I have 3 files in the registry editor under HKey_Local_Machine
& in the Runonce section that are a problem one is a Syminstallstub that the statup is trying to find and can,t so it sits until given permission to continue now I can modify these files but cannot delete, I have tried under normal conditions to delete but no good,
Then under safe mode with various viris scanners, also registry cleaner and Hijack also to no avail these files just won't go I would like to delete these these files if possible when I try to delete they seem to delete because the system does not refuse to delete but when I proceed to another function and come back to runonce section they have returned by the way the O.S. I am using is XP.
  1. Did you disable System Restore?
  2. Thanks for the reply No I had not disabled System restore but having done that it made no difference I still cannot delete this file.
    Just a question has anyone tried any of the registry removing software that is available on the web and what success have you had ?.
  3. It should work if you disable System restore and reboot before deleting the files (unless you are referring to registry entries and not files on the disk which is totally different).
  4. The files I am refering too exist in the registry editor -HKEY_LOCAL_MACHINE.
    Software-Microsoft-Windows-Current user-Runonce
    Name Type Data
    ab Syminstall REG_SZ C:\Documents~1\user\Locals~1\Temp\Sym
    That is where the file is and the type.
    Again thanks for the reply and appreciate the help actually I thought that system restore nearly fixed the problem but it came back can there be a sub entry of the problem file.
  5. Search for additional entries in the registry. System restore should be disabled until you have the issue resolved.
  6. Explain what happens here exactly. You can't delete them at all? If not what does is say? That they are in use? Access Denied?

    Or that you can delete them but they come back after a while?

    And do you mean you can't delete the files off the drive or the registry keys?

    You may want to boot up in safe mode, log on as a local admin, go into the "user" directory, backup My Documents, Favorites and Desktop. Then MOVE that user directory into an external drive.

    Delete that account from Windows. Create a new account to use, see what happens then. You can copy the 3 folders you copied back to the new user account.
  7. I can't delete the files of the registry keys, when I try to delete the files there is no comment they delete but when I go to another Key or file and come back to runonce which is a sub key the file is back and I have tried various attacks on this file in safe mode something similiar to your suggestion and others but it comes back and when I restart the PC it won't proceed until it finds this file or I acknowledge with a OK then it proceeds as normal there are also 2 other files in the same subkey Runonce that effect the facepage of firefox but I created a new profile and transfered the face page I wanted and that has overcome that problem even though the problem file is still there in the registry.
  8. Make sure you delete the old profile, after you get your documents over. Whatever virus is there is in the profile files. Also you can try to kill the rights on the RunOnce key, it's not used too often. Right-click on it, and remove all rights to it except for your new account. Take note of what the rights were before, you may need to revert it back for some things.
  9. The problem file is still there, when I delete the problem files in safe mode, on the first restart the PC reboots normally but on the next restart it returns and the PC is looking for the problem file and won't continue until I ok the error this is very frutrating again thanks for the reply.
  10. What is the best way to find addional entries in the registry editor for the problem values, I have tried search but it only gives the one in runonce, because I noticed there are several in the root key that are just key numbers which don't correspond word for word but could still be relevant?
  11. If you can't find them with search, then they don't exist or you don't have the rights to view them. Wouldn't it be easier to simply restore from the last good complete backup?
  12. I tried restore as far back as I could but the problem won't go away.
  13. Your system restore should not have worked at all if you shut it off as recomended in the starting posts, that should delete the existing restore points. Viruses tend to stick in the restore files, which is why we have this shut off in all of our work PCs, and I also have it shut off on my own computers at home.

    What program did you use to try to clean this out? Did you delete the user account where that temp file is at? Run Malwarebytes, and run the Avira Antivir rescue disk (make the CD, boot from it, run the scan). If this does not work, you may want to just re-install Windows and wipe the drive.
  14. You're saying that your system already had that issue when the last full system backup was performed? Do you have access to an IT person who could possibly look into your issue?
