Error 1606

Unknown

Hello all, I'm new to this forum but I hope that we all, with our various levels of knowledge concerning computers, gain some more knowledge. I am currently running Windows XP Home w/ SP3 on a pretty decent system, I'm a mild gamer, but recently while trying to install an Ad-Aware update, I received the following notice from Windows Installer: error 1606 Could not access network location %USERPROFILE%\RECENT\. I found that this message also shows when I was trying to reinstall GameShadow, that somehow disappeared with the exception of the shortcut icon. It seems that I am not able to install anything that will require utilyzing Windows Installer as long as the network location folder is missing. I was wondering, would a virus/malware cause this type of error or, if not, what would cause the "%USERPROFILE%\RECENT\" folder to disappear.

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\klook*.txt del /q C:\klook*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
regedit /e C:\klook1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
regedit /e C:\klook2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
type C:\klook*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\klook*.txt
del /q %0
exit

Double click on look.bat

Notepad will open, please copy/paste the results here.

dbf574

Thank you for your quick response. Sorry that I hadn't responded earlier, today was the first time that I've been on my computer, I've been working that afternoon shift (3pm to 11pm). Here are the results that you have requested:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00
"Favorites"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,\
00,00,00
"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4e,00,65,00,74,00,48,00,6f,00,6f,00,64,00,00,00
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
00,6e,00,74,00,73,00,00,00
"PrintHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,50,00,72,00,69,00,6e,00,74,00,48,00,6f,00,6f,00,64,\
00,00,00
"Programs"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,00,00
"SendTo"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,53,00,65,00,6e,00,64,00,54,00,6f,00,00,00
"Start Menu"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,\
6e,00,75,00,00,00
"Startup"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,53,00,\
74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Templates"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,54,00,65,00,6d,00,70,00,6c,00,61,00,74,00,65,00,73,\
00,00,00
"My Pictures"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,\
65,00,6e,00,74,00,73,00,5c,00,4d,00,79,00,20,00,50,00,69,00,63,00,74,00,75,\
00,72,00,65,00,73,00,00,00
"Local Settings"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00
"Local AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Cache"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,5c,00,54,00,65,00,6d,00,70,00,6f,00,72,00,61,\
00,72,00,79,00,20,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,00,00
"Cookies"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,43,00,6f,00,6f,00,6b,00,69,00,65,00,73,00,00,00
"History"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,00,00
"Recent"="%USERPROFILE%\\Recent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\New]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,\
00,74,00,6f,00,70,00,00,00
"Common Start Menu"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,\
72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,00,00
"Common Programs"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,\
00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,73,00,00,00
"Common Startup"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,\
00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,73,00,5c,00,53,00,74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Common AppData"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,\
00,00
"Common Templates"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,54,00,65,00,6d,00,\
70,00,6c,00,61,00,74,00,65,00,73,00,00,00
"Common Favorites"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,\
6f,00,72,00,69,00,74,00,65,00,73,00,00,00
"Common Documents"=hex(2):25,00,41,00,4c,00,4c,00,55,00,53,00,45,00,52,00,53,\
00,50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,6f,00,63,00,\
75,00,6d,00,65,00,6e,00,74,00,73,00,00,00

Hope to hear from you soon.

Again, thank you
TJ

Katana

Backup the Registry

• Download ERUNT to your desktop
• Double-click on the file to install the program
• Untick the NTREGOPT desktop shortcut option
• Click No when you get the option to run Erunt at Windows startup.
• During the installation, tick Launch Erunt
• Accept the defaults for running a backup
• Erunt will then backup your registry

Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the code box to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Recent"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,52,65,63,65,6e,74,00,00

Make sure there are NO blank lines before Windows Registry Editor Version 5.00 and ONE blank line at the end/bottom
Double click on Regfix.reg and click Yes at the prompt



Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

How are things now ?

dbf574

Hello again, I've completed all tasks. The results of the scan is below. After the scan was completed I had attempted, again, to load GameShadow but got the error 1606 again. What, if anything, should I do next?

The results of the scan was as follows:

Malwarebytes' Anti-Malware 1.23
Database version: 990
Windows 5.1.2600 Service Pack 3
4:34:17 AM 7/25/2008
mbam-log-7-25-2008 (04-34-17).txt
Scan type: Full Scan (C:\|J:\|K:\|)
Objects scanned: 177409
Time elapsed: 1 hour(s), 12 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Please advise, thank you
TJ

dbf574

Just a quick observation Katana, after I submitted the last reply to you I went into the Regedit and discovered a change. This is what I found under "My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Current User Folders" that on the Recent line, REG_Expand_SZ (where it's now corrected to include the word EXPAND), in place of %USERPROFILE%\RECENT there is now a row of ten rectangles. Should it be that way?

Confused
TJ

Katana

I strongly suspect that your problem isn't malware related, but let's have one more scan to confirm this.


Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\klook*.txt del /q C:\klook*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
regedit /e C:\klook1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
type C:\klook*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\klook*.txt
del /q %0
exit

Double click on look.bat

Notepad will open, please copy/paste the results here.





Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary and let the database download.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

dbf574

Katana,

Here is the results of the look.bat, I will then run the Kaspersky Online Scan and let you know what, if anything, was found. By the way, any thoughts on the ten rectangular boxes I mentioned in my last reply?

Thank you
TJ

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00
"Favorites"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,\
00,00,00
"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4e,00,65,00,74,00,48,00,6f,00,6f,00,64,00,00,00
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
00,6e,00,74,00,73,00,00,00
"PrintHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,50,00,72,00,69,00,6e,00,74,00,48,00,6f,00,6f,00,64,\
00,00,00
"Programs"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,00,00
"SendTo"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,53,00,65,00,6e,00,64,00,54,00,6f,00,00,00
"Start Menu"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,\
6e,00,75,00,00,00
"Startup"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,53,00,\
74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Templates"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,54,00,65,00,6d,00,70,00,6c,00,61,00,74,00,65,00,73,\
00,00,00
"My Pictures"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,\
65,00,6e,00,74,00,73,00,5c,00,4d,00,79,00,20,00,50,00,69,00,63,00,74,00,75,\
00,72,00,65,00,73,00,00,00
"Local Settings"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00
"Local AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Cache"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,5c,00,54,00,65,00,6d,00,70,00,6f,00,72,00,61,\
00,72,00,79,00,20,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,00,00
"Cookies"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,43,00,6f,00,6f,00,6b,00,69,00,65,00,73,00,00,00
"History"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,00,00
"Recent"=hex(2):25,55,53,45,52,50,52,4f,46,49,4c,45,25,5c,52,65,63,65,6e,74,00,\
00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\New]

Katana

dbf574 wrote:

By the way, any thoughts on the ten rectangular boxes I mentioned in my last reply?

Sorry, I misread what you had put, I thought you were talking about the key that I was exporting.
Let's have a look at that one now.

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Double click on look.bat

@echo off
if exist C:\klook*.txt del /q C:\klook*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
regedit /e C:\klook1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Current User Folders"
type C:\klook*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\klook*.txt
del /q %0
exit

Notepad will open, please copy/paste the results here.

dbf574

Katana,

I copied and pasted as requested but after enabling (double-clicking), it came up with blank results, nothing listed on the results notepad. When I checked out your requested path via regedit, I found that there was no folder named "Current User Folders", just the "User Shell Folders". Any thoughts.

Also, after running the Kaspersky on-line scanner 7.0, the results showed two virus detected named "not-a-virus..." though the name had more to it (I pressed save but nothing happened and I tried to recall the scan results with negative results), so unless it's detecting a virus from it's own data bank, it seems that I will have to run another scan and write down the results. Then try to locate and remove. Do you know if the results is normal or not? Please advise.

Thank you
TJ

Katana

I didn't think there was a reg key with that name, but that is what you posted so I thought I had better check

Kaspersky is probably finding something in system restore, but if you get a log please post it.

dbf574

dbf574 wrote:

Just a quick observation Katana, after I submitted the last reply to you I went into the Regedit and discovered a change. This is what I found under "My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Current User Folders" that on the Recent line, REG_Expand_SZ (where it's now corrected to include the word EXPAND), in place of %USERPROFILE%\RECENT there is now a row of ten rectangles. Should it be that way?

Confused
TJ

Katana,

Sorry about the mix-up. My entry should have read: "My Computer\HKEY_CURRENT_USER|Software\Microsoft\Windows\User Shell Folders"... but are the 'boxes' in-place of the normal name a problem?

TJ

Katana

Very possibly

dbf574

I've re-run the Kasperwsky Online Scanner and the detected virus was called "not-a-virus:Downloader.Win32.ImLoader.exe". I've removed the files from both locations, re-scaned - clean, rebooted and tried to download Gameshadow with the same error code. Any idea of what I should do next? I've very much appreciated your assistance in this matter;). Oh yeah, I also ran Registry Booster 2 after removing the virus. Also, the program that had the virus is called Incredimail, it's a mail service.

When checking "My Computer\HKEY_CURRENT_USER|Software\Microsoft\Windows\User Shell Folders" and left clicked on Recent, under the Value heading, this is what it listed: "唥䕓偒佒䥆䕌尥敒散瑮". Is this right?

Thank you,
TJ

Katana

Are you sure it is
My Computer\HKEY_CURRENT_USER|Software\Microsoft\Windows\User Shell Folders

and not

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Katana

Are you sure it is
My Computer\HKEY_CURRENT_USER|Software\Microsoft\Windows\User Shell Folders

and not

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

If what you posted was correct, please do the following.
If what I posted was correct then you don't need to do this

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Double click on look.bat

@echo off
if exist C:\klook*.txt del /q C:\klook*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
regedit /e C:\klook1.txt "HKEY_CURRENT_USER|Software\Microsoft\Windows\User Shell Folders"
type C:\klook*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\klook*.txt
del /q %0
exit

Notepad will open, please copy/paste the results here.

dbf574

Yours is correct, I must've been getting tired... sorry about that! Any ideas though on my values observation? Oh, and I had double left-clicked on Recent and got the boxes under the value data heading.

TJ

Katana

Please try this

Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the code box to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Recent"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,00,\
45,00,25,00,5c,00,52,00,65,00,63,00,65,00,6e,00,74,00,00,00

Make sure there are NO blank lines before Windows Registry Editor Version 5.00 and ONE blank line at the end/bottom
Double click on Regfix.reg and click Yes at the prompt

dbf574

Katana,
Everything is all good:). I truly, truly appreciate your patience and all your help. But, I'm just confused on how my registry could have gotten corrupted. But, again, thank you very much.

Thank you
'TJ' Morales

Katana

dbf574 wrote:

But, I'm just confused on how my registry could have gotten corrupted

It is due to a virus that is commonly known as Windows XP.
http://www.annoyances.org/exec/show/article09-115

In all honesty it could be anything that could have caused it, from a power spike to program error.

Is everything OK now ?

dbf574

Katana,
That was pretty good humor (Windows XP);). As for my system, so far - so good. I was finally able to update my Adaware software, load GameShadow and everything went well. I seem to remember the problem starting after I tried to load the software update to a free program (that I've been using for a few years) called Spyware Blaster and after downloading I was warned by my BitDefender 2008 program of a virus that it had quaranteed. I presently don't have the name with me (I'm currently at work), but if it's of any help I could send you the info.
But, please let me stress to you my graditude for all the help you have provided me.

Thank you,
Mr. I. 'TJ' Morales

Katana

I doubt that your problem was caused by an infection, at least, not intentionally.
It was just a glitch that caused it.

If you find the name of what Bitdefender quarantined, let me know

dbf574

Hello Katana,

As listed in the history file, this is the name of the virus that was detected: Generic.Zlob.7.C5EADB94.

Again,
Thank you for everything
TJ

Katana

Zlob is the catch-all name given to fake antispyware programs, I doubt that it was the cause of your trouble

Glad we could be of assistance! This topic is now closed.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead