to allow me to run Active X controls and upgrade the BITS and the Installer. I could then install WinXP Service Pack2 and IE7 which will hopefully restore any and all missing dlls. I think I am well on my way to recovery. I will see if I can run SFC and do a system check through the recovery console. Thanks rpggamergirl! I will try the superantispyware too! Hopefully, you will have your points by the end of the day!
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18847926
Glad to know you can now access secure sites!
Well done on fixing the other problems too, hopefully everything will work out fine.

And oh, don't worry about points, you can reduce it if you like, since you did all the hardwork there fixing your problems, :)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
htaccess file 3 66
Web Browsers Start Page Hijacker 14 78
How to mass uninstall IE11 in domain 2 27
cookies analysis tools 2 29
Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now