can only connect google chrome and firefox in safe mode

May 16, 2015 at 07:19:41
Specs: Windows XP
I'm running a desktop computer on xp service pack 3. I can only connect to google chrome and firefox while running in safe mode. I have restored back to an earlier time when it worked ok and still nothing. Any help would be grateful for. Laptops connect ok to router so I'm thinking its not a connection problem and something to do with the desktop.

See More: can only connect google chrome and firefox in safe mode

Report •

#1
May 16, 2015 at 10:07:37
Like many problems these days malware is a possibility - it might not be so active in Safe Mode.

Run these in the order given - all safe, tried and trusted freebies:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

If any of them find anything please copy/paste the logs on here, even if the symptoms go away.

Always pop back and let us know the outcome - thanks


Report •

#2
May 17, 2015 at 03:05:30
Thank you for getting back to me. Do you want me to install and run each item and reboot every time? Or run all of them then reboot?

Report •

#3
May 17, 2015 at 06:58:28
Have downloaded and ran adw cleaner. Downloaded JRT it comes up with the box making a registry backup and checking start menu then it just disappears? Running Malware now and will reboot and go into normal mode and try and run JRT again. Malwarebytes found nothing. Going to reboot and see what happens.

message edited by mardybum


Report •

Related Solutions

#4
May 17, 2015 at 07:36:35
The only application that gave a log file was ADW have posted it here.

# AdwCleaner v4.204 - Logfile created 17/05/2015 at 14:32:25
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : marie - HOME-044C947D50
# Running from : C:\Documents and Settings\marie\My Documents\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\glyn\Start Menu\Programs\Lightspark 0.5.3-git
Folder Deleted : C:\Documents and Settings\glyn\My Documents\Lightspark 0.5.3-git
Folder Deleted : C:\Documents and Settings\marie\Local Settings\Application Data\apn
File Deleted : C:\prefs.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v42.0.2311.152

[C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\kayleigh\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\kayleigh\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2960 bytes] - [17/05/2015 14:27:07]
AdwCleaner[S0].txt - [2919 bytes] - [17/05/2015 14:32:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2978 bytes] ##########


Report •

#5
May 17, 2015 at 08:38:56
Try running JRT again now - it might work as ADW found quite a lot.

It should come up with the black command prompt box which sits there until it has finished. It then puts the log on the desktop. It sometimes looks as if it has stopped but sit tight and it will finish.

"and go into normal mode "
All three run from normal Windows, no need for Safe Mode. Maybe that was the problem with JRT.

Let us know if there is any improvement and paste the JRT log if you get that far.

Always pop back and let us know the outcome - thanks


Report •

#6
May 18, 2015 at 02:48:13
Morning Derek. Deleted and redownloaded JRT. Run it and it sat there got to checking start menu stayed there a while then just went off the screen? No log file left? At the moment I can get in to google chrome haven't tried firefox yet, hubby was just happy to get to his things through normal mode.

Report •

#7
May 18, 2015 at 05:41:18
The fact that there is some improvement points to malware being the issue. It's probably been there some time as ADW found quite a lot despite your System Restore. As JRT didn't run most likely you still have some present - the three programs suggested in #1 are only what I call "first aid".

I will alert another helper (Johnw), who is expert at properly cleaning a computer. If he is available he will suggest further steps to eradicate these "nasties".

Always pop back and let us know the outcome - thanks


Report •

#8
May 18, 2015 at 06:30:32
Hi mardybum, this stuff is like cancer, you have to get it all.

We will remove the nasties layer by layer, just a matter outsmarting them.

Next step.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
http://www.askvg.com/how-to-disable...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed, make sure to re-enable your antivirus.


Report •

#9
May 18, 2015 at 08:17:03
Sorry its taken so long. Lost internet again in normal mode so have been bobbing in and out of safe mode to get what I wanted.

Here is the scan log from rogue killer

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : marie [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 05/18/2015 16:10:50

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] Amazon Music Helper.exe(3280) -- C:\Documents and Settings\marie\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 5 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Not selected
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Not selected
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Not selected
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Not selected
[Suspicious.Path] HKEY_USERS\S-1-5-21-1390067357-2025429265-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run | Amazon Music : "C:\Documents and Settings\marie\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe" [7] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 46 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[12] : Unknown @ 0x89901cd0
[SSDT:Addr(Hook.SSDT)] NtAlertThread[13] : Unknown @ 0x89901d90
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[17] : Unknown @ 0x898ffae0
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[19] : Unknown @ 0x89900e68
[SSDT:Addr(Hook.SSDT)] NtConnectPort[31] : Unknown @ 0x8ac9b290
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[43] : Unknown @ 0x89901a40
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[52] : Unknown @ 0x89900c88
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : Unknown @ 0x89831278
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[57] : Unknown @ 0x89900f48
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : Unknown @ 0x898ffc70
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[83] : Unknown @ 0x898ff940
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[89] : Unknown @ 0x89901b30
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[91] : Unknown @ 0x89901c10
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[97] : Unknown @ 0x8abdb190
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[108] : Unknown @ 0x898ff860
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[114] : Unknown @ 0x89901960
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : Unknown @ 0x898ffe10
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[123] : Unknown @ 0x898ffbb0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[125] : Unknown @ 0x899017a0
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : Unknown @ 0x898ffd40
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[137] : Unknown @ 0x89900d78
[SSDT:Addr(Hook.SSDT)] NtResumeThread[206] : Unknown @ 0x89842d78
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : Unknown @ 0x89901fd0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[228] : Unknown @ 0x898ff6d0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[240] : Unknown @ 0x89901658
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[253] : Unknown @ 0x89901880
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[254] : Unknown @ 0x89901e50
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : Unknown @ 0x898fff28
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[258] : Unknown @ 0x89901f10
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[267] : Unknown @ 0x898ff7a0
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[277] : Unknown @ 0x898ffa10
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[307] : Unknown @ 0x8aacd050
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[383] : Unknown @ 0x883f3050
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[414] : Unknown @ 0x883fc050
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[416] : Unknown @ 0x883e5050
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[428] : Unknown @ 0x88343588
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[460] : Unknown @ 0x883396e0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[475] : Unknown @ 0x882b3700
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[476] : Unknown @ 0x882b3c28
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0x8839b590
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0x882aa228
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionClass : Unknown @ 0xffffffffdd6a1039 (call 0x8d505010)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Classes@TReader@ : Unknown @ 0xffffffffb45933bc (call 0x64500a34)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @Wincodec@GUID_ContainerFormatTiff : Unknown @ 0xffffffffe667d20b (jmp 0x964f0be7)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Jcl150.bpl - @Jclansistrings@TJclAnsiStringList@ : Unknown @ 0x6c4ac960 (call 0x24480048)
[IAT:Inl(Hook.IEAT)] (explorer.exe) rtl150.bpl - @System@ExceptionAcquired : Unknown @ 0xffffffffdd6a1039 (call 0x8d505010)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250820NS +++++
--- User ---
[MBR] 6c75b6391d9acf26e9f0cabc9aedbf47
[BSP] 404149ed08803d637a6e6213cb91a52f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Brother DCP-385C USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_04302015_100727.log - RKreport_DEL_04302015_101052.log - RKreport_DEL_04302015_101123.log - RKreport_DEL_04302015_101144.log
RKreport_SCN_05182015_153024.log - RKreport_DEL_05182015_153236.log - RKreport_SCN_05182015_160055.log


Report •

#10
May 18, 2015 at 15:02:08
"Sorry its taken so long"
No problem.

I'm here.
http://www.timeanddate.com/worldclo...

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw


Report •

#11
May 19, 2015 at 03:34:46
Morning John. Have ran Combofix the log file can be found here http://www58.zippyshare.com/v/83BzF...

Report •

#12
May 19, 2015 at 04:06:11
We are getting there mardybum.

Next step.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#13
May 19, 2015 at 09:30:35
Thank you John I will run it tonight before I go to bed.

Report •

#14
May 20, 2015 at 01:56:02
Sorry John wasnt well last night so had an early night and wasnt trusting hubby to mess up what we have sorted so far! xx

Report •

#15
May 20, 2015 at 03:04:58
Sounds like a good move mardybum. Catch you when you are well.

Report •

#16
May 20, 2015 at 08:03:45
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9eb620a7977d2b499e19fe904b8107e4
# engine=23933
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-20 01:49:10
# local_time=2015-05-20 02:49:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Norton 360'
# compatibility_mode=3596 16777213 100 100 26443184 26526575 0 0
# scanned=303217
# found=3
# cleaned=3
# scan_time=16674
sh=FB595AE8FDFBBAA259D84BE399F2959C218C2F60 ft=1 fh=d9b75d7f29ec9d02 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\admin\My Documents\Downloads\disk-defrag-setup.exe"
sh=AD0A3C863C4C1C8A89BA608C09641E6D6577B4C4 ft=1 fh=81f1eef43efab2d1 vn="a variant of Win32/Bundlore.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\glyn\My Documents\Downloads\setup.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\marie\My Documents\Downloads\ccsetup505.exe"

Report •

#17
May 20, 2015 at 16:47:12
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using ZippyShare.

Report •

#18
Report •

#19
May 21, 2015 at 02:54:14
Copy & Paste the text below ( Starting > closeprocesses: Finishing > 2014-07-18 13:28 ) save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-2025429265-839522115-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
S3 catchme; \??\C:\DOCUME~1\marie\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S3 smserial; system32\DRIVERS\smserial.sys [X]
U3 TlntSvr; No ImagePath
2012-03-11 12:56 - 2014-11-12 16:15 - 0100864 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:28 - 2014-07-18 16:41 - 0001940 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#20
May 21, 2015 at 06:06:42
Is this what you want me to copy upto john? closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-2025429265-839522115-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
S3 catchme; \??\C:\DOCUME~1\marie\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S3 smserial; system32\DRIVERS\smserial.sys [X]
U3 TlntSvr; No ImagePath
2012-03-11 12:56 - 2014-11-12 16:15 - 0100864 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:28

Report •

#21
May 21, 2015 at 06:39:30
"Is this what you want me to copy upto john?

All of this line.

2014-07-18 13:28 - 2014-07-18 16:41 - 0001940 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini


Report •

#22
May 22, 2015 at 02:46:19
John Im getting this message when I click on fix.................................No fixlist found the fixlist text should be in the same folder/ directory the tool is located in.

Both on desktop?
What have I done wrong?


Report •

#23
May 22, 2015 at 02:53:16
"What have I done wrong?"
Make sure FRST is the .exe

Report •

#24
May 22, 2015 at 02:56:44
in properties its telling me it is the application? Cant find anything else?

Report •

#25
May 22, 2015 at 03:07:28
Did you try running it as Administrator?

Report •

#26
May 22, 2015 at 03:37:23
my account is administrator?

Report •

#27
May 22, 2015 at 03:40:15
If i download frt again will it cause any problems to what we have already done? Changed my download destination to desktop for now?

Report •

#28
May 22, 2015 at 04:07:33
Done it John, here is the result of the fix scan Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by marie at 2015-05-22 11:59:47 Run:2
Running from C:\Documents and Settings\marie\Desktop
Loaded Profiles: marie (Available profiles: admin & glyn & kayleigh & michael & marie & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2014-07-18 13:28 - 2014-07-18 16:41 - 0001940 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
*****************

"C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini" => File/Directory not found.

==== End of Fixlog 11:59:47 ====


Report •

#29
May 22, 2015 at 04:14:36
Ok, you got the hang of it now, need to run it again, this is the script.

closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-2025429265-839522115-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
S3 catchme; \??\C:\DOCUME~1\marie\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S3 smserial; system32\DRIVERS\smserial.sys [X]
U3 TlntSvr; No ImagePath
2012-03-11 12:56 - 2014-11-12 16:15 - 0100864 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:28 - 2014-07-18 16:41 - 0001940 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini


Report •

#30
May 22, 2015 at 04:57:50
copy and paste all of it?

Report •

#31
May 22, 2015 at 05:28:30
"copy and paste all of it?"
Yep.

Report •

#32
May 22, 2015 at 06:37:44
John this is the second run of it, the first 1 I did was in safe mode I forgot I was in it sorry.

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by marie at 2015-05-22 14:11:05 Run:4
Running from C:\Documents and Settings\marie\Desktop
Loaded Profiles: marie (Available profiles: admin & glyn & kayleigh & michael & marie & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-2025429265-839522115-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
S3 catchme; \??\C:\DOCUME~1\marie\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
S3 smserial; system32\DRIVERS\smserial.sys [X]
U3 TlntSvr; No ImagePath
2012-03-11 12:56 - 2014-11-12 16:15 - 0100864 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:28 - 2014-07-18 16:41 - 0001940 _____ () C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1390067357-2025429265-839522115-1008\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKCR\PROTOCOLS\Handler\livecall => Key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
HKCR\PROTOCOLS\Handler\msnim => Key not found.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
catchme => Service not found.
IntelIde => Service not found.
SBRE => Service not found.
smserial => Service not found.
TlntSvr => Service not found.
"C:\Documents and Settings\marie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Directory not found.
"C:\Documents and Settings\marie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini" => File/Directory not found.
EmptyTemp: => Removed 18 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:11:23 ====

message edited by mardybum


Report •

#33
May 22, 2015 at 06:41:24
Off to bed for me now, catch you in the morning.

Remove/delete your copy of Junkware Removal Tool, then download the latest version.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#34
May 22, 2015 at 07:40:27
Night John x Had problems when I tried JRT first time and still wont run for me?

Report •

#35
May 22, 2015 at 15:28:44
" I tried JRT first time and still wont run for me?"
Obviously not normal & something I am trying to address. Could be many things & maybe tied in with your browser problem.

Please download Rkill from any one of these links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your reply.
http://www.bleepingcomputer.com/dow...
Double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Update malwarebytes & run again
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Report •

#36
May 23, 2015 at 07:56:49
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/05/2015
Scan Time: 14:46:57
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.23.01
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: marie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 545544
Time Elapsed: 36 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.AZLyrics.A, C:\Documents and Settings\glyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [29e4fc9ba6e4b48212b28c657c878f71],
PUP.Optional.AZLyrics.A, C:\Documents and Settings\glyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [4ac3890efe8c81b5f8cc7879d82b936d],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#37
May 23, 2015 at 07:57:31
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 05/23/2015 02:42:13 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\IoctlSvc.exe (PID: 1724) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/23/2015 02:43:20 PM
Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s)


Report •

#38
May 23, 2015 at 17:04:13
Have you Shut down your protection software now to avoid potential conflicts?
Are you right clicking on the JRT exe on your desktop & clicking on > Run as administrator?
http://i.imgur.com/CLiwZlE.gif
Are you getting this screen?
http://i.imgur.com/NObcXGy.gif

Once again, remove/delete your copy of Junkware Removal Tool, then download the latest version, which has just come out today.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#39
May 25, 2015 at 03:20:05
turned off firewall and antivirus. When I click on the run as i don't get the option to run as administrator I get a box with my account, admin, and hubbys. If I click on the admin it wants a password which I dont have 1? Jrt runs as far as checking start menu then it goes away? Something I'm doing wrong John? Still can't run computer online in normal mode?

Report •

#40
May 25, 2015 at 04:25:13
Tried in all accounts to run jrt it ran, creating backup then checking startup. Saw it come up with a few lines of what it was scanning then it just disappeared? Have found this log file from the last scan I tried to run for the backup don't know if it is any use to you or not?

[25/05/2015 - 12:16:52] System Variables
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------
[25/05/2015 - 12:16:52] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[25/05/2015 - 12:16:52] VSS exe To Use: vss_xp.exe
[25/05/2015 - 12:16:52] Windows Drive: C:
[25/05/2015 - 12:16:52] Windows Folder: WINDOWS
[25/05/2015 - 12:16:52] Windows Path: C:\WINDOWS
[25/05/2015 - 12:16:52] Registry File Location: C:\WINDOWS\System32\Config
[25/05/2015 - 12:16:52] Current Profile: C:\Documents and Settings\admin
[25/05/2015 - 12:16:52] Current Profile SID: S-1-5-21-1390067357-2025429265-839522115-1004
[25/05/2015 - 12:16:52] Current Profile Classes: S-1-5-21-1390067357-2025429265-839522115-1004_Classes
[25/05/2015 - 12:16:52] Profiles Location: C:\Documents and Settings
[25/05/2015 - 12:16:52] Profiles Location 2: C:\WINDOWS\ServiceProfiles
[25/05/2015 - 12:16:52] Local Settings AppData: Local Settings\Application Data
[25/05/2015 - 12:16:52] Computer Name: HOME-044C947D50
[25/05/2015 - 12:16:52] OS: Microsoft Windows XP (32-bit)
[25/05/2015 - 12:16:52] OS Architecture: 32-bit
[25/05/2015 - 12:16:52] OS Version: 5.1.2600
[25/05/2015 - 12:16:52] OS Service Pack: Service Pack 3
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------

[25/05/2015 - 12:16:52] Backup Location: C:\RegBackup\

[25/05/2015 - 12:16:52] Silent command given, program will close after backup.

[25/05/2015 - 12:16:52] Auto Delete Old Backups Enabled, Working...
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------

[25/05/2015 - 12:16:52] Starting Backup...

[25/05/2015 - 12:16:52] Files To Backup:
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------
[25/05/2015 - 12:16:52] C:\WINDOWS\System32\Config\default
[25/05/2015 - 12:16:52] C:\WINDOWS\System32\Config\sam
[25/05/2015 - 12:16:52] C:\WINDOWS\System32\Config\security
[25/05/2015 - 12:16:52] C:\WINDOWS\System32\Config\software
[25/05/2015 - 12:16:52] C:\WINDOWS\System32\Config\system
[25/05/2015 - 12:16:52] C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\admin\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\Administrator\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\Default User\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\glyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\glyn\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\kayleigh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\kayleigh\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\LocalService\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\marie\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\michael\ntuser.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:52] C:\Documents and Settings\NetworkService\ntuser.dat
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------

[25/05/2015 - 12:16:52] Backing Up Files...:
[25/05/2015 - 12:16:52] --------------------------------------------------------------------------------
[25/05/2015 - 12:16:52] Using Fallback Backup Method.

[25/05/2015 - 12:16:52] Backing Up File: C:\WINDOWS\System32\Config\default
[25/05/2015 - 12:16:52] Result: Successful (4.74 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\WINDOWS\System32\Config\default

[25/05/2015 - 12:16:52] Backing Up File: C:\WINDOWS\System32\Config\sam
[25/05/2015 - 12:16:52] Result: Successful (28.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\WINDOWS\System32\Config\sam

[25/05/2015 - 12:16:52] Backing Up File: C:\WINDOWS\System32\Config\security
[25/05/2015 - 12:16:52] Result: Successful (60.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\WINDOWS\System32\Config\security

[25/05/2015 - 12:16:52] Backing Up File: C:\WINDOWS\System32\Config\software
[25/05/2015 - 12:16:54] Result: Successful (48.08 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\WINDOWS\System32\Config\software

[25/05/2015 - 12:16:54] Backing Up File: C:\WINDOWS\System32\Config\system
[25/05/2015 - 12:16:54] Result: Successful (7.36 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\WINDOWS\System32\Config\system

[25/05/2015 - 12:16:54] Backing Up File: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:54] Result: Successful (732.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:54] Backing Up File: C:\Documents and Settings\admin\ntuser.dat
[25/05/2015 - 12:16:54] Result: Successful (6.70 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\admin\ntuser.dat

[25/05/2015 - 12:16:54] Backing Up File: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:55] Result: Successful (256.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\Administrator\ntuser.dat
[25/05/2015 - 12:16:55] Result: Successful (768.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\Administrator\ntuser.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\Default User\ntuser.dat
[25/05/2015 - 12:16:55] Result: Successful (224.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\Default User\ntuser.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\glyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:55] Result: Successful (348.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\glyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\glyn\ntuser.dat
[25/05/2015 - 12:16:55] Result: Successful (9.50 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\glyn\ntuser.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\kayleigh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:55] Result: Successful (256.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\kayleigh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\kayleigh\ntuser.dat
[25/05/2015 - 12:16:55] Result: Successful (9.25 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\kayleigh\ntuser.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:55] Result: Successful (8.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\LocalService\ntuser.dat
[25/05/2015 - 12:16:55] Result: Successful (228.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\LocalService\ntuser.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:55] Result: Successful (784.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:55] Backing Up File: C:\Documents and Settings\marie\ntuser.dat
[25/05/2015 - 12:16:56] Result: Successful (12.75 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\marie\ntuser.dat

[25/05/2015 - 12:16:57] Backing Up File: C:\Documents and Settings\michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:57] Result: Successful (256.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:57] Backing Up File: C:\Documents and Settings\michael\ntuser.dat
[25/05/2015 - 12:16:57] Result: Successful (5.75 MB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\michael\ntuser.dat

[25/05/2015 - 12:16:57] Backing Up File: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[25/05/2015 - 12:16:57] Result: Successful (8.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[25/05/2015 - 12:16:57] Backing Up File: C:\Documents and Settings\NetworkService\ntuser.dat
[25/05/2015 - 12:16:57] Result: Successful (224.00 KB) - C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\C\Documents and Settings\NetworkService\ntuser.dat

[25/05/2015 - 12:16:57] Total Size: 108.20 MB

[25/05/2015 - 12:16:57] --------------------------------------------------------------------------------

[25/05/2015 - 12:16:57] Creating DOS restore bat file for use in the Windows Recovery Console:
[25/05/2015 - 12:16:57] --------------------------------------------------------------------------------
[25/05/2015 - 12:16:57] Done: C:\RegBackup\HOME-044C947D50\25.05.2015_12.16.52\dos_restore.cmd
[25/05/2015 - 12:16:57] --------------------------------------------------------------------------------


Report •

#41
May 25, 2015 at 06:17:40
Been out mardybum, can't spot anything that gives me the clues needed, shall start again when I'm fresh, Tuesday morning.

Report •

#42
May 25, 2015 at 06:27:31
Before I go to bed, see if this can sort things out, I will check the result in the morning.

Lazesoft Recovery Suite Home Edition
http://www.softpedia.com/get/System...
http://www.lazesoft.com/lazesoft-re...
Tutorials
http://www.lazesoft.com/guide.html
Screenshot ( SS )
http://i.imgur.com/4HXqQKS.jpg
How to Boot a Computer from a Lazesoft Recovery USB Device
http://www.lazesoft.com/create-a-bo...


Report •

#43
May 26, 2015 at 03:51:26
So i download this to a disk or my external hard drive and boot up from that? Scares me things like this, sorry if i'm dithering! x

Report •

#44
May 26, 2015 at 03:57:13
You download it, put it on a thumb drive & reboot.

Report •

#45
May 26, 2015 at 04:00:52
ok thank you john x

Report •

#46
May 27, 2015 at 04:02:29
Sorry im taking so long doing this John I really do appreciate you taking your precious time to help me out. Stupid question time.... Have downloaded the lazesoft installer to my desktop, do I install it then put what is installed on my thumb drive or do I put the installer on it and reboot or the programme that I install? Sorry Im not much good at the moment xx

Report •

#47
May 27, 2015 at 04:10:34
1: Plug a clean thumb drive into a USB port.

2: Double click the lazesoft installer & it will install on the thumb drive.

3: Leave the thumb drive plugged in & reboot.

4: Follow the prompts.


Report •

#48
May 27, 2015 at 04:27:35
Plugged in thumb drive, double clicked the installer, wasn't showing to install on thumb drive. Browsed to where the thumb drive was and chose to install to thumb drive. Installed on thumb drive, rebooted and it just booted up normally?

Report •

#49
May 27, 2015 at 04:29:38
"rebooted and it just booted up normally?"
Ok, go into the bios & change the boot order.

Thumb drive must be First.

message edited by Johnw


Report •

#50
May 27, 2015 at 04:38:44
How do i go into bios?

Report •

#51
May 27, 2015 at 04:41:55
loadup and hit delete then go through bios ?

Report •

#52
May 27, 2015 at 04:43:33
Opp's, we seem to run into the limit of your skill level.

Do you know anyone who can sit with you & show how to do the bios & lazesoft?


Report •

#53
May 27, 2015 at 04:52:40
No nobody :(

Report •

#54
May 27, 2015 at 05:09:24
Ok, in your situation, it is not the time to start learning about the bios & using lazesoft.

All this can be achieved by googling how to get into & adjust the boot order in the bios & reading the lazesoft help files.
It will be challenging, but it has to be learned.

Other than that, make sure you have all you important stuff ( Including your address book ) backed up & reinstall XP.


Report •

#55
May 27, 2015 at 05:10:57
"loadup and hit delete then go through bios ?"
Maybe, did you try it?

Report •

#56
May 27, 2015 at 05:13:09
screen disappeared to fast, I am googling as we type John. If we reinstall xp will we still get all the updates we need with it having been taken off support? x

Report •

#57
May 27, 2015 at 05:18:23
"will we still get all the updates we need with it having been taken off support?"
Yes mardybum, they are all still there, just no new ones.

Don't rush installing XP, lot of homework to be done.

Did you get into the bios?


Report •

#58
May 27, 2015 at 05:20:33
Not yet no. I will leave you a message and let you know how I get on. Thank you for being so patient with me John xx

Report •

#59
May 27, 2015 at 05:23:35
Forgot you have a laptop, what is the EXACT model?

Report •

#60
May 27, 2015 at 05:28:04
the problem isn't with the laptop its with the main desktop computer.

Report •

#61
May 27, 2015 at 05:34:08
"the problem isn't with the laptop its with the main desktop computer"
Is that a brand name? if so EXACT model please.

Report •

#62
May 27, 2015 at 05:42:57
The desktop has had new mother boards etc in the tower that we have got. the tower is an Acer Aspire. my laptop is a dell vostro 1520

Report •

#63
May 27, 2015 at 05:53:53
Run this.

Free PC Audit
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Free-P...
http://www.freewarefiles.com/screen...
http://www.misutilities.com/free-pc...

When it is finished.

File > Save as.

Put any name you like for the file & save it to your desktop.

Then upload it using Zippy.

http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#64
May 27, 2015 at 06:08:04
heres the file John http://www9.zippyshare.com/v/8hLk62...

Report •

#65
May 27, 2015 at 06:18:44
Perfect mardybum, 10 out 10, we now have a record of your important hardware & software.

Bed time for me soon, do you want to know any more before you try the bios & lazesoft?

message edited by Johnw


Report •

#66
May 27, 2015 at 06:22:07
http://www8.zippyshare.com/v/lhzvAY...


http://www8.zippyshare.com/v/ivkRaA...

these are the other files from the other tabs which ran


Report •

#67
May 27, 2015 at 06:23:51
No you go to bed and i will see what i can sort out while your sleeping xx

Report •

#68
May 31, 2015 at 06:34:32
John sorry I haven't been in contact past few days. I suffer from depression and its been a battle to get out of bed these past few days. I did send you a PM but i'm guessing you didnt get it? Im not sure I sent it the right way to be honest. Can you contact me please when you get chance. Many thanks xxx

Report •

Ask Question