Runtime 75 error?

Rockiemalt

I have a dell 8400 running xp.

I seem to have got a virus called prisonhui. It disabled task manager, system restore and disabled my rightclick.

I sorted the task manager probelm with Ad Adware.

Everytime I boot up a little box pop up with the words PRISONHUI and run-time
error 75 ,path/file access error

I also can't reactivate system restore. everytime I try it says there has been a problem, please restart your machine and doing this doesn't have any effect.

any help appreciated

Ruu_Old

What anti virus software have you got?

ActorSeeksJob

Dl this http://www.download.com/HijackThis/3000-8022_4-10379544.html
Run it, click "Do a system scan and save a logfile" and post that here.

Rockiemalt

I use AVG antivirus and its has up to date definitions but it came out with nothing

Rockiemalt

Attached file of log.

ActorSeeksJob

Run HijackThis, click "Do a system scan" and put a check in the boxes to the left of these entries :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adarson.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [rmalt] C:\Program Files\msnlive\Setup.exe
O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27fef5bb5dc3ef4f5c00/netzip/RdxIE601.cab


If you didn't use Spybots S&D option ‘Lock homepage from changes’ active, or your system administrator didn't put these in place, put a check beside these entries also.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all windows except for HijackThis and click "Fix checked".

Now you need to delete these files in bold :
C:\Program Files\msnlive\Setup.exe
C:\WINDOWS\system32\adobemgr.exe

You now need to update your Java and remove all your older versions.
Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Remove all items with Java Runtime Environment (JRE) in the name.

Download the latest version of Java Runtime Environment (JRE) 6, and install it to your computer.
http://java.sun.com/javase/downloads/index.jsp
You go to Java Runtime Environment (JRE) 6u1 > Download > Accept license agreement > click Windows Offline Installation, Multi-language jre-6u1-windows-i586-p.exe 13.16 MB

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html

You seem to be running McAfee SecurityCenter and AVG at same time. This is not a good idea and can lead to conflicts and slow your pc speed. So go Start > Control Panel > Add or Remove Programs > Remove one of them. I recommend that you keep AVG.

Reboot your PC.

Tell me how all this goes and send a new HijackThis log please. Also is the problem still there?

Rockiemalt

I'm jsut doing all that stuff now but theres no McAfee in my program list and I used to use it about 2 years ago but not anymore :S

ActorSeeksJob

There's still traces of it on your pc it seems. Once you did all the steps I mentioned, then do these ones.

Run HijackThis, click "Do a system scan only" and put a check beside these entries:

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

Then delete this folder in bold
C:\Program Files\McAfee.com

Also what is
O23 - Service: RaySatxsi4_2 Server (RaySatxsi4_2Server) - Unknown owner - C:\Softimage\XSI_4.2\Application\bin\raysatxsi4_2server.exe

Please send me a new HJT log once you do the steps in this post.

Rockiemalt

2nd logfile thing.

The runtime error never came up but I still can't right click and system restore is still disabled.

Rockiemalt

Yeah there seems to be. I can't find a folder in program files which is weird! I'll try those other steps now, sorry i psoted that log too quickly.

SoftImage is a 3d creation program that I was using for college. it required online registration or something of that sort but it doesn't work anymore anyway.

ActorSeeksJob

once you post a new log with the fixes that I just posted ill get back to you with everything. be easier for both of us

Rockiemalt

log 3.. stupid mcafee keeps reappearing and I can't find the files to delete them!

ActorSeeksJob

Don't worry about the Program Folders if you cant find them.

Try reactivate System Restore by doing the steps in this link
http://www.bleepingcomputer.com/tutorials/tutorial56.html#enable

Let's try this to get rid of McAfee
To disable McAfee, please do the following:
[Windows XP]

1. Select "Start"
2. Choose "Control Panel"
3. Choose "Administrative Tools"
   ** note in Windows XP Home edition, Admistrative Tools is in Performance and Maintence
4. Choose "Services"
5. Right-click on all the McAfee Services one @ a time. The services you need to disable should be "McAfee WSC Integration", "McAfee Task Scheduler", "McAfee SecurityCenter"
6. Select "Properties" for each one
7. Change "Startup Type" to "Disabled" and click "OK"

Tell me how this goes and if you had any troubles. Please also send me another HJT log so i can see if this worked.

Rockiemalt

couldn't activate system restore using those links.. I've attached a screen shot also of the system restore registry place.

Thank you so much for all the help!

ActorSeeksJob

I don't see anything amiss in your registry for System Restore..Is your user account an Administrator? Have you tried Manually Creating Restore Points(explains how in the link)? Hopefully somebody else might post with a solution...

btw is your right click still disabled? Need you to post that new HijackThis log so we can see if McAfee was disabled.

Rockiemalt

the other mcafee stuff is gone now I can't do anything like create new restore points because it won't let me do anything because "there is a problem, please reboot" i've tried that.

Yup i'm adminsitrator.

Right click is still disabled.

ActorSeeksJob

There's a few things we can do that may help.

Download this program Here
Run it, click Cleaner tab on the left, click Run Cleaner.
Then go to the Issues tab, click Scan for Issues, make a backup when it prompts you @ the end(save it somewhere safe!), then click "Fix all issues".

These next steps take a while, so do them whenever you dont need to use the pc

Please download, install, and update this program AVG Anti - Spyware. :
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run AVG Anti - Spyware for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main AVG Anti - Spyware screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit AVG Anti - Spyware and boot into safe mode :

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Now open AVG Anti - Spyware, click on the Scanner button in the left menu, run a full system scan, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If AVG Anti - Spyware finds anything, it will pop up a notification. You can select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

While still in safe mode, run AVG anti-virus(which you have already). Make sure you do a full system scan.

Tell me what AVG anti-virus finds. Once you do all these steps, tell me if your right-click still disabled and if System Restore still messed up.

Rockiemalt

AVG spyware found three things which I got rid of. Anti virus found nothing and both are up to date.

Right click is still disable as is System restore

ActorSeeksJob

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Rockiemalt

Thanks, will do that in a mo. Just running RootKitRevealer at the moment.

ActorSeeksJob

ill get you a better program to run for rootkits

Download GMER from
here
Click GMER application: gmer.zip ( 450kB )

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Rockiemalt

Combo fix file attached. The first rootkit thing crashed, thanks for the other one.

Rockiemalt

GMER results

Rockiemalt

I'm still having probelms with my right click, system restore and search facility so if anyone has any ideas it would be much appreciated,

ActorSeeksJob

oh sorry I thought I had posted back. You dont seem to have a rootkit, did it say it detected anything to you?

Honestly I have no idea what's wrong with your pc, we have used some of the best tools out there. When did this happen do you know? Do you have registry back ups from before it happened?

Also can you post another HijackThis log to make sure I didn't miss anything.
There's one more thing we can do after, but answer those Qs first

sa91899

I am having this same problem...

Started on the 6-7th...

If I can, would I beable to follow your steps and maybe you could help me out too?

sa91899

Here is my HiJack This log...

sa91899

Ok,

Ran the fix on the below items...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adarson.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [rmalt] C:\Program Files\msnlive\Setup.exe

and also these...

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Once I clicked on fix selected a small window came up that said "registry editing has been disabled by the administrator"

Uninstalled the JRE, and installed the latest version of Java Runtime Environment (JRE) 6

rebooted and am now running HiJack This again...

sa91899

Tried following steps in turning System Restore on, but got this message when I clicked apply...

ActorSeeksJob

Be very careful following somebody else's HijackThis instructions, it's always better to post your own log and wait for a reply.

Run HijackThis, click "Do a system scan only" and check these entries

fix unless your system administrator has put this restriction into place.
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O15 - Trusted Zone: *.line6.net

Now close all windows except for HijackThis and click Fix checked.

You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE) 6, and install it to your computer.
http://java.sun.com/javase/downloads/index.jsp
Click Java Runtime Environment (JRE) 6u1

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html

You seem to be using two anti-virus programs which is a bad idea and can really slow down your pc and cause conflicts, so
you need to uninstall one of them. I recommend you get rid of CAISafe(Yahoo! Antivirus)
So go to Start > Control Panel > Add or Remove programs > Remove CAISafe(Yahoo! Antivirus)

You dont seem to have an anti-spyware program on your pc which is a bad idea. I recommend the following anti-spyware programs to protect yourself against spyware, make sure you only use one real-time anti-spyware protection program though :
AVG anti-spyware
Spybot - Search and Destroy
Ad-Aware SE Personal

Unfortunately it looks like your System Restore problem is caused due to a drives problem. I really don't know much about this area, so we gonna need to get somebody else's feedback. Maybe make a new post or something. If the OP sees this, did you get the same error message as sa91899?

sa91899

ActorSeeksJob,

Thanks for the response.

I understand what you are saying about following others instructions and only did those things I knew to be safe.just read your post so I will do as you say. Up to this point however, here is what I have done...

I posted my HijackThis log and have disabled the specific ones related to this virus... Specifically the:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adarson.com
O4 - HKLM\..\Run: [rmalt] C:\Program Files\msnlive\Setup.exe

and

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

once I ran the fix I had 2 small windows come up that said that the administrator had restricted access to editing the registry. but it did seem to work so far.

I have uninstalled all Java and installed the updated version

As I said in a previous post my System Restore is still not working, however it did work prior to getting this virus as I have done a system restore on this laptop within the last 6 months.

I installed the cleaner program and ran it as was suggested to Rockiemalt. It cleaned out 1.7 GB of stuff.

I installed AVG Anti-Spyware, booted to safemade and ran that.

It found 4 threats: 1 High, 2 Medium & 1 Low deleted all these.

Proceeded to run AVG Anti-Virus

Found 0 threats.

I have rebooted, saw your post and this is where I am so far.

I have the Computer Associates Spyware/Virus protection software free thru my ISP, but it didn't see this threat so I guess I will uninstall it as you suggested. I will continue to use the AVG software as long as it is free.

I have Spybot & Ad Aware on all my pc's except this one. I was sure it was on here but I must have gotten side tracked and didn't install it here. I will do so.

Wiull now proceed with the hijackthis edits you mentioned in your post. Will let you know what I find.

BTW, the right click is still not working, the taskmanager IS working now, the search & the run features on the start menue are still gone, and the system restore is still not working.

ActorSeeksJob

Try this for System Restore

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

You dont know the name of the High threat AVG anti-spyware found? If possible try find out as that could help. I think AVG anti-spyware keeps a log after its done scanning.

AVG should stay free, always has been. You dont have to get Ad-Aware and Spybot, its just a good idea to give a person options. I personally use AVG anti-spyware/SpywareGuard/SpywareBlaster and i get hardly any spyware.

Tell me how this goes, in particular to the System Restore thing i posted above.

sa91899

Well, when this all happened, I lost the ability to bring up task manager, enable System restore, lost search from the start menu & lost Run from the start menu....

So I can't do those things in your post....

As for the high level threat AVG spyware found, let me check....


It was "trojan.pakes.edg "

ActorSeeksJob

hey I have honestly no clue now but post @ this site, im sure they could help you
http://forums.spywareinfo.com/
Post with the problems you told me, and a HJT log. Also could you link me to the topic.

Sorry couldnt fix your problems

dodger

I've got exactly the same problem on my Son's laptop, did all the scans and it was infected by a virus or two, by creating a new user on your pc you'll get the right click to function again, but as for the rest, the forum I was using couldn't help either, was told its probably damaged the registry and better to format drive and reload windows, although I'm gonna hold out for another week or so and hope I can find a solution somewhere

sa91899

went there but it seems they take a very long time to respond to posts. Must have alot of people needing help

here is the link to my thread...

http://forums.spywareinfo.com/index.php?showtopic=97446

ActorSeeksJob

yeah they help a lot of people out. curious to see what they will do. hopefully all your problems be fixed soon enough.