Can't open Internet Options. The box disappears immediately

December 14, 2014 at 11:11:06
Specs: Windows XP Pro x64
In IE x64-Bit, I can't open Tools>Internet Options. I read here: "If you have Spybot Search & Destroy installed open it click Mode, choose Advanced Mode, click Tools, click IE Tweaks, uncheck "Lock IE control panel against opening from within IE etc.".

When I chose Advanced Mode, a box opens and asks me if I want to do this. I click Yes and it disappears. A box doesn't open for me to Tweak. Is there another way to do this or another method to get Internet Options to open again?

message edited by Hartful


See More: Cant open Internet Options. The box disappears immediately

Report •


#1
December 14, 2014 at 11:37:52
If you can download Ultra virus killer by Carified, install it and run it. Click on "System Repair" Icon, then tick "Reset IE and internet settings", then click "run selected apps/fixes. See if that resolves the issue, link below.

http://www.carifred.com/uvk/

To err is human but to really screw things up, you need a computer!


Report •

#2
December 14, 2014 at 13:44:09
I assume you have you have Spybot Search & Destroy installed. In which case if that is locking it you could try uninstalling it then installing it again later.

With SpyBot S&D uninstalled you could go to IE > Tools > Internet Options > Advanced, then hit the Reset button. This will preserve Favorites but lose add-ons. However add-ons will come back with time or can be selected again if they are specials.

As an aside, from a security standpoint you should not really be using IE, except for the very rare Windows update. These two notes might be of interest:

http://www.computing.net/howtos/sho...

http://www.computing.net/howtos/sho...


Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#3
December 15, 2014 at 06:00:24
I thought of uninstalling SpyBot last night but it didn't help. I still couldn't open Internet Options.

I just ran Ultra virus killer but it didn't fix the problem.

I now think that this problem might have to do with SearchAssist.net. I was trying to update Adobe Reader when SearchAssist.net first appeared. I ran Spybot S&D, SuperAntiSpyware, JRT - Junk File Removal Tool and Security Check. Spybot and SuperAS found nothing. JRT and Security Check ran and supposedly removed SearchAssist.net:
But I still have the problem. When I open a new tab in Firebox, it automatically opens to SearchAssist.net. I changed my home page back to Google and that works fine. I still can't open Internet Options in IE.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x64
Ran by Administrator on Sun 12/14/2014 at 13:30:58.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA1BE292-1D15-488B-934D-008742212380}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D01EF2D8-BE7A-4C3B-8053-B7959714AD54}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED5B67D-3E39-4432-BD75-6A1434E09472}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DED5B67D-3E39-4432-BD75-6A1434E09472}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED5B67D-3E39-4432-BD75-6A1434E09472}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DED5B67D-3E39-4432-BD75-6A1434E09472}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\BetterMarkIt_wd.job
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\drivergenius"
Successfully deleted: [Folder] "C:\Program Files (x86)\hosts"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\rnxe1pti.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.searchassist.net/?p=t&m=639&c=d&s=sp");
user_pref("browser.search.defaultthis.engineName", "Web Search");
user_pref("browser.search.defaulturl", "hxxp://www.searchassist.net/search?p=s&q={searchTerms}&m=639&c=d&s=sp");
user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.70\",\"d\":\"032414\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_U
user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi
user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://24x7homesecurity.com/\",\"hxxp://8tracks.com/\",\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp:
user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp:/
user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%2
user_pref("keyword.URL", "hxxp://www.searchassist.net/search?p=s&q=");
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\rnxe1pti.default\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/14/2014 at 13:33:27.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

Related Solutions

#4
December 15, 2014 at 08:51:21
First make sure you have no unwanted goodies in Control Panel > Add-Remove Programs.

There are a couple more freebies that can root out things and would be worth a shot:

ADWCleaner from blue download button at top of this page:
http://www.bleepingcomputer.com/dow...
Like JRT this just runs from the file. It has a Scan & Clean.

MalwareBytes from green button top right here:
http://filehippo.com/download_malwa...
Uncheck the trial during install, the free version is fine. Get any updates first then go to "Settings > Detection and Protection" and put a check mark in 'Scan for rootkits'.

Keep both logs and/or paste them on here as before.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
December 15, 2014 at 12:29:08
" JRT and Security Check ran and supposedly removed SearchAssist.net:"
Once you have these type of problems, we have to dismantle them bit by bit, layer by layer.

No one tool can accomplish that, many tools are needed. Tools are still the best way to achieve the clean up.

Even after running ADWCleaner & Malwarebytes, more will be needed to be done.


Report •

#6
December 15, 2014 at 13:24:58
Johnw
Thanks for inputting. I had a feeling you were away for a while so I delayed bringing this post to your attention.

Always pop back and let us know the outcome - thanks


Report •

#7
December 15, 2014 at 13:34:00
That's Ok Derek, I was away.

You are ontrack anyway, once we get the next 2 logs, we can go from there.


Report •

#8
December 15, 2014 at 17:59:26
DriverGenius is a program that I bought a few years ago for driver updates. It hasn't done me much good but I don't want to uninstall it unless it's necessary.
AdTrustMedia is a watchdog program that I had installed but it got uninstalled yesterday (somehow).


AdwCleaner txt:

# AdwCleaner v4.105 - Report created 15/12/2014 at 20:48:49
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - KINGKONG
# Running from : C:\Documents and Settings\Administrator\My Documents\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\AdTrustMedia
[x] Not Deleted : C:\Program Files\AdTrustMedia
[x] Not Deleted : C:\Documents and Settings\Administrator\My Documents\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\AdTrustMedia

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\better_markit
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R2].txt - [7974 octets] - [15/12/2014 14:21:31]
AdwCleaner[S2].txt - [6699 octets] - [15/12/2014 20:48:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6759 octets] ##########


Report •

#9
December 15, 2014 at 18:08:04
MalwareBytes report:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2014
Scan Time: 9:03:00 PM
Logfile: MWB2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.15.06
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323300
Time Elapsed: 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

message edited by Hartful


Report •

#10
December 15, 2014 at 18:09:58
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif

Report •

#11
December 15, 2014 at 18:21:37
MBAM found 2 problems, both PUP.OPTIONAL.CROSSRIDER. I took a screenshot of it before I "told" MBAM to "Quarantine All." I read the MBAM report and it notes that nothing was found. I don't understand that.

EDIT: (MBAM 2nd report)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2014
Scan Time: 9:03:00 PM
Logfile: MBAM3.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.15.06
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323300
Time Elapsed: 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CrossRider.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\USER DATA\Default\DATABASES\CHROME-EXTENSION_JNEAOJAOIAJHNEMIDNJHOEMPALNIDBHJ_0, Quarantined, [28fa7be8691356e0956ac2856f94d030],

Files: 1
PUP.Optional.CrossRider.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\USER DATA\Default\DATABASES\CHROME-EXTENSION_JNEAOJAOIAJHNEMIDNJHOEMPALNIDBHJ_0\3, Quarantined, [28fa7be8691356e0956ac2856f94d030],

Physical Sectors: 0
(No malicious items detected)


(end)

message edited by Hartful


Report •

#12
December 15, 2014 at 18:25:33
I had Chrome installed a couple of years ago but I didn't like it so I uninstalled it. Is there a reason Chrome files are still in my pc? Can they be deleted?

Report •

#13
December 15, 2014 at 18:27:16
" I read the MBAM report and it notes that nothing was found"
That's normal when it doesn't find a virus.
PUP's cause plenty of trouble as you have found out.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#14
December 15, 2014 at 18:32:35
"Rootkits: Disabled"
Go to post #4 & follow the instruction.

We will run Malwarebytes again, further down the track.


Report •

#15
December 15, 2014 at 18:34:05
" Is there a reason Chrome files are still in my pc? Can they be deleted?"
Shall deal with that later. Small steps.

Report •

#16
December 15, 2014 at 19:09:17
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Server 2003 (5.2.3790 Service Pack 2) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Delete -- Date : 12/15/2014 22:07:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SkyTel : SkyTel.EXE [7] -> Deleted
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.SearchAssist.net/?p=h&m=... -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1560305870-1003223559-3566357663-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\WINDOWS\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) KERNEL32.dll - RtlMoveMemory : Unknown @ 0xfffffffffffdc182 (jmp dword near [0xfffdc182])

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++
--- User ---
[MBR] ffd5c5037a2bb704984c3e3ac09a5471
[BSP] 99c33136d493688c71253d13dc0b4c20 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 35000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 71682030 | Size: 918866 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EURS-63S48Y0 +++++
--- User ---
[MBR] da260dbf1ce597eeacbccf66cf1a7f5f
[BSP] 4212a4690bb8ef74128035d0f8fbcb7c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD20EURS-73TLHY0 +++++
--- User ---
[MBR] c05861f9ac0a191d8cf159a414ef8f57
[BSP] 6a8cbe78ddd221014973882f9f275c8f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD20EURS-63S48Y0 +++++
--- User ---
[MBR] ea839b7376c1a49df15aa0dc751d5d1f
[BSP] eb15cd2c514a9deeb93c86f9673ea479 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: WDC WD1001FALS-00J7B SCSI Disk Device +++++
--- User ---
[MBR] ac77c185595cfa0d849cf883c62207bb
[BSP] 73ac9ac57eb989e79088f0ae29f63aeb : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive5: WDC WD20EURS-73TLHY0 SCSI Disk Device +++++
--- User ---
[MBR] f5891f04e4b23e52846c37dd5cdb2856
[BSP] ec31b6eccc2c9c9a5e4181cead873817 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive6: WDC WD1002FAEX-00Z3A SCSI Disk Device +++++
--- User ---
[MBR] f3151306888147069a4a98d760d389bf
[BSP] b8e061f445696c20c222aabfe70d912a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive7: WDC WD1001FALS-75J7B SCSI Disk Device +++++
--- User ---
[MBR] b7e7699a0e70abdf73860ec8b5e88e46
[BSP] 0314fccf25ab58391de43aa1362e1e65 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive8: WDC WD1001FALS-75J7B SCSI Disk Device +++++
--- User ---
[MBR] 6a05599d885a6dfcb2a2281124c0910b
[BSP] 0e695f02767431b75202608b3fc9932c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive9: WDC WD1001FALS-00J7B SCSI Disk Device +++++
--- User ---
[MBR] 9b747da65d5e5500129a95dcdae75efc
[BSP] 8df104b2374182b28f1539eeb534ec29 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive10: WDC WD20EARX-008FB0 SCSI Disk Device +++++
--- User ---
[MBR] 5d9a0ab0eb3094e37811d4233b28bfa7
[BSP] ab6ee09c056fc9e9eac6acc64faed1d0 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive11: WDC WD1002FAEX-00Z3A SCSI Disk Device +++++
--- User ---
[MBR] e7f7c810360d3480027a76a5101567bd
[BSP] 57b06639f292fd504c4df7f9b99cfbe6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


============================================
RKreport_SCN_12152014_215944.log


Report •

#17
December 15, 2014 at 19:22:06
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#18
December 15, 2014 at 19:34:13
Derek: "As an aside, from a security standpoint you should not really be using IE, except for the very rare Windows update. These two notes might be of interest:

http://www.computing.net/howtos/sho...

http://www.computing.net/howtos/sho...

I mainly use Firefox but, on rare occasions, I can't open links in Firefox. I then use IE to open the link, copy the address and paste it into Firefox address bar. JC Penny pictures won't open in Firefox, only in IE. RetailMeNot promo codes won't open in Firefox either, only in IE.

I can't get anymore updates from MS. They stopped supporting XP a few months ago even tho XP Pro x64 came out only a few years ago. If you ask me, they never supported it in the beginning much either. Vista was given all their attention.

It's about my bedtime now. I'll be back in about 8-9 hours. I'll be able to spend an hour or two here before I run to work.


Report •

#19
December 15, 2014 at 19:52:41
MBAM Report #2 with "Scan for Rootkits" checked:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2014
Scan Time: 10:39:08 PM
Logfile: MBAM 2 Report with 'Scan for Rootkits' checked.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.16.01
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323796
Time Elapsed: 10 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#20
December 16, 2014 at 02:35:54
None of the links for ComboFix are for XP x64.

Report •

#21
December 16, 2014 at 02:42:13
Refer this SS.
http://i.imgur.com/ytLCXzk.gif

Report •

#22
December 16, 2014 at 02:48:29
The message I get is when I double click on the icon:

"This operating system is not supported!
ComboFix only runs on:

*Windows XP (32bit)
*Windows Vista (32/64 bit)
*Windows 7 (32/64 bit)
*Windows 8 (32/64 bit)

Windows 2000 is no longer supported"

message edited by Hartful


Report •

#23
December 16, 2014 at 02:54:30
Ok, that means the author has now cut out support for your version of XP.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#24
December 16, 2014 at 03:12:02
The ESET direction are extremely complicated!:

"ESET SysRescue makes use of Microsoft Windows Automated Installation Kit (WAIK), a tool to create stand-alone “pre-installation” versions of Microsoft Windows that can be started from bootable media.

To download WAIK click here (Windows Vista SP1, Windows XP, Windows Server 2008) or here (Windows 7). The file is approximately 1.3GB (Vista SP1, Server) or 1.7GB (Windows 7) in size and is in .iso (recordable DVD) format. To install WAIK, you will need to either burn the file to a DVD±R disc, or use a virtual DVD program to access it.


If you are using Windows XP or earlier, you must also install Windows IMAPI 2.0 (Image Mastering API) before creating your ESET SysRescue media. Click here to access the download page.
Due to limitations in Windows AIK, an ESET SysRescue cannot be created with the 64-bit version of ESET Smart Security or ESET NOD32 Antivirus. Click here to learn how to create an ESET SysRescue on a 64-bit computer.
Check with your computer or motherboard manufacturer to see if your system supports booting from a USB flash drive.
You may have to download and install other files before installing the Windows Automated Installation Kit, depending on which version of Microsoft Windows and which other applications are installed on your computer.
The SysRescue file requires 512MB of free space on your CD, DVD or USB flash drive."


Is there no other program I can use?


Report •

#25
December 16, 2014 at 03:19:00
Hopefully it should be super simple, all the other stuff is if you have a problem.
http://www.eset.com/int/home//produ...
http://i.imgur.com/F9Kq4gY.gif

Report •

#26
December 16, 2014 at 03:49:05
I can't find the button to start the ESET scanner on the website

Report •

#27
December 16, 2014 at 03:52:47
Go to my previous post & click on the last link.

Report •

#28
December 16, 2014 at 03:54:46
Ok, try this link.

http://www.eset.com/us/online-scann...


Report •

#29
December 16, 2014 at 04:04:07

The scan has been running for 8 minutes and it's still at 1%. It's going to take a while.

Report •

#30
December 16, 2014 at 04:09:20
Yep & I'm going offline now.

Shall check how it went later.


Report •

#31
December 16, 2014 at 06:18:36
ESET Report:

C:\Documents and Settings\All Users\Application Data\Avira\My Avira\Temp\antivirus.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{636D5E3F-A0BD-498E-BC08-1CB213D1C1D9}\RP1080\A0280540.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined


Report •

#32
December 16, 2014 at 06:43:12
I still have http://www.searchassist.net/search?... open when I open a new tab. It doesn't open when I first open Firefox though. When SearchAssist.net opens, WOT doesn't display its ratings.

I still get a warning icon just prior to the address bar. It says "Firefox has prevented the outdated plug-in Adobe Flash from running on www.computing.net." This is the warning that I first responded to in order to update Adobe. Updating Adobe caused SearchAssist.net to be installed on my pc.

Edit: I still can't open Tools>Internet Options when using IE

message edited by Hartful


Report •

#33
December 16, 2014 at 12:42:46
Re #18
XP MS Updates officially stopped in April. If you use "Microsoft Security Essentials" that will update until the middle of 2015. The same applies to one called "Malicious Software Removal tool" (to which you can make a shortcut - the file is mrt.exe). You might get the odd Net Framework update too but in general updates have now become very minimal, near zero. The point of those two notes is to bolster up your security because of this.

However, both those notes and your Firefox issue are best put on the back burner with the Chrome files. Get the clean-up finished then deal with any other bits and bobs that still remain or cause issues - remind us at that stage by all means. As per #5 it will take a few programs to reach that happy stage.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#34
December 16, 2014 at 12:50:39
" Updating Adobe caused SearchAssist.net to be installed on my pc."
Shall deal with that later, trying to get you clean first.

"Edit: I still can't open Tools>Internet Options when using IE"
Try this way, Control Panel > Internet Options.


Report •

#35
December 16, 2014 at 12:52:07
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#36
December 16, 2014 at 14:20:25
What should I do now?

Report •

#37
December 16, 2014 at 14:45:14
"What should I do now?"
Do Post #35

Report •

#38
Report •

#39
December 16, 2014 at 18:17:46
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1560305870-1003223559-3566357663-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!
SearchScopes: HKLM -> {BA1BE292-1D15-488B-934D-008742212380} URL = http://www.SearchAssist.net/search?...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-21-1560305870-1003223559-3566357663-500 -> {E73DE8CF-9423-4A38-872B-52025D19BB23} URL = http://search.yahoo.com/search?p={s...
HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
R2 Eventlog; [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Avast\aswWebRepIE64.dll No File
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
FF Homepage: hxxp://www.google.com/

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#40
December 17, 2014 at 05:59:43
I had to wait until this morning when my daughter came home so I could use her laptop. I copied the info above into a Notepad .txt, saved it to my desktop where FRST and FixList is located (on my desktop) and clicked Fix. After that, my pc couldn't boot to my desktop. Right before Windows opens, I get a message that says: "lsass.exe System Error. Object name not found". I can't get into Safe Mode.

Report •

#41
December 17, 2014 at 07:19:54
Some malware infection.
Search hijacks
and troubles in the start ups.

I would probably in firefox, click help, trouble shooting information, and hit the reset button, it keeps your favs etc, but should remove the browser addons and reset Firefox.

To err is human but to really screw things up, you need a computer!


Report •

#42
December 17, 2014 at 08:47:19
I can't get into Windows so I can't do anything. The pc won't boot up at this point.



Report •

#43
December 17, 2014 at 11:28:35
What can I do to get my pc to boot up again?

Report •

#44
December 17, 2014 at 11:58:51
Hi

John is in Perth Austrlia (about 4am there right now) so he'll be sleeping. He's an early riser so will probably be around within the next 3 hours or so. I'd prefer not to intervene so sit tight for a bit.

Always pop back and let us know the outcome - thanks


Report •

#45
December 17, 2014 at 13:22:18
Thanks Derek, I'm up, now to work out the best way to sort this out, back ASAP.

Report •

#46
December 17, 2014 at 13:34:21
lsass.exe is one of the security risks with XP SP2, shall deal with upgrading further down the track, got to get the comp clean first.

Run Lazesoft Recovery Suite Home Edition off an thumb/usb drive.

http://www.softpedia.com/get/System...
http://www.lazesoft.com/lazesoft-re...

Tutorials
http://www.lazesoft.com/guide.html

Screenshot ( SS )
http://i.imgur.com/4HXqQKS.jpg

How to Boot a Computer from a Lazesoft Recovery USB Device
http://www.lazesoft.com/create-a-bo...


Report •

#47
December 17, 2014 at 13:51:35
"I had to wait until this morning when my daughter came home so I could use her laptop"
If you used a thumb drive, scan it with her AV & format.

Report •

#48
December 17, 2014 at 17:57:18
Ok, got my pc back. A light bulb went off in my head and I chose "last known configuration that worked" and Windows started.

I did try Lazesoft. I downloaded it onto an external USB drive and connected it to my pc. Nothing happened. I also tried installing onto the ext USB drive but that didn't work. Just for future reference, what should I have done?

So my pc is now at a point before I did FRST/FRST64 and fixlist.txt. Can we go from here?


Report •

#49
December 17, 2014 at 18:20:45
""last known configuration that worked" and Windows started"
Beautiful, System Restore is another, not being able to get into Safe mode, I didn't think you would have been able to get into any of that, though there are other ways.

When the program is loaded onto a thumb drive, it makes it bootable.
Which means you insert the thumb drive, start the comp & it will boot ( hopefully)

The other drives, you have to go into the bios & change the boot order.

To get it exactly right, read the tutorial I gave.you.
http://www.lazesoft.com/guide.html

Having a think about the next steps.

What issues are you having now?

message edited by Johnw


Report •

#50
December 17, 2014 at 18:31:12
"When the program is loaded onto a thumb drive, it makes it bootable."
"The other drives, you have to go into the bios & change the boot order."

I tried both types of drives and changed the boot order to USB HDD but it didn't work. Maybe because it's x64?


I still have the same problems since before FRST/FRST64 and fixlist.txt. Somehow, fixlist.txt caused "lsass.exe System Error. Object name not found".

I still need to get rid of SearchAssist.net.


Report •

#51
December 17, 2014 at 18:33:35
Re #48
"what should I have done"
Gone into BIOS and set the USB drive ahead of the C drive, then re-started the computer with the USB inserted. Best remove it from your external USB drive.

Glad to hear you got it going again. Not sure if John will be around again tonight but I don't want to interfere with his flow and he might want to make some changes regarding FRST/FRST64 and fixlist.txt.

Just for info, one problem with lsass.exe is whether the initial letter is really an 'L' or an capital 'I'. The genuine one (if the file is in the right place) is Lssas.exe but in some fonts a capital I (one to the right of your key U) looks like a lower case L, which is used as a disguise for a badie.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#52
December 17, 2014 at 18:34:39
"I still need to get rid of SearchAssist.net"

Run AdwCleaner again & Hit > Clean. Post the new log please.


Report •

#53
December 17, 2014 at 18:36:58
Sorry John, I thought you were in bed by now so we overlapped.

Always pop back and let us know the outcome - thanks


Report •

#54
December 17, 2014 at 18:45:59
No, it is still am Thursday here Derek.
http://www.timeanddate.com/worldclo...

Report •

#55
December 17, 2014 at 18:51:49
DriverGenius is a program I purchased and AdTrustMedia is a watchdog program that I want to keep.

# AdwCleaner v4.105 - Report created 17/12/2014 at 21:46:01
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - KINGKONG
# Running from : C:\Documents and Settings\Administrator\My Documents\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\AdTrustMedia
[x] Not Deleted : C:\Program Files\AdTrustMedia
[x] Not Deleted : C:\Documents and Settings\Administrator\My Documents\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\drivergenius
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\AdTrustMedia

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R2].txt - [7974 octets] - [15/12/2014 14:21:31]
AdwCleaner[R3].txt - [1931 octets] - [17/12/2014 21:43:01]
AdwCleaner[S2].txt - [6847 octets] - [15/12/2014 20:48:49]
AdwCleaner[S3].txt - [1879 octets] - [17/12/2014 21:46:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1939 octets] ##########


Report •

#56
December 17, 2014 at 18:53:33
Sorry John, I got my am and pm twisted. By the way, I've now googled that Lssas.exe and confirmed that the L version is the genuine one:
http://en.wikipedia.org/wiki/Local_...

Nobody seems to mention the disguised version much these days but it can sure catch folk out.

Always pop back and let us know the outcome - thanks


Report •

#57
December 17, 2014 at 19:04:51
I know you have reasons, I don't think we are going to get anywhere, without deleting those Not Deleted items.


Report •

#58
December 17, 2014 at 19:06:14
Hartful

You ought to read these sometime:

Driver Genius
http://www.shouldiremoveit.com/Driv...
I will refrain from giving my personal views about driver finders.

Adtrust Media
http://www.shouldiremoveit.com/Priv...

Always pop back and let us know the outcome - thanks


Report •

#59
December 17, 2014 at 19:08:33
"Nobody seems to mention the disguised version much these days but it can sure catch folk out"
Correct, SP3 addressed that problem.

Report •

#60
December 17, 2014 at 19:11:20
SP3 addressed that problem
That sounds like a very good reason.
EDIT: Also one of many good security reasons for updating to SP3 later as you previously suggested. Oops, yes, pity about 64 bit.

Off to bed now so I'll leave you two in peace.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#61
December 17, 2014 at 19:18:41
I'll uninstall DriverGenius. If I ever want to find updated drivers (which I doubt because my pc is about 6 years old now and the components are outdated), I'll install it again.

I had installed Comodo firewall and AdTrust Media did come with it. I uninstalled Comodo because of the Adobe problem and was going to reinstall it when I uninstalled and then reinstalled Adobe but I never got that far. Adobe installed SearchAssist.net and the rest is history.

I'll run Adaware again and delete them.

Windows XP x64 doesn't have an SP3.


Report •

#62
December 17, 2014 at 19:28:55
# AdwCleaner v4.105 - Report created 17/12/2014 at 22:21:10
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - KINGKONG
# Running from : C:\Documents and Settings\Administrator\My Documents\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\drivergenius
Folder Deleted : C:\Documents and Settings\All Users\Application Data\drivergenius
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AdTrustMedia
Folder Deleted : C:\Program Files\AdTrustMedia
Folder Deleted : C:\Documents and Settings\Administrator\My Documents\drivergenius

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R2].txt - [7974 octets] - [15/12/2014 14:21:31]
AdwCleaner[R3].txt - [1931 octets] - [17/12/2014 21:43:01]
AdwCleaner[R4].txt - [1942 octets] - [17/12/2014 22:18:58]
AdwCleaner[S2].txt - [6847 octets] - [15/12/2014 20:48:49]
AdwCleaner[S3].txt - [2027 octets] - [17/12/2014 21:46:01]
AdwCleaner[S4].txt - [1709 octets] - [17/12/2014 22:21:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1769 octets] ##########


Report •

#63
December 17, 2014 at 19:31:04
"Windows XP x64 doesn't have an SP3"
Probably, because 64-bit is more secure.

Report •

#64
December 17, 2014 at 19:32:59
I have Google set as my home page on Firefox. I've been trying to find a tutorial on how to reset the page that tabs open to but I haven't been able to find it. Do you know how I can do this?

I still can't open Tools>Internet Options in IE.


Report •

#65
December 17, 2014 at 19:33:24
Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif

Report •

#66
December 17, 2014 at 19:37:16
"I still can't open Tools>Internet Options in IE"

Did you try my post #34


Report •

#67
December 17, 2014 at 19:53:00
The setting for Control Panel>Internet Options has changed to just an icon and it won't open.

Report •

#68
December 17, 2014 at 20:01:15
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Administrator at 2014-12-17 22:49:45
Running from C:\Documents and Settings\Administrator\My Documents\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide

them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Acrobat.com (HKLM-x32\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 -

Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater)

(Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1)

(Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version:

11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version:

15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001})

(Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 -

Adobe Systems, Inc.)
Advanced WindowsCare Personal (HKLM-x32\...\Advanced WindowsCare V2 Personal_is1)

(Version: 2.7.2 - IObit)
AiO_Scan (x32 Version: 51.0.109.000 - Hewlett-Packard) Hidden
AM-DeadLink (HKLM-x32\...\AM-DeadLink) (Version: - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apollo WMV/ASF/ASX to DVD Burner 3.2 (HKLM-x32\...\Apollo WMV/ASF/ASX to DVD

Burner_is1) (Version: - Apollo Mulitmedia)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359})

(Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:

2.1.3.127 - Apple Inc.)
Audacity 1.0.0 (HKLM-x32\...\Audacity_is1) (Version: - )
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 -

Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:

- DownloadHelper)
Corel WordPerfect Suite 8 (HKLM-x32\...\Corel WordPerfect Suite 8) (Version: - )
Data Lifeguard Diagnostic for Windows 1.24

(HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital

Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dziobas Rar Player 0.009.51 (HKLM-x32\...\Dziobas Rar Player_is1) (Version: - Kamil

Dzióbek)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESSCDBK (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.02.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.02.0000.0004 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (x32 Version: 5.01.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpot (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
FairUse Wizard 2 (HKLM-x32\...\FairUse Wizard 2) (Version: (v2.8) - FairUse Wizard)
Falco Icon Studio 2.7 (HKLM-x32\...\Falco Icon Studio_is1) (Version: - Falco, Inc.)
ffdshow x64 v1.1.3611 [2010-10-06] (HKLM\...\ffdshow64_is1) (Version: 1.1.3611.0 - )
Free YouTube Downloader 3.5.136

(HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
HD Tune 2.54 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HLPIndex (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HP Beta Printer Drivers for Windows XP x64 (5.64.0.17)

(HKLM\...\{25E0F2BA-399C-4cf8-A654-53797016CB77}) (Version: 5.64.0.10 - HP)
HP Photosmart Essential (HKLM-x32\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version:

1.9.1.3 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version:

1.00.0000 - JMICRON Technology Corp.)
KSU (x32 Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes

Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.4.2499.0

(HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.4.2499.0 - MPC-HC

Team)
MediaInfo 0.7.7.4 (HKLM-x32\...\MediaInfo) (Version: 0.7.7.4 - )
MGI PhotoSuite 4 (Remove Only) (HKLM-x32\...\MGI_PRISM_V4_0) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2

(HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft

Corporation)
Microsoft .NET Framework 3.0 Service Pack 2

(HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft

Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:

- Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client

Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:

5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable

(HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -

Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft

Corporation)
MKVtoolnix 2.2.0 (HKLM-x32\...\MKVtoolnix) (Version: 2.2.0 - Moritz Bunkus)
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US))

(Version: 25.0 - Mozilla)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US))

(Version: 25.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US))

(Version: 26.0 - Mozilla)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US))

(Version: 27.0 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US))

(Version: 27.0.1 - Mozilla)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US))

(Version: 28.0 - Mozilla)
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US))

(Version: 29.0 - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US))

(Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 -

Mozilla)
MP3 Bitrate Changer 1.1 (HKLM-x32\...\MP3 Bitrate Changer_is1) (Version: - Pianosoft)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F})

(Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (HKLM\...\{E1B33EF1-258C-4EC0-A340-D031100FE50D})

(Version: 6.20.2016.0 - Microsoft Corporation)
Nero 7 Demo (HKLM-x32\...\{84B2CF01-194D-2284-B313-F2E0D78D1033}) (Version: 7.00.1461 -

Nero AG)
Notifier (x32 Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 125.24 -

NVIDIA Corporation)
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 -

dotPDN LLC)
PCDADDIN (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
PCDHELP (x32 Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:

5.36 - Realtek Semiconductor Corp.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver

(HKLM-x32\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0000 - Realtek)
Realtek High Definition Audio Driver

(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5898 - Realtek

Semiconductor Corp.)
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
Scan (x32 Version: 6.0.0.0 - Hewlett-Packard) Hidden
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 -

SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240})

(Version: 4.5.13.0 - Husdawg, LLC)
TransBar (HKLM-x32\...\TransBar) (Version: - )
Unlocker 1.8.5 (HKLM-x32\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 -

Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2661254) (HKLM\...\KB2661254) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2748349) (HKLM\...\KB2748349) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2836198) (HKLM\...\KB2836198) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB2890882) (HKLM\...\KB2890882) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 5 - Microsoft

Corporation)
Update for Windows XP (KB932596) (HKLM\...\KB932596) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft

Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft

Corporation)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.5.0 -

Carifred)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01

(HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version:

9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables

(HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG

Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
VPRINTOL (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Webshots Desktop (HKLM-x32\...\Webshots Desktop_is1) (Version: - AGCM)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140744 - Microsoft

Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows x64 Service Pack) (Version: - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 -

WinZip Computing, S.L. )
WIRELESS (x32 Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version:

12.8.2.0 - WOT Services Oy)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: -

)
XviD v1.2.0 CVS (HKLM\...\XviD MPEG-4 Video Codec_is1) (Version: - Celtic Druid)
XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME) (HKLM-x32\...\XviD) (Version:

- )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual

file will not be moved.)

CustomCLSID:

HKU\S-1-5-21-1560305870-1003223559-3566357663-500_Classes\CLSID\{0002DF01-0000-0000-C00

0-000000000046}\localserver32 -> C:\Program Files\Internet Explorer\IEXPLORE.EXE

(Microsoft Corporation)
CustomCLSID:

HKU\S-1-5-21-1560305870-1003223559-3566357663-500_Classes\CLSID\{3DC7A020-0ACD-11CF-A9B

B-00AA004AE837}\InprocServer32 -> C:\WINDOWS\system32\ieframe.dll (Microsoft

Corporation)

==================== Restore Points =========================

13-12-2014 21:10:01 Removed COMODO Firewall
13-12-2014 21:27:05 AA11
14-12-2014 16:24:19 Revo Uninstaller's restore point - Spybot - Search & Destroy
14-12-2014 16:35:58 Removed Driver Support.
15-12-2014 08:39:27 UVK - Ultra Virus Killer install
16-12-2014 10:18:44 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-02-18 07:00 - 2013-10-29 17:57 - 00000098 ____N

C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any

associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program

Files\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\MIX.job => C:\PROGRA~2\WinMX\WinMX.exe

==================== Loaded Modules (whitelisted) =============

2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files

(x86)\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files

(x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be

removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The

"AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default

entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Start GeekBuddy.lnk => C:\WINDOWS\pss\Start GeekBuddy.lnkCommon

Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => C:\Program

Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media

Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX

Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor =>
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\SysWOW64\NeroCheck.exe
MSCONFIG\startupreg: SmartRAM => "C:\Program Files (x86)\WindowsCare

v2.7\MemCleaner.exe" /m
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TransBar => C:\Program Files (x86)\TransparentBar\TransBar.exe /s
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common

Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files

(x86)\Unlocker\UnlockerAssistant.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1560305870-1003223559-3566357663-500 - Administrator - Enabled)

=> %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-1560305870-1003223559-3566357663-501 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1560305870-1003223559-3566357663-1001 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This

starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This

starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC #3
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This

starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This

starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This

starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 10:47:17 AM) (Source: MsiInstaller) (EventID: 11316) (User:

KINGKONG)
Description: Product: WOT for Internet Explorer -- Error 1316. A network error occurred

while attempting to read from the file: N:\- PROGRAMS\Downloaded Programs\Security

Programs\WOT x64 for Firefox\WOT-latest-en-x64.msi

Error: (12/13/2014 09:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.5.5443, faulting

module mozalloc.dll, version 34.0.5.5443, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/08/2014 06:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module

libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/08/2014 06:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module

libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/06/2014 10:26:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mpc-hc.exe, version 1.4.2499.0, faulting module

mpc-hc.exe, version 1.4.2499.0, fault address 0x002a7b6a.
Processing media-specific event for [mpc-hc.exe!ws!]

Error: (12/06/2014 09:10:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module

libmpeg2_ff.dll, version 0.0.0.0, fault address 0x000000000000341a.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/05/2014 10:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mpc-hc.exe, version 1.4.2499.0, faulting module

mpc-hc.exe, version 1.4.2499.0, fault address 0x002a7b6e.
Processing media-specific event for [mpc-hc.exe!ws!]

Error: (12/01/2014 11:53:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application photosuite.exe, version 4.0.0.1038, faulting module

ps4cataloglistbox.dll, version 4.0.0.909, fault address 0x00007c6c.
Processing media-specific event for [photosuite.exe!ws!]

Error: (12/01/2014 11:10:19 AM) (Source: MsiInstaller) (EventID: 11706) (User:

KINGKONG)
Description: Product: Scan -- Error 1706.No valid source could be found for product

Scan. The Windows Installer cannot continue.

Error: (12/01/2014 11:09:35 AM) (Source: MsiInstaller) (EventID: 11706) (User:

KINGKONG)
Description: Product: Scan -- Error 1706.No valid source could be found for product

Scan. The Windows Installer cannot continue.


System errors:
=============
Error: (12/17/2014 10:24:39 PM) (Source: Service Control Manager) (EventID: 7002)

(User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group

and no member of this group started.

Error: (12/17/2014 10:24:39 PM) (Source: Service Control Manager) (EventID: 7000)

(User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/17/2014 10:23:54 PM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/17/2014 09:49:43 PM) (Source: Service Control Manager) (EventID: 7002)

(User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group

and no member of this group started.

Error: (12/17/2014 09:49:43 PM) (Source: Service Control Manager) (EventID: 7000)

(User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/17/2014 09:48:57 PM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/17/2014 08:49:14 PM) (Source: Service Control Manager) (EventID: 7002)

(User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group

and no member of this group started.

Error: (12/17/2014 08:49:14 PM) (Source: Service Control Manager) (EventID: 7000)

(User: )
Description: The Aspi32 service failed to start due to the following error:
%%1275

Error: (12/17/2014 08:48:16 PM) (Source: 0) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\aspi32.sys

Error: (12/16/2014 09:23:01 AM) (Source: Service Control Manager) (EventID: 7002)

(User: )
Description: The Routing and Remote Access service depends on the NetBIOSGroup group

and no member of this group started.


Microsoft Office Sessions:
=========================
Error: (07/17/2014 05:19:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28

seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/05/2012 10:35:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17

seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds

with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds

with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:44:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24

seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/27/2011 04:43:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10

seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds

with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds

with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds

with 0 seconds of active time. This session ended with a crash.

Error: (12/05/2010 07:46:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001)

(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds

with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 4094 MB
Available physical RAM: 3007.7 MB
Total Pagefile: 5892.95 MB
Available Pagefile: 4931.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:34.18 GB) (Free:11.06 GB) NTFS
Drive d: (M 20-89, WS) (Fixed) (Total:897.33 GB) (Free:244.71 GB) NTFS
Drive e: (M 90-07, TOONS, ANIMS, COM) (Fixed) (Total:1863.01 GB) (Free:640.39 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C1E3C1E)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=897.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B1DE9374)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 20643CEF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Report •

#69
December 17, 2014 at 20:08:56
Every time I paste the FRST log here, it doesn't show up as posted. I did it 3 times.

Report •

#70
December 17, 2014 at 20:14:41
Edit: Delete

message edited by Hartful


Report •

#71
December 17, 2014 at 20:15:26
They are too big, refer post #35

Report •

#72
Report •

#73
December 17, 2014 at 20:26:16
Ok, got them, don't wait up, it takes some time to go through them.

Report •

#74
December 17, 2014 at 20:27:11
Ok, thanks, have a good nite!

Report •

#75
December 17, 2014 at 20:44:05
I was looking for a file in my pc when I came across this .txt file named adxregistrator in My Documents. I don't know if it'll have any useful info for you:

Add-in Express Registrator Log File: 12/13/2014 21:37:01

Installation directory: C:\Program Files\SearchAssist\ie\
Registrator version: 8.3.5068.0
Operating System: Microsoft Windows XP Professional x64 Edition Service Pack 2 (build 3790)
Process Owner: Administrator
Command Line: "C:\Program Files\SearchAssist\ie\adxregistrator.exe" /uninstall="SearchAssist.dll" /privileges=admin
Run 'As Administrator': Yes
Process Elevated: No
Integrity Level: Untrusted
UAC (User Account Control): Off
--------------------------------------------------------------
21:37:01 0164 Starting the add-in unregistration process.
21:37:01 0164 Loading mscoree.dll
21:37:01 0164 Success.
21:37:01 0164 .NET Framework installation directory:
21:37:01 0164 The latest version of .NET Framework: 'v4.0.30319'
21:37:01 0164 Loading CLR: v4.0.30319.
21:37:01 0164 Calling CLRCreateInstance method.
21:37:01 0164 Success.
21:37:01 0164 Calling GetRuntime method.
21:37:01 0164 Success.
21:37:01 0164 Checking if the hosting API of .NET Framework v4.0 beta is installed.
21:37:01 0164 The hosting API is up to date.
21:37:01 0164 Calling GetInterface method for the CorRuntimeHost interface.
21:37:01 0164 Success.
21:37:01 0164 Starting CLR...
21:37:01 0164 Success.
21:37:01 0164 Getting the CLR version.
21:37:01 0164 The CLR v4.0.30319 has been initialized successfully.
21:37:01 0164 Creating a new domain setup.
21:37:01 0164 Success.
21:37:01 0164 Getting the add-in directory.
21:37:01 0164 Success. The directory is 'C:\Program Files\SearchAssist\ie\'
21:37:01 0164 The 'shadow copy' is disabled.
21:37:01 0164 Creating a new application domain.
21:37:01 0164 Success.
21:37:01 0164 Getting the base directory for the domain.
21:37:01 0164 Success. The directory is 'C:\Program Files\SearchAssist\ie\'.
21:37:01 0164 Searching for the Add-in Express core library.
21:37:01 0164 Success. The 'AddinExpress.IE.dll' file is found.
21:37:01 0164 Creating an instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
21:37:01 0164 Assembly identity is 'AddinExpress.IE'.
21:37:01 0164 Success.
21:37:01 0164 Unwrapping the instance of the 'AddinExpress.Deployment.ADXRegistrator' class.
21:37:01 0164 Success.
21:37:01 0164 Calling the managed unregistration procedure.
21:37:01 0500 Connecting to the application domain of the Add-in Express loader.
21:37:01 0500 Success.
21:37:01 0500 Loading the 'searchassist.dll' assembly.
21:37:02 0500 Success.
21:37:02 0500 Unregistering the 'searchassist.dll' assembly (administrator).
21:37:02 0500 The ' searchassist.dll' assembly has been unregistered successfully.
21:37:02 0164 The add-in unregistration process is completed with HRESULT = 0.


Report •

#76
December 17, 2014 at 21:10:46
Confirms it is a nasty piece of work.

Use this to check if those 2 programs are still listed.
Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

Formed a plan in my head of the next move, if you want it before going to bed.


Report •

#77
December 17, 2014 at 21:18:03
Run all the steps except Malwarebytes.

Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.

Start at Step 1 & when you get to the final step, check/tick all the boxes. Reboot when finished.

http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Copy and Paste the contents of the following log in your reply:
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt


Report •

#78
December 17, 2014 at 22:23:29
I ran Tweak but I ran into a problem. My CD/DVD Drive doesn't work, it hasn't for about 2 years now. I never need it so I wasn't in a hurry to get it fixed. So each time I was asked to place the CD into the drive, I had to tell the program to skip it that time. That happened more that 20 times so I'm not sure how much information you got that you needed.

Log File:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator\My Documents\Desktop>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Local Disk.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
10164736164736
164736 file records processed.

File verification completed.
10 percent complete. (1 of 356 large file records processed)
10356356
356 large file records processed.

1000
0 bad file records processed.

1000
0 EA records processed.

1033
3 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
38 percent complete. (443031 of 446000 index entries processed)
38 percent complete. (443531 of 446000 index entries processed)
38 percent complete. (444031 of 446000 index entries processed)
38 percent complete. (444531 of 446000 index entries processed)
38 percent complete. (445031 of 446000 index entries processed)
38 percent complete. (445531 of 446000 index entries processed)
38446000446000
446000 index entries processed.

Index verification completed.
3855
5 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
41 percent complete. (163100 of 164736 descriptors processed)
41164736164736
164736 security descriptors processed.

Security descriptor verification completed.
4184938493
8493 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (40263680 of 40265352 USN bytes processed)
1004026535240265352
40265352 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

35840983 KB total disk space.
24355280 KB in 82847 files.
24160 KB in 8494 indexes.
0 KB in bad sectors.
273107 KB in use by the system.
65536 KB occupied by the log file.
11188436 KB available on disk.

4096 bytes in each allocation unit.
8960245 total allocation units on disk.
2797109 allocation units available on disk.

C:\>


Report •

#79
December 17, 2014 at 22:35:15
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator\My Documents\Desktop>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Local Disk.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
10164736164736
164736 file records processed.

File verification completed.
10 percent complete. (1 of 356 large file records processed)
10356356
356 large file records processed.

1000
0 bad file records processed.

1000
0 EA records processed.

1033
3 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
38 percent complete. (443031 of 446000 index entries processed)
38 percent complete. (443531 of 446000 index entries processed)
38 percent complete. (444031 of 446000 index entries processed)
38 percent complete. (444531 of 446000 index entries processed)
38 percent complete. (445031 of 446000 index entries processed)
38 percent complete. (445531 of 446000 index entries processed)
38446000446000
446000 index entries processed.

Index verification completed.
3855
5 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
41 percent complete. (163100 of 164736 descriptors processed)
41164736164736
164736 security descriptors processed.

Security descriptor verification completed.
4184938493
8493 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (40263680 of 40265352 USN bytes processed)
1004026535240265352
40265352 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

35840983 KB total disk space.
24355280 KB in 82847 files.
24160 KB in 8494 indexes.
0 KB in bad sectors.
273107 KB in use by the system.
65536 KB occupied by the log file.
11188436 KB available on disk.

4096 bytes in each allocation unit.
8960245 total allocation units on disk.
2797109 allocation units available on disk.

C:\>


Report •

#80
December 17, 2014 at 22:35:36
Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 64-bit
OS Version: 5.2.3790
OS Service Pack: Service Pack 2
Computer Name: KINGKONG
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile:
Current Profile SID: S-1-5-21-1560305870-1003223559-3566357663-500
Current Profile Classes: S-1-5-21-1560305870-1003223559-3566357663-500_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Administrator\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:08:48

Process Count: 34
Commit Total: 975.43 MB
Commit Limit: 5.75 GB
Commit Peak: 1.19 GB
Handle Count: 10302
Kernel Total: 134.84 MB
Kernel Paged: 95.56 MB
Kernel Non Paged: 39.28 MB
System Cache: 2.02 GB
Thread Count: 588
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 1.06 GB(26.5746%)
Memory Avail.: 2.94 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 791.31 MB(19.3286%)
Memory Avail.: 3.23 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (12/18/2014 12:51:51 AM)


The current repair has failed to start for over 30 sec.
Trying Again....


The current repair has failed to start for over 30 sec.
Trying Again....


The current repair has failed to start for over 30 sec.
Trying Again....

Done, but failed, at (12/18/2014 12:53:51 AM)
Total Repair Time: 00:02:02

The current repair has failed to start 4 times.
Something is keeping the repair from running.
Tweaking_ras.exe in the files folder is used to run the repairs under the system account, make sure your Antivirus isnt blocking it.
Please post in the Tweaking.com forums for support.


Report •

#81
December 17, 2014 at 22:47:01
It's 2 am here so I'm heading to bed soon. I'll be back in about 8 hours.

Report •

#82
December 17, 2014 at 23:05:06
" So each time I was asked to place the CD into the drive"
That would have been needed for SFC.

What is your EXACT model comp, if it is a brand name?

Do you have XP SP2 on a thumb drive or CD?DVD?

The log tells us to run chkdsk manually.
"Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these"

This will do the F command.

1: Open "My Computer" and right-click on the icon for the drive that is to be checked.
2: In the context menu that opens, choose "Properties".
3: Click the "Tools" tab at the top of the Properties window.
4: In the "Error-checking" section, click the button "Check now".
A box showing the options for running Chkdsk is then available as shown in the figure below..
http://i.imgur.com/RNBqb2I.gif
Check the option "Automatically fix file system errors" should be chosen for routine checks.


Report •

#83
December 17, 2014 at 23:12:10
Obtaining CHKDSK Results ( log file ) Copy & Paste the conternts of the log please.
http://www.cpucare.net/OS/XP/Viewin...
How to get to Event Viewer.
In Windows XP there are four ways to get to event viewer.
Start > Control Panel > Administrative Tools > Event Viewer.
Right click > My Computer > Manage > Event Viewer.
Start > Run > Eventvwr.
Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.
Obtaining CHKDSK Results
Once Event Viewer is open, select Application.
The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results.

Report •

#84
December 18, 2014 at 07:24:30
This is a log that chkdsk made:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator\My Documents\Desktop>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Local Disk.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
10164736164736
164736 file records processed.

File verification completed.
10 percent complete. (1 of 356 large file records processed)
10356356
356 large file records processed.

1000
0 bad file records processed.

1000
0 EA records processed.

1033
3 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
38 percent complete. (443031 of 446000 index entries processed)
38 percent complete. (443531 of 446000 index entries processed)
38 percent complete. (444031 of 446000 index entries processed)
38 percent complete. (444531 of 446000 index entries processed)
38 percent complete. (445031 of 446000 index entries processed)
38 percent complete. (445531 of 446000 index entries processed)
38446000446000
446000 index entries processed.

Index verification completed.
3855
5 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
41 percent complete. (163100 of 164736 descriptors processed)
41164736164736
164736 security descriptors processed.

Security descriptor verification completed.
4184938493
8493 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (40263680 of 40265352 USN bytes processed)
1004026535240265352
40265352 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

35840983 KB total disk space.
24355280 KB in 82847 files.
24160 KB in 8494 indexes.
0 KB in bad sectors.
273107 KB in use by the system.
65536 KB occupied by the log file.
11188436 KB available on disk.

4096 bytes in each allocation unit.
8960245 total allocation units on disk.
2797109 allocation units available on disk.

C:\>


Report •

#85
December 18, 2014 at 07:25:54
"Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results."

Is there a way to export the log? Copying the results isn't an available option.


Report •

#86
December 18, 2014 at 07:31:56
"What is your EXACT model comp, if it is a brand name?" It's not a name brand, I built it:
- GIGABYTE GA-EP45-DQ6 LGA 775 Intel P45 ATX Motherboard
- Intel Core 2 Quad Q6600 Kentsfield cpu
- mushkin 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Dual Channel RAM
- CORSAIR CMPSU-850TX 850W
- WD Caviar Black WD1001FALS 1TB, 32MB Cache SATA 3.0Gb/s
- ASUS EAH4650-DI-512MD2 Graphics Card
- HighPoint RocketRAID 2300 PCI Express SATA II 8-Port Controller Card

"Do you have XP SP2 on a thumb drive or CD?DVD?"
I have the file "WindowsServer2003.WindowsXP-KB914961-SP2-x64-ENU"


Report •

#87
December 18, 2014 at 09:48:26
Hi Hartful

Well John will definitely be in bed this time (01:47 there right now).

If the chkdsk log is there it should be Bootex.log at the root of the C drive.
You will probably be able to open it in NotePad.

Always pop back and let us know the outcome - thanks


Report •

#88
December 18, 2014 at 11:37:35
I did a search of C:\ including system and hidden folders and there's no file named bootex.log

Report •

#89
December 18, 2014 at 12:05:00
I'm not totally surprised because I got the idea that it isn't always saved there.

However, it should appear in Event viewer and if you double click the entry there is a "Copy" button. If you then open NotePad and use Paste (or Ctrl + V keys) it should appear and can be given a name and saved as a text file. It should also be possible to just paste it directly on here, or at any later time highlight the saved NotePad file text by dragging the mouse over it and Copy/Paste that here instead.

Always pop back and let us know the outcome - thanks


Report •

#90
December 18, 2014 at 14:21:51
#84 This is a log that chkdsk made:
That is the one already posted in #79

""Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results.

Is there a way to export the log? Copying the results isn't an available option"

Ctrl + C


Report •

#91
December 18, 2014 at 15:43:10
There should be a copy button as given, although on XP it is just a symbol - see Step 6 here:
https://support.metageek.net/hc/en-...

Always pop back and let us know the outcome - thanks


Report •

#92
December 18, 2014 at 15:49:06
Evening Derek, nice Googling.

Report •

#93
December 18, 2014 at 15:50:56
Thanks :)

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 12/18/2014
Time: 10:07:07 AM
User: N/A
Computer: KINGKONG
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1183 unused index entries from index $SII of file 0x9.
Cleaning up 1183 unused index entries from index $SDH of file 0x9.
Cleaning up 1183 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

35840983 KB total disk space.
24577844 KB in 84637 files.
24588 KB in 8519 indexes.
0 KB in bad sectors.
271827 KB in use by the system.
65536 KB occupied by the log file.
10966724 KB available on disk.

4096 bytes in each allocation unit.
8960245 total allocation units on disk.
2741681 allocation units available on disk.

Internal Info:
80 83 02 00 f0 6b 01 00 d7 7d 01 00 00 00 00 00 .....k...}......
f7 19 00 00 03 00 00 00 e4 06 00 00 00 00 00 00 ................
ee a5 a0 07 00 00 00 00 f0 d9 3c 1c 00 00 00 00 ..........<.....
40 94 cb 0f 00 00 00 00 00 00 00 00 00 00 00 00 @...............
00 00 00 00 00 00 00 00 22 63 4f 3a 00 00 00 00 ........"cO:....
00 18 0d 8f 00 00 00 00 bc 41 0a 00 01 00 00 00 .........A......
d8 1b 00 00 01 00 00 00 40 3d 0b 00 00 00 00 00 ........@=......

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...


Report •

#94
December 18, 2014 at 15:57:39
Now we have repaired some system files, run Tweaking.com again, go straight to the final step, check all the boxes.
Log please.

Make sure you disable Avira before scanning.
This is an extract from the Tweaking.com log.
"The current repair has failed to start 4 times.
Something is keeping the repair from running.
Tweaking_ras.exe in the files folder is used to run the repairs under the system account, make sure your Antivirus isnt blocking it."
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...


Report •

#95
December 18, 2014 at 17:08:17
I just ran Tweaking.com. It takes a long time because I have to hit CANCEL then YES a few hundred times and when I hit CANCEL more than 1 time in a row, the test stopped and I had to start from the beginning. I did this 3 times, not fun. But when I went into Event Viewer, the latest log was the one from this morning. I don't know why a new Winlogon isn't there. I'm going to try it again. I'll be back soon.

Report •

#96
December 18, 2014 at 17:12:38
" new Winlogon isn't there"
Wrong place.

No one expects you to remember instructions, print or write them down.

Go back & read the original instructions,


Report •

#97
December 18, 2014 at 17:39:26
These are the instructions. It's what I did. There's no report for the last 2 chkdks runs.

" How to get to Event Viewer

In Windows XP there are four ways to get to event viewer

<Start><Control Panel><Administrative Tools><Event Viewer>
<Right-Click My Computer><Manage><Event Viewer>
<Start><Run><Eventvwr>
<From C: Prompt><Eventvwr>

Obtaining CHKDSK Results

Once Event Viewer is open, select Application
The 4th column of information in the right-hand pane is titled Source , click on the word Source at the top of the column to sort by that column
Scroll through the Source column to find the most recent entry titled Winlogon
Double-click Winlogon to open the CHKDSK results"

This is the only report from this morning:

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 12/18/2014
Time: 10:07:07 AM
User: N/A
Computer: KINGKONG
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Local Disk.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1183 unused index entries from index $SII of file 0x9.
Cleaning up 1183 unused index entries from index $SDH of file 0x9.
Cleaning up 1183 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

35840983 KB total disk space.
24577844 KB in 84637 files.
24588 KB in 8519 indexes.
0 KB in bad sectors.
271827 KB in use by the system.
65536 KB occupied by the log file.
10966724 KB available on disk.

4096 bytes in each allocation unit.
8960245 total allocation units on disk.
2741681 allocation units available on disk.

Internal Info:
80 83 02 00 f0 6b 01 00 d7 7d 01 00 00 00 00 00 .....k...}......
f7 19 00 00 03 00 00 00 e4 06 00 00 00 00 00 00 ................
ee a5 a0 07 00 00 00 00 f0 d9 3c 1c 00 00 00 00 ..........<.....
40 94 cb 0f 00 00 00 00 00 00 00 00 00 00 00 00 @...............
00 00 00 00 00 00 00 00 22 63 4f 3a 00 00 00 00 ........"cO:....
00 18 0d 8f 00 00 00 00 bc 41 0a 00 01 00 00 00 .........A......
d8 1b 00 00 01 00 00 00 40 3d 0b 00 00 00 00 00 ........@=......

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...


Report •

#98
December 18, 2014 at 18:01:41
You are running Tweaking.com not chkdsk.

Post #77

Copy and Paste the contents of the following log in your reply:
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txtTweaking.com not chkdsk.


Report •

#99
December 18, 2014 at 18:03:24
Now a lot of things have been blown away I wonder if IE Reset would work if tried again:

Control Panel > Internet Options > Advanced tab > Reset button.

There is also this:
http://www.techsupportall.com/inter...

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#100
December 18, 2014 at 18:16:07
"Now a lot of things have been blown away"
Not yet Derek, progress is very slow, have achieved very little today.

Extract from the chkdsk log.
"Cleaning up minor inconsistencies on the drive"

message edited by Johnw


Report •

#101
December 18, 2014 at 18:23:48
"run Tweaking.com again, go straight to the final step, check all the boxes."

I don't understand what you want then. With Tweaking.com, the last test is comparing existing Windows files with the original Windows files. There are no boxes to check. My CD/DVD drive isn't working. See #78-82. I can't run the test except if I Cancel each file it wants to check. But I was asked to run the last test so I ran the last test because I thought there was some information you wanted from this anyway.

"Control Panel > Internet Options" Internet Options is still unavailable.


Report •

#102
Report •

#103
December 18, 2014 at 18:44:03
I turned off Avira and Ad-Aware and started Repair, all boxes checked:

Log:
Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 64-bit
OS Version: 5.2.3790
OS Service Pack: Service Pack 2
Computer Name: KINGKONG
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile:
Current Profile SID: S-1-5-21-1560305870-1003223559-3566357663-500
Current Profile Classes: S-1-5-21-1560305870-1003223559-3566357663-500_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Administrator\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:10:28

Process Count: 32
Commit Total: 700.93 MB
Commit Limit: 5.75 GB
Commit Peak: 1.31 GB
Handle Count: 8160
Kernel Total: 139.41 MB
Kernel Paged: 99.00 MB
Kernel Non Paged: 40.41 MB
System Cache: 1.93 GB
Thread Count: 456
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 889.04 MB(21.7157%)
Memory Avail.: 3.13 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 600.97 MB(14.6794%)
Memory Avail.: 3.41 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (12/18/2014 9:39:51 PM)


The current repair has failed to start for over 30 sec.
Trying Again....


The current repair has failed to start for over 30 sec.
Trying Again....


The current repair has failed to start for over 30 sec.
Trying Again....

Done, but failed, at (12/18/2014 9:41:53 PM)
Total Repair Time: 00:02:03

The current repair has failed to start 4 times.
Something is keeping the repair from running.
Tweaking_ras.exe in the files folder is used to run the repairs under the system account, make sure your Antivirus isnt blocking it.
Please post in the Tweaking.com forums for support.


Report •

#104
December 18, 2014 at 18:58:53
" So each time I was asked to place the CD into the drive"
That statement prompted my question about your operating system. I can assume it is on a CD, I am memorizing everything as we go along & may need that info later as I plan ahead.
"I have the file "WindowsServer2003.WindowsXP-KB914961-SP2-x64-ENU""
Am I right, it is on a CD?

Report •

#105
December 18, 2014 at 19:03:56
Windows is on CD but no CD/DVD drive available. It stopped working.

I have WindowsServer2003.WindowsXP-KB914961-SP2-x64-ENU.exe and SP2 ISO IMAGE File


Report •

#106
December 18, 2014 at 19:11:39
"but no CD/DVD drive available. It stopped working"
Yes I know that.

Do you know how to do a windows repair?

Put your XP install on a clean thumb/usb drive.

Rufus
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Rufus_...
http://www.freewarefiles.com/screen...
http://rufus.akeo.ie/
UEFI
Select the GPT partition scheme for UEFI computers.

message edited by Johnw


Report •

#107
December 18, 2014 at 19:14:39
Tweaking.com log.
"Done, but failed"
Same as the first time you ran it.

Report •

#108
December 18, 2014 at 19:23:12
What exactly is a "flash drive." I have a thumb drive and external USB drives. Will they do?

Edit: I know how to do a Windows Repair but using the CD, not any other way.

message edited by Hartful


Report •

#109
December 18, 2014 at 19:30:34
"thumb drive"
Same thing, that's what I called it, in my post. Different countries have different names for them.

"Edit: I know how to do a Windows Repair but using the CD, not any other way"
Wait for a minute, there 2 other options.


Report •

#110
December 18, 2014 at 19:44:53
Here are the choices, the thumb drive will behave exactly like a CD.
Make sure no other drives are connected, other than the thumb drive & C drive.

1: Insert the drive in a rear usb port ( they have more power )
Click on Install Windows XP & follow the prompts.

2: With the drive inserted in an USB port, boot into the bios & change the boot order to boot from the thumb drive.
Hit > Press any key & proceed to the Repair option where you don't lose any files.
http://www.techspot.com/community/t...

3: Don't worry about 2 & 3, go straight into a new install. Make sure you Delete ALL partitions & format to NTFS.

message edited by Johnw


Report •

#111
December 18, 2014 at 19:54:16
It's late here tonight so I'll get started on it tomorrow. I'm thinking about maybe getting a new CD/DVD drive too, they're pretty cheap now-a-days. I know some of my data cables have problems too so I'm going to get new ones. I want to hold this pc together for a few more years. It suits me to a T. I've got a few things to think about. Thanks for all your help, it's much appreciated. I'll probably have a few questions when I start doing things. If you don't mind, I'll probably come back with some questions. I'm good with hardware but software confuses the h*ll out of me.

Report •

#112
December 18, 2014 at 19:59:22
" I'm good with hardware but software confuses the h*ll out of me"
I was thinking that after you told me you built your own.

Make sure you have your product number, you may need it.

"I'll probably come back with some questions"
No problem.

" I'm thinking about maybe getting a new CD/DVD drive"
I don't use CD's anymore, I have everything on thumb drives.

message edited by Johnw


Report •

#113
December 18, 2014 at 20:05:02
Building a pc is just plug-and-play. Put A in socket A, B in B, etc, post, install Windows, install drivers, install a few programs, done.

I have the Windows product key with the CD.

Happy Holidays!



Report •


Ask Question