My Computer is broken

[lexusdominus]

my computer is broken in just about every way possible, but surprisingly ive managed to squeeze enough life out of it to get onto these forums.

 

my system:

3.4ghz dual core P4

1Gb RAM

ATI radeon x300

linksys wireless card

windows XP pro sp2

 

When i start up windows, it gives me this error :

 

(Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

 

DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Cypher\ntuser.dat

 

For more information, see Help and Support Center at Events and Errors Message Center: Basic Search.)

 

It then loads a temporary profile

 

(Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

 

For more information, see Help and Support Center at Events and Errors Message Center: Basic Search.)

 

I checked the windows support, but it just says to create a new profile. That would be fine, but a load of my programs are now asking for cd keys which ive lost or thrown away ect, and i dont want to lose all of my settings.

 

 

The file, ntuser.dat is indeed being used by some process, as windows wont let me copy it. (from my "temporary" or any other user account). Is there a way to find out what process is using that file so i can terminate it & copy it into a new account or something?

 

I have a virus which i think may be the culprit (sopidkc.exe) - i delete the virus, then run hijackthis, but it wont get rid of the startup entry.

 

Thanks!

[lexusdominus]

ok, i got rid of the virus by ending disabling the service from the adminastrative section in control panel then running hijackthis, as far as i know, im virus free - but my problem still remains unfortunately.

 

Ive never really touched the registry manually before, and dont really know how it works, but i am aware that ntuser.dat is a hive file. is there a seperate registry for each user account? if i could copy my main ntuser.dat file into a new account profile would it do much damage (i also have ubuntu linux on a seperate partition :) )

Edited May 19, 2009 by lexusdominus

[starams5]

Hi

 

"The file, ntuser.dat is indeed being used by some process, as windows wont let me copy it. (from my "temporary" or any other user account). Is there a way to find out what process is using that file so i can terminate it & copy it into a new account or something?"

 

Use Unlocker to see what is using the process. I'm providing the info you requested, however, you unlock it at your own risk.

 

UNLOCKER 1.8.7 BY CEDRICK 'NITCH' COLLOMB

 

Your computer is infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark All the Fixed Drives.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[Tootech]

Hi lex,

 

Just want to add a couple of points to starams info.

 

Hijack This not generally used as a virus removal tool - it will remove entries that often prompt a virus or spyware infection to run on your computer, but it will not remove the infection itself. Therefore using HJT to 'fix' your computer will not remove the malware.

 

ntuser.dat is the registry hive HKEY_CURRENT_USER, so when you log on, Windows creates your user profile using ntuser.dat. I wouldn't recommend messing with it in any way - it could make things worse.

 

Should the worst come to the worst and after running a clean up you still can't log on, have a look at the link, SIW.exe does retrieve some program serial numbers from the registry.

 

SIW | Download

[RandyL]

Hi Lexus;

You've received some good advice from people who know. I would like to add some caution too.

 

Since you are able to access your files and data you should back them up at this time in case anything goes wrong. To be safe I would back them up to external media.

 

To be easy but not as safe copy them over to another Administrator profile account. Create a new one if you have not done so already.

 

There is a probability that your current profile is corrupted or has been made inoperable by the malware. If so a new profile is what you need. Saving your files now might be a wise move. As noted if you attempt to fix it things could get worse.

[lexusdominus]

Thanks for the quick replies! This is my progress:

 

I followed your malware guide & now i can get back onto all my accounts. thanks :)

 

Before i did the checks, my background was locked on a blank blue background, and i couldnt change it in any of the accounts (all of the image backgrounds were locked) now they all work for all accounts but my main one. in my main account, i can now click them, but when i press apply a window pops up saying "the visual styles could not be applied".

 

Applications think that they are booting for the first time - so the cd keys that i had entered at the time of installation are still there, but some still ask for the cd key. I noticed that the latter types of application (at runtime) seem to ask for a cd key each individual account. i guess mabye user specific info on my main account may have been permanently lost. :(

 

Also thanks for the links to all the useful software! i can definetly see them coming in handy in the future & Ive backed up all my important stuff so am ready to give my computer a real makeover (aside from a format, if possible).

 

I may as well move onto my next problem... BSOD.

 

90% of the time on boot, i get a BSOD error saying:

IRQL_NOT_LESS_OR_EQUAL

but surprisingly the other 10% of the time, it boots up, no problem, everything working (sound, video, wireless, LAN, ect) It also boots up fine in safe mode, though without sound ect. ive tried reinstalling most of my drivers. The BSOD also gives me hex numbers. Is there any way of finding out exactly where the problem is occuring?

[Guest Wolfeymole]

Do you have the XP disk and system driver disk for this box as it sounds to be well and truly on it's arse and a new installation should be considered.

[starams5]

Hi

 

I have a small tool for moving your existing files from one account to another, you may find it useful. See link.

 

Change User Folders v3

Edited May 20, 2009 by starams5