# IE malfunction, Win 7, missing or corrupt files



## idonquixote (Sep 18, 2010)

I first noticed a problem when Internet Explorer had trouble opening and staying open>saying IE had terminated abnormally>asking if I wanted to restore previous session>ignoring when I answered either Y or N>blinking with a black screen>freezing the cursor>crashing to a blue screen.

I have 2 pgms called Internet Explorer, one in the "Program Files" folder and a second in the "Program Files (x86)" folder. I don't know if I am supposed to have 2 pgms.

I often have both Chrome and IE open at the same time. Chrome does not seem to have a problem. I can get to Outlook by using Chrome to call up msn.com and then logging in to Outlook on msn.com.

I tried to repair IE, but the "best" I could do was upgrade from IE10 to IE11. The problem didn't go away. I tried many things, including several MicrosoftFixIt programs. I have since noticed that some updates have failed, some Windows 7 files are missing or corrupt, and a variety of other bad things have happened. Additionally, I am puzzled that some items I thought I had removed show up in the logs below.

Windows 7 - Home Premium v6.1a, Internet Explorer 11. More details in Belarc Advisor. * < Removed the Belarc,as it has all your Keys to software products on the computer - not a good idea to post on a public forum - ETAF moderator>*

Some clues:
Code 8004FF80
Code 0x80070057 - Root Cause - RC_Data Store
Code 0x80070643 - cancelled by wizard from MS Download page. Code indicates various IE issues.
FixIt - jumped to IE Microsoft Automated Troubleshooting Services
Wizard cancelled Microsoft Security Essentials - 4.6.305.0 (KB2965031)
Several efforts led to message "Your system administrator has set policies to prevent this installation." I AM THE SYSTEM ADMINISTRATOR!

I have backed up my personal data. I have removed all questionable programs previously downloaded from the web. Hit and miss, as I looked at the Properties of some (not all) files, I changed them to be compatible with Windows 7. I don't know where to go from here.

Below are the results and/ATTACHMENTS for TSG Sysinfo, HJT, GMER, and Belarc Advisor. I hope they help.
=================================================================================
TSG Sysinfo
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4056 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb
Hard Drives: C: Total - 461899 MB, Free - 356351 MB; F: Total - 476821 MB, Free - 311077 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: Microsoft Security Essentials, Disabled
HijackThis
Received this msg: For some reason your system denied Write access to the Hosts file. If any Hijacked domains are in this file, HijackThis may NOT be able to fix this.
I then ran HijackThis as Administrator and got these results:
=======================
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:12:44 PM, on 9/23/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\Touchpad Blocker\TouchpadBlocker.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\02 Technical\Techguys\2014 downloads icw problems\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Snaptop.exe] c:\program files (x86)\tools\snaptop\snaptop.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TouchpadBlocker.exe] "C:\Program Files (x86)\Touchpad Blocker\TouchpadBlocker.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe -scheduler
O4 - HKCU\..\Run: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "cn15gbr0nm:nw" -scfn "hp officejet pro 8500 a910 (net)" -AutoStart 1
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities v5.6.0.13\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\dudley\AppData\Local\Apps\2.0\MLRHZN8G.A30\07DJMBQW.24G\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN15GBR0NM:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1 (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [TouchpadBlocker.exe] "C:\Program Files (x86)\Touchpad Blocker\TouchpadBlocker.exe" -startup (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\Run: [DellSystemDetect] C:\Users\Edward Kirsch\AppData\Local\Apps\2.0\X9Q893WR.DJR\TXECCXNL.QRB\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe (User 'Edward Kirsch')
O4 - HKUS\S-1-5-21-1625300122-3579882335-3230745189-1000\..\RunOnce: [Uninstall C:\Users\Edward Kirsch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Edward Kirsch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" (User 'Edward Kirsch')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1000 Startup: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk = ? (User 'Edward Kirsch')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1000 User Startup: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk = ? (User 'Edward Kirsch')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1006 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Marsha F Slucker')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1006 Startup: Uninstall LastPass RunOnce.lnk = Marsha F Slucker\AppData\Roaming\lpuninstall.exe (User 'Marsha F Slucker')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1006 User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Marsha F Slucker')
O4 - S-1-5-21-1625300122-3579882335-3230745189-1006 User Startup: Uninstall LastPass RunOnce.lnk = Marsha F Slucker\AppData\Roaming\lpuninstall.exe (User 'Marsha F Slucker')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\LaunchEspresso.exe
O9 - Extra 'Tools' menuitem: HP Smart Print 2.6 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\LaunchEspresso.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://allianzlife.webex.com/client/T27LB/event/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\07 My Downloads\AVG AntiVirus Free 2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\07 My Downloads\AVG AntiVirus Free 2014\avgwdsvc.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KSafe service (KSafeSvc) - Kingsoft Corporation - C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Unknown owner - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater3.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15178 bytes

==========================================================================================

GMER - see attached

==========================================================================================

Belarc Advisor - see attached
=====================================================================================


----------



## idonquixote (Sep 18, 2010)

bump


----------



## etaf (Oct 2, 2003)

Hi I have removed the Belarc advisor file
< Removed the Belarc,as it has all your Keys to software products on the computer - not a good idea to post on a public forum - ETAF moderator>


----------



## idonquixote (Sep 18, 2010)

bump


----------



## idonquixote (Sep 18, 2010)

bump


----------



## idonquixote (Sep 18, 2010)

bump bump bump bump


----------



## JSntgRvr (Jul 1, 2003)

Hi and welcome.

Sorry for the delay.

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Make sure that under *Optional Scans*, there is a checkmark on Addition.txt and Shortcut.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another two logs (*Addition.txt and Shortcut.txt*). Please attach these to your reply.


----------



## idonquixote (Sep 18, 2010)

Initially, I ran FRST as Edward M. Kirsch, the user ID with which I was signed in. That scan "stopped responding". I switched to Dudley, the administrator, and the scan ran to completion.. I am not sure whether the logs are per scan or cumulative.

===================================================

BTW, I am aware of a problem with printer HP OfficeJet Pro 8500A A910. This problem existed prior to all the other issues. I'll take care of that after the others are fixed.


----------



## JSntgRvr (Jul 1, 2003)

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
*On-Access* and *On-Demand*

*On-Access Scanners*
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

*On-Demand Scanners*
As the name implies, are scanners that only run when you ask them to, such as, Online Scans and scanners that run on your machine but are not actively scanning your machine.

*You have AVG, Adaware and Microsoft Essentials active*. In your position I would remove them all and install *AVAST.*

Step 2

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Step 3

Download AdwCleaner from *here*. Save the file to the desktop.

*NOTE:* If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

*Close all open windows and browsers.*

*XP users:* Double click the *AdwCleaner* icon to start the program.
*Vista/7/8 users:* Right click the *AdwCleaner* icon on the desktop, click *Run as administrator* and accept the UAC prompt to run AdwCleaner.
You will see the following console:










Click the *Scan* button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: *Pending. Please uncheck elements you don't want to remove.*
Click the *Clean* button.
*Everything checked* will be deleted.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this










On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to *C:\AdwCleaner\AdwCleaner[S0].txt*

Step 4







Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

Select the language and click OK.
Accept the agreement
Make sure a checkmark is placed next to *Enable the Free Trial* and *Launch [*]Malwarebytes' Anti-Malware*, then click on finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Scan Now*".
The scan may take some time to finish,so please be patient.
When the scan is complete, click on *Quanrantee All*,.
When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
Upon restart, launch Malwarebytes Antimalware and select History.
Double click on the last scan done, then on Copy to Clipboard.
Right click on your next reply and select Paste.
Submit your reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## idonquixote (Sep 18, 2010)

What does [/*] stand for?
===============================
Step 1 - I uninstalled AVG and Adaware. AVG Web Tuneup would not uninstall. I don't know what Microsoft Essentials active is. Do you mean Microsoft Security Essentials?
Installed free AVAST. Unchecked the box on the cover page offering some goodie. Took all of the checked options inside even though I would have skipped the "remote" features." Will this free version still be available to me after 30 days? 
Ran AVAST. Removed AVG SafeGuard per the suggestion of AVAST. There was 1 threat which was moved to the Chest. There were many, many Warnings. All but 1 said "Error: Archive is password protected. (42056)" The only 1 warning with a different comment was "C:\Windows\winstart.bat" which said "Error: File is offline - it is currently not available. (42006)" Although I was told to select the required action (for each warning) and click apply, I could not find any "actions."

Step 2 - I started to run FRST with Fix. Once it was running, I realized Shortcuts was not checked. As there was no option to Stop or Restart, I decided to do a Ctl+Alt+Del. Not only did I cancel FRST, but ALL tasks vanished. Then the blue-screen-of-death appeared. Eventually, I was able to restart from the screen that offers Safe Mode, where I selected Normal. It told me to wait, but 45 minutes later I was still waiting. I manually shut the PC off and rebooted. It asked if I wanted to restore previous Chrome activities, but then it had trouble doing that. I shut the PC off again and started from scratch, this time putting a check in Shortcuts and Addition. The log is attached. However, running FRST again caused Chrome to shutdown abnormally again. I was able to restore my previous Chrome session.

Step 3 - I downloaded AdwCleaner. I have attached both the S0 (false start) and the S1 versions of the AdwCleaner logs.

Step 4 - I downloaded Malwarebytes' Anti-Malware. I could not find the "Enable the Free Trial" so I just went ahead with the launch. I got as far as History, put a checkmark on the last scan done (which showed only 1 PUP entry), but could not find anything like "Copy to Clipboard." I would gladly manually copy the 1 line from the most recent scan, but I cannot find the file it is in.


----------



## idonquixote (Sep 18, 2010)

Attachments didn't make it to the post. Here they are!


----------



## JSntgRvr (Jul 1, 2003)

Please scan with FRST once again and post its report. Let me know if any of the previews problems persists.


----------



## idonquixote (Sep 18, 2010)

1) What does [/*] stand for?
===================
2) Will free version of AVAST still be available to me after 30 days? If not, what FREE s/w should I use?
=================== 
3) I still don't know what Microsoft Essentials active is. Do you mean Microsoft Security Essentials? I have not yet removed MSE.
===================
4) I ran FRST with the fixlist.txt from YOUR #9 post. Was that correct?
The new fixlog.txt is attached.
Apparently Chrome and FRST cannot run at the same time. Chrome closed abnormally--but cleanly. I was able to pick up after FRST was finished and I reopened Chrome and "restored" previous session.


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> 1) What does [/*] stand for?
> ===================
> 2) Will free version of AVAST still be available to me after 30 days? If not, what FREE s/w should I use?
> ===================
> ...


1. [/*] is part of the forums' software. It means it wont accept that code. Nothing to worry about.

2. Once the 30 days try-out come to an end, AVAST will let you know and the option for the Free anti-Virus will be offered.

3. Rather than running the Fix, I need you to run FRST, put a checkmark on Addition and click on Scan. Post the new FRST.txt log as well as the Addition.txt log.


----------



## idonquixote (Sep 18, 2010)

I still don't know what Microsoft Essentials active is. Do you mean Microsoft Security Essentials? I have not yet removed MSE.
===================

Ran FRST, with a checkmark on Addition then clicked on Scan. Attached are the new FRST.txt log and the Addition.txt log.
===================


----------



## JSntgRvr (Jul 1, 2003)

Yes, you must remove *Microsoft Security Essentials*. You cannot run two antivirus at once.

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Please re-scan once again with with FRST and post the new FRST.txt and Addition.txt also on your next reply.

Let me know How is the computer doing at this time.


----------



## idonquixote (Sep 18, 2010)

I cannot uninstall Microsoft Security Essentials. Initially told it was in use. Turned off MSE in right box above clock. Rebooted. Ran and failed again. "Cannot complete uninstall wizard. Error Code: 0x 800 706 43". Looked it up--has to do with Windows Update Error. NO SURPRISE THERE!
=========================

You say, "Download the enclosed file (see below)."

IS THE FILE YOU WANT ME TO DOWNLOAD (Fixlog.txt)??????? I don't see any other file.


----------



## JSntgRvr (Jul 1, 2003)

*Fixlist.txt* under Attached files. (Look at Post 16)


----------



## JSntgRvr (Jul 1, 2003)

For the removal of Microsoft Security Essentials use this *tool* and let me know the outcome.


----------



## JSntgRvr (Jul 1, 2003)

Any issues with the above instructions?


----------



## idonquixote (Sep 18, 2010)

Ran Microsoft Security Essentials Removal Tool AS ADMINISTRATOR but it failed. Message under blue box banner of Windows Installer was "The system administrator has set policies to prevent this installation." (See my very first post. I've seen this before.)
=========================

Instructions now OK. 
=========================

I tried to open IE. Same problems (more or less) as described in first post.
=========================

Also, got a message/warning from EMET. It went by too fast for me to be sure but it said something like
lccvlist.microsoft.com rule broken by MSLIVECA domain
=========================

Question--Is there a way to reinstate the Post Numbers on page 2 of this thread?
=========================


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*

Then click on *Change parameters* in TDSSKiller.

Another window will appear.

Check all boxes then click OK.

Click the *Start Scan* button. (Please do not interrupt this program once engaged.)

The scan should take no longer than 2 minutes.

If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.

If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*
*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## idonquixote (Sep 18, 2010)

Fixlog.txt attached
===============

Declined to be part of Kaspersky research. However, I DID accept the EULA. I peeked at the o/p logs and saw they think I had NOT accepted the EULA: "KSN EULA was not accepted. For auto accept you could use -accepteulaksn command line parameter." Did this happen because I declined the research?

Had to install additional s/w for Kaspersky to allow me to change parameters. Did so.
Ran scan. 
All suspicious objects were "skipped."
DID NOT DO ANYTHING BEYOND RUNNING SCAN BECAUSE I WAS NOT GIVEN OPPORTUNITY TO DO ANYTHING.

4 reports are attached. I think there are 4 because I had several false starts.

Pls verify Kaspersky's steps and tell me how to finish. Thx.


----------



## JSntgRvr (Jul 1, 2003)

The detection are only unsigned files, none which appear to be malicious.

*Step 1*

Open an Administrator command prompt. ( Click on Start, type CMD on the search line and press CTRL+SHIFT+ENTER)

At the prompt type the following and press Enter:

*CHKDSK /R*

That should check the integrity of the disk. Please let me know the outcome.

*Step 2*

Open an Administrator command prompt. ( Click on Start, type CMD on the search line and press CTRL+SHIFT+ENTER)

At the prompt type the following and press Enter:

*SFC /Scannow*

That should check the integrity of Windows protected files. Please let me know the outcome.


----------



## JSntgRvr (Jul 1, 2003)

PS

In regard to *CHKDSK*, schedule the scan for the next boot and restart the computer.


----------



## idonquixote (Sep 18, 2010)

Ran CHKDSK/R
Left the computer. PC had gone to sleep by the time I returned.
Did a Google and learned the results would be in 
*Control Panel -> Administrative Tools -> Event Viewer -> Windows Logs -> Application -> Wininit
Wininit is found under the source column.*
_Copied the "GENERAL" and "DETAILS" into this post. See below._

===========================

Ran SFC/Scannow
"Windows Resource Protection did not find any integrity violations."

===========================

GENERAL

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/10/2014 12:52:44 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: EdwardKirsch-PC
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x3f4f1.
282624 file records processed.

File verification completed.
1850 large file records processed.

0 bad file records processed.

0 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
382098 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
282624 file SDs/SIDs processed.

Cleaning up 16656 unused index entries from index $SII of file 0x9.
Cleaning up 16656 unused index entries from index $SDH of file 0x9.
Cleaning up 16656 unused security descriptors.
CHKDSK is compacting the security descriptor stream
49738 data files processed.

CHKDSK is verifying Usn Journal...
35315624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
282608 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
86155528 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

472984599 KB total disk space.
127810560 KB in 228769 files.
152208 KB in 49741 indexes.
0 KB in bad sectors.
399715 KB in use by the system.
65536 KB occupied by the log file.
344622116 KB available on disk.

4096 bytes in each allocation unit.
118246149 total allocation units on disk.
86155529 allocation units available on disk.

Internal Info:
00 50 04 00 f7 3f 04 00 e1 b1 07 00 00 00 00 00 .P...?..........
16 ad 00 00 6d 00 00 00 00 00 00 00 00 00 00 00 ....m...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-10-10T04:52:44.000000000Z" />
<EventRecordID>178936</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>EdwardKirsch-PC</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x3f4f1.
282624 file records processed.

File verification completed.
1850 large file records processed.

0 bad file records processed.

0 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
382098 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
282624 file SDs/SIDs processed.

Cleaning up 16656 unused index entries from index $SII of file 0x9.
Cleaning up 16656 unused index entries from index $SDH of file 0x9.
Cleaning up 16656 unused security descriptors.
CHKDSK is compacting the security descriptor stream
49738 data files processed.

CHKDSK is verifying Usn Journal...
35315624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
282608 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
86155528 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

472984599 KB total disk space.
127810560 KB in 228769 files.
152208 KB in 49741 indexes.
0 KB in bad sectors.
399715 KB in use by the system.
65536 KB occupied by the log file.
344622116 KB available on disk.

4096 bytes in each allocation unit.
118246149 total allocation units on disk.
86155529 allocation units available on disk.

Internal Info:
00 50 04 00 f7 3f 04 00 e1 b1 07 00 00 00 00 00 .P...?..........
16 ad 00 00 6d 00 00 00 00 00 00 00 00 00 00 00 ....m...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>

================================

DETAILS

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/10/2014 12:52:44 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: EdwardKirsch-PC
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x3f4f1.
282624 file records processed.

File verification completed.
1850 large file records processed.

0 bad file records processed.

0 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
382098 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
282624 file SDs/SIDs processed.

Cleaning up 16656 unused index entries from index $SII of file 0x9.
Cleaning up 16656 unused index entries from index $SDH of file 0x9.
Cleaning up 16656 unused security descriptors.
CHKDSK is compacting the security descriptor stream
49738 data files processed.

CHKDSK is verifying Usn Journal...
35315624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
282608 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
86155528 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

472984599 KB total disk space.
127810560 KB in 228769 files.
152208 KB in 49741 indexes.
0 KB in bad sectors.
399715 KB in use by the system.
65536 KB occupied by the log file.
344622116 KB available on disk.

4096 bytes in each allocation unit.
118246149 total allocation units on disk.
86155529 allocation units available on disk.

Internal Info:
00 50 04 00 f7 3f 04 00 e1 b1 07 00 00 00 00 00 .P...?..........
16 ad 00 00 6d 00 00 00 00 00 00 00 00 00 00 00 ....m...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-10-10T04:52:44.000000000Z" />
<EventRecordID>178936</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>EdwardKirsch-PC</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x3f4f1.
282624 file records processed.

File verification completed.
1850 large file records processed.

0 bad file records processed.

0 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
382098 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
282624 file SDs/SIDs processed.

Cleaning up 16656 unused index entries from index $SII of file 0x9.
Cleaning up 16656 unused index entries from index $SDH of file 0x9.
Cleaning up 16656 unused security descriptors.
CHKDSK is compacting the security descriptor stream
49738 data files processed.

CHKDSK is verifying Usn Journal...
35315624 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
282608 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
86155528 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

472984599 KB total disk space.
127810560 KB in 228769 files.
152208 KB in 49741 indexes.
0 KB in bad sectors.
399715 KB in use by the system.
65536 KB occupied by the log file.
344622116 KB available on disk.

4096 bytes in each allocation unit.
118246149 total allocation units on disk.
86155529 allocation units available on disk.

Internal Info:
00 50 04 00 f7 3f 04 00 e1 b1 07 00 00 00 00 00 .P...?..........
16 ad 00 00 6d 00 00 00 00 00 00 00 00 00 00 00 ....m...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>

==================================


----------



## JSntgRvr (Jul 1, 2003)

What is the purpose of using EMET? The Enhanced Mitigation Experience Toolkit (EMET), if it is, is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. In other words, it is a file blocker.

Just wonder is it is acting against you.

Please remove Spybot Search and Destroy. It wont protect your system, but it will interfere with our tools.

Once done, run *AdwCleaner* once again and post its report. The last time it ran, some folders and registry entries refused to move.

One more question, does Chrome behaves such as IE?


----------



## idonquixote (Sep 18, 2010)

Signed on as administrator. No other users on system. Attempted to remove EMET, but was told this had to be done by administrator.

========================

Removed S&D. Rebooted.

========================

Ran AdwCleaner. DID NOT CLEAN.

Here is the report:
# AdwCleaner v3.311 - Report created 10/10/2014 at 11:48:32
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dudley - EDWARDKIRSCH-PC
# Running from : C:\Users\dudley\Desktop\AdwCleaner\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\dudley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v38.0.2125.101

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\dudley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Marsha F Slucker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [28946 octets] - [04/09/2014 21:01:24]
AdwCleaner[R2].txt - [4126 octets] - [06/10/2014 23:49:14]
AdwCleaner[R3].txt - [1551 octets] - [10/10/2014 11:48:32]
AdwCleaner[S0].txt - [28894 octets] - [04/09/2014 21:14:59]
AdwCleaner[S1].txt - [4231 octets] - [06/10/2014 23:55:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1732 octets] ##########

===========================

Your last Q about Chrome is not clear. If you are asking whether Chrome is acting crazy like IE is, the answer is NO. Chrome is behaving.

===========================
*
I STILL HAVE NOT REMOVED MICROSOFT SECURITY ESSENTIALS.*

===========================


----------



## JSntgRvr (Jul 1, 2003)

Enable the Built-in Administrator Account and try these actions.

First you'll need to open a command prompt in administrator mode (Start, type CMD on the search box) by right-clicking and choosing "Run as administrator" (or use the Ctrl+Shift+Enter shortcut from the search box).

Now type the following command and press Enter:

*net user administrator /active:yes*

Restart and logon as the Administrator. Let me know if that makes a difference.


----------



## idonquixote (Sep 18, 2010)

Post #29 is unclear.

I ran the command as administrator and then typed in net user administrator/active:yes

I restarted and logged on as the Administrator.

1. You didn't tell me any process to run.
2. When I shut down to restart, doesn't that wipe out anything I typed in the previous session in DOS?

P.S. After restarting as Administrator, I did try to uninstall both EMET and Microsoft Security Essentials. Both failed.


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> Post #29 is unclear.
> 
> I ran the command as administrator and then typed in net user administrator/active:yes
> 
> ...


I wanted you to attempt to re-create the problems, and you did. Run *AdwCleaner* and clean those findings.

There seems to be some issues with your system in general. Lets attempt to address some areas of your system.

Download *Windows Repair version 2.92 * *(All in One*) from *here*

Install the program then run it. (*Be patient as it should take some time to finish*)

*NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.*

Follow these steps:

No need to go throughout all the tabs, as those tasks were done.


Go to *Step 5* and under "System Restore" click on *Create* button:
Go to *Repairs* tab and click *Open Repairs* button.
Click on the *Defaults* button.









_NOTE for *Windows 8* users. *Reset Registry Permissions* is NOT checked by design._

Click on *Start Repairs* button and let it run unhindered until finished.

*Post Windows Repair log* (_windows_repair_log.txt) which is located in the following folder:
*64-bit* systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\*Logs*
*32-bit* systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\*Logs*


----------



## idonquixote (Sep 18, 2010)

Ran AdwCleaner--scanned, cleaned, restarted.

REPORT LOG:
# AdwCleaner v3.311 - Report created 10/10/2014 at 19:44:50
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dudley - EDWARDKIRSCH-PC
# Running from : C:\Users\dudley\Desktop\AdwCleaner\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\dudley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
File Deleted : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v38.0.2125.101

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\dudley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Edward Kirsch\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Marsha F Slucker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [28946 octets] - [04/09/2014 21:01:24]
AdwCleaner[R2].txt - [4126 octets] - [06/10/2014 23:49:14]
AdwCleaner[R3].txt - [1812 octets] - [10/10/2014 11:48:32]
AdwCleaner[R4].txt - [1872 octets] - [10/10/2014 19:40:15]
AdwCleaner[S0].txt - [28894 octets] - [04/09/2014 21:14:59]
AdwCleaner[S1].txt - [4231 octets] - [06/10/2014 23:55:30]
AdwCleaner[S2].txt - [1947 octets] - [10/10/2014 19:44:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2007 octets] ##########

=========================================

Installed Windows Repair version 2.92 (All in One)

_Follow these steps:

No need to go throughout all the tabs, as those tasks were done.

Go to Step 4 and under "System Restore" click on Create button:
Go to Repairs tab and click Open Repairs button.
Click on the Defaults button.​_
I think you meant Step 5, not Step 4. Before clicking CREATE, I backed up the registry.

Repair log is attached.

===================================

Successfully uninstalled EMET and Microsoft Security Essentials. 
However, EMET still appears on the Notification Area Icons page.

==================================

Attempted to start IE. Same problems as before.

==================================


----------



## JSntgRvr (Jul 1, 2003)

Lets remove Emet's tray icon. I am having problems attaching files, so I will change my instructions.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it in the same location FRST is saved. Change the *Save as Type* to *All Files * and save it as *fixlist.txt*


```
Start
HKLM\...\Run: [EMET 4.1 Agent] => c:\program files (x86)\emet 4.1\emet_agent.exe [78992 2013-11-21] (Microsoft Corporation)
c:\program files (x86)\emet 4.1
End
```
Run *FRST* and press the *Fix* button just once and wait.
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Checking your installed programs, it seems it is a preview. Please remove the following programs:

*Windows Internet Explorer Platform Preview (HKLM-x32\...\{5F2C7928-68CC-4886-8919-BCEAE3AF75FE}) (Version: 1.9.8023.6000 - Microsoft Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )*

That should revert IE to the previous version.


----------



## idonquixote (Sep 18, 2010)

Created fixlist.txt as instructed. Ran FRST and pressed Fix. New fixlog.txt attached.

=========================

Uninstalled Windows Internet Explorer Platform Preview

=========================

*Could not find (to uninstall) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )*

=========================

EMET still appears on the Notification Area Icons page.

=========================

Looked at Windows Updates. _"Updates were installed: NEVER"_ 
One update found. Updated successfully.

=========================

QUESTION--When I SWITCH from a regular user to the administrator, is the first user still logged on? I sometimes get the msg that someone else may be using this process/file.

=========================


----------



## idonquixote (Sep 18, 2010)

Another QUESTION--
When I am in the "Preview Post" mode and I log off (intentionally or otherwise), the work I had been assembling disappears. Is there something in Techguys that I can tell to save my in-progress post?


----------



## JSntgRvr (Jul 1, 2003)

> EMET still appears on the Notification Area Icons page.


After the fix, a restart is needed. Let me know if it is still there



> When I SWITCH from a regular user to the administrator, is the first user still logged on? I sometimes get the msg that someone else may be using this process/file.


Another program may be sharing the process. Turn off the administrator account:

At an Administrator Command prompt type the following and press enter:

*net user administrator /active:no*

Type exit to return to Windows.



> When I am in the "Preview Post" mode and I log off (intentionally or otherwise), the work I had been assembling disappears. Is there something in Techguys that I can tell to save my in-progress post?


It happens to me all the time. As a workaround, I open Notepad and include all that will be posted. If I needed, I would save the information just in case.

Run FRST. Put a checkmark on Addition.txt and click on Scan. Post the new *FRST.txt* and *addition.txt *logs.


----------



## idonquixote (Sep 18, 2010)

Notification Area Icons page:
I have omitted telling you about all "behavior" choices. Tell me if that makes a difference.
Restarted (again). EMET_Agent.exe is still there. Says EMET notification.

In addition, there are duplicates/triplicates:

3 Windows Explorer (a)Safely remove hardware and eject media (shows plug with "default-ish" checkmark).
(b)This device can perform faster.
(c)0 document(s) pending for dudley (Dudley is the administrator, my cousin's dog).

2 Smart Defrag v3 (a)Smart Defrag Last Automatic Defrags: 2014/10/11 10:41:34 (shows icon)
(b)identical to above but without icon.

2 Farbar Recovery Scan Tool (a)FRST64.exe (without icon)
(b)identical to above, but with icon


==========================

New FRST.txt and addition.txt logs are attached.


----------



## JSntgRvr (Jul 1, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :filefind
> {a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
> EMET_Agent.exe
> 
> ...



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## idonquixote (Sep 18, 2010)

SystemLook.txt attached


----------



## JSntgRvr (Jul 1, 2003)

Copy and paste the following command at a command prompt and press Enter:

*C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"*

That should uninstall *Internet Explorer (Enable DEP)* application. Type Exit and press Enter after the uninstall process to return to Windows.

Download the enclosed folder (See below). Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, *Regfix.reg* . Once extracted, open the folder and click on the *Regfix.reg* file and select *Yes* when prompted to merge it into the registry.

To confirm, please run *SystemLook* once again with the same parameters, and post the report


----------



## idonquixote (Sep 18, 2010)

Wow!! Do you know how many years I had to remember back to dig up my DOS knowledge??? I looked up your profile and I am a couple of years older than you!

===========================

I manually changed the DOS Directory. There was no way to "copy" the DOS command, so I typed it manually. I think I typed it correctly.

===========================

I don't know what that command did.

===========================

In the rest of your post, you said "folder," but I think you meant "file."

===========================

Attached is a new SystemLook.txt


----------



## JSntgRvr (Jul 1, 2003)

The *Internet Explorer (Enable DEP)* application was removed.

Sometimes when you extract the files from a zip folder, a new folder is created. The file you have to click on is the regfix.reg file. You should receive a message to merge the file into the registry. Did that happened? The entries still exist in the Systemlook report?


----------



## idonquixote (Sep 18, 2010)

I'm starting to get confused.

================================

Yes, the file I had previously run was regfix.reg

Yes, I received a message to merge the file into the registry. 

Yes, that happened.

=================================

I can't recall whether or not I had copied your quote from your Post #38 the first time I ran it.

I ran it again just now and I definitely copied your quote from your Post #38. 

=================================

Attached is the new SystemLook.txt.

==================================
==================================

BTW, I know when you unzip a file you often get many files. Anticipating this, I always manually create a folder to unzip into. I didn't know that unzip would automatically create a folder to hold the piece-parts.
==================================


----------



## JSntgRvr (Jul 1, 2003)

Does Emet still present in your system tray?


----------



## idonquixote (Sep 18, 2010)

If the System Tray is that thing at the bottom right-hand corner which can expand to a box, the answer is NO. If it is the Notification Area Icons page, the answer is YES, EMET_Agent.exe still appears.

Also, some multiples still appear.


----------



## JSntgRvr (Jul 1, 2003)

Please take a screenshot of that area.


You can do this by pressing the *PrintScreen* key.
Then open Paint in accesories.
In Paint, go up to *Edit > Paste*
Then Go up to *File > Save As*. Click the drop-down box to change the *"Save As Type"* to *"JPEG"*, name it what you want, and save it on the desktop.
You can attach it to your reply.


----------



## idonquixote (Sep 18, 2010)

Where is EDIT in PAINT? Can't find it.


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> Where is EDIT in PAINT? Can't find it.


----------



## idonquixote (Sep 18, 2010)

I couldn't do it in PAINT, so I hope this helps.


----------



## JSntgRvr (Jul 1, 2003)

That should have been removed during uninstall. I believe it is just an icon.

See if this helps.

*To remove an icon from the notification area*


Open Taskbar and Start Menu Properties by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Taskbar and Start Menu.
Click the Notification Area tab, and then do one or both of the following:
To remove system icons, under System icons, clear the check boxes of the icons you want to remove.
To remove other icons, click Customize, click the icon you want to remove, click the drop-down list that appears next to the icon, click Hide, and then click OK.

Click Apply, and then click OK.


----------



## idonquixote (Sep 18, 2010)

HELP!! I have a bigger problem than before. I have been trying to fix this for several days, but have had no success.

I was working on an xls file on my F-drive when I was told to check the file. To do this, I was told to close everything.

I closed and logged off with a RESTART. When the system came back on, my F-drive, a Western Digital "My Book," did not appear as a drive under COMPUTER.

I have tried everything I can think of to get it back. Even the administrator has no luck. The F-drive is nowhere to be seen. I looked at some of the help-ish sites google identified, but I am afraid I'll mess things up further.

Any advice?

P.S. For a few days prior to this problem's showing up, my Outlook email was sometimes not responding immediately to my DELETE command. It would eventually respond, but not in the quick timeframe I was accustomed to.


----------



## idonquixote (Sep 18, 2010)

FIXED.

I went into the library and tried to access one of the files I knew existed on the F-drive. I was instructed to check the F-drive. Did so.

All is now right with the world.

One more thing--------------

I got a msg that my email had bounced back too many times. I guess I had a different email when I originally joined TechGuys. I updated my email address.

Now I am not sure if I am still connected to your thread with the new email address.

Pls check for me. My current email is Thx.


----------



## JSntgRvr (Jul 1, 2003)

If you receive this message in that e-mail, then things got fixed.

How is the overall performance of the computer?


----------



## idonquixote (Sep 18, 2010)

Sorry about my absence. I was kidnapped by life.

============================

EMET no longer appears on my Notification Area Icons page, but I do not know whether SystemLook really removed it or whether its disappearance is simply cosmetic. 

==========================

I was notified that I have a new install waiting: Windows Malicious Software Removal Tool x64 October 2014 (KB890830)
I did NOT install it. Should I? 

(Previous other installs/updates I deemed harmless and did not ask you about.)

==========================

It seems that I am still connected to your thread with my new email. However, I did not receive any msg you referred to in your post #53.

Also, am I supposed to receive some sort of notification when you post something new? I just always keep looking at TechGuys.

==========================

IE is still doing the same bad things mentioned in my first post.

=============something ============= 

Outlook.com is responding v-e-r-y slowly. I suspect it is their fault, not the fault my computer. I say this because I get messages leading me to believe they are aware of the problem.

=========================


----------



## JSntgRvr (Jul 1, 2003)

> I was notified that I have a new install waiting: Windows Malicious Software Removal Tool x64 October 2014 (KB890830)
> I did NOT install it. Should I?


The *Windows Malicious Software Removal Tool* is also harmless.

Run FRST, put a checkmark on Addition, and click on Scan. Post the new FRST.txt log as well as the Addition.txt log.


----------



## idonquixote (Sep 18, 2010)

=================================

It's been a fun afternoon. Shortly after installing and running Windows Malicious Software Removal Tool x64 October 2014 (KB890830), I ran FRST. Then the computer blew up; it was on its deathbed. I thought I would never be able to get back in.

==========================

I ran all kinds of suggested repairs. Startup Repair went into an endless loop. Another attempt said "Interactive logon process initialization process has failed. Please consult the event log for more details." One backup did not perform properly. Finally, a backup dated 10/20/2014, System: Automatic Restore Point, succeeded. Memory checked out ok via another scan.

==========================

Attached are the results of a FRST I ran *after *System Restore.

============================

Outlook.com is responding v-e-r-y slowly. Deletes take forever. I am no longer sure if the problem is them or my software.

=========================

At this point, I don't know if I should re-step through all the programs you had me run since 10/19/14 or pick up and go forward from where we are right now.

=========================


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

The Window Management Instrumentation is not working. Please go to page 3, Post 31 and run the Windows Repair tool once again. Make sure you turn off your security in the process.


----------



## idonquixote (Sep 18, 2010)

===========================

After Yesterday's restore, things limped along OK. (Had Chrome, still no IE.) At night, I said SLEEP rather than shut the PC down. In the morning, we were back to the unworkable SYSTEM RESTORE and the blue screen.

===========================

I restored again (as administrator) to one day more recent, 10/21/2014 4:31pm, Avast! antivirus system restore point.

===========================

I am afraid this thing is going to explode!
I located all of the CDs which originally came with the laptop as well as the REPAIR DISK I had made when the laptop was brand new. (This Repair Disk contains BOOT folder, SOURCES folder, and bootmgr file.)

===========================

To determine whether my external hard drive was causing problems, I unplugged the USB cable. No change. Replugged it. Now that drive is not showing under "Computer." Further research says it is functioning properly. If I could get it back, I would have more flexibility.

============================

Ran FRST, WITH *ADDITION.TXT*, and clicked on the Fix button. Attached is Fixlog.txt

====================

Could not run Windows Repair (All in One). Had to re-download the application. Turned off Avast! When running the app, got ERROR msg: "Error - could not create uninstall shortcut. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\ - Tweaking.com - Windows Repair (All in One).lnk

====================


----------



## JSntgRvr (Jul 1, 2003)

Unfortunately the Windows Management instrumentation is not working. There must be a corruption somewhere that our tools can't detect. When a System Restore is performed, all our efforts will be reversed, including but not limited to the installation of Tweaking.com and other programs. You may have to remove the Tweaking.com folder from the Programs Files folder or the Programs Files (x86) folder in your computer, to be able to reinstall.

Please download *Farbar Service Scanner* and run it.

Make sure all options are checked:
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## idonquixote (Sep 18, 2010)

====================

Attempted to download FSS.exe
"Failed - Virus scan failed -------------more information"
see below

https://support.google.com/chrome/answer/2898334?p=ui_download_errors&rd=1

====================

Can I just "delete" the folder under Program Files (x86) or is it more complicated than that?

====================

Also, I'm confused by the tenses used in the first paragraph of your previous post. Are they informational or instructions?

====================


----------



## JSntgRvr (Jul 1, 2003)

> Attempted to download FSS.exe
> "Failed - Virus scan failed -------------more information"
> see below


Turn Off your Ativirus when downloading FSS.exe. This may be due to a registry entry that was modified when System Restored was used.



> Also, I'm confused by the tenses used in the first paragraph of your previous post. Are they informational or instructions?


The Windows Management Instrumentation is not working. In order to fix this, the Windows Repair utility of Tweaking.com must be ran. Since your were unable to reinstall the application, perhaps also due to a change when using System Restore, I have asked you to remove this folder and attempt to reinstall the application.

Do not use System Restore, unless instructed.


----------



## idonquixote (Sep 18, 2010)

==========================

A few weeks ago I downloaded a game, Bejeweled3, an Origin product.
I have now learned that this is malware:

https://blog.malwarebytes.org/fraud-scam/2014/07/origin-is-giving-away-games-and-coins-not/

http://www.escapistmagazine.com/for...Origin-allows-malware-to-hijack-your-computer

http://arstechnica.com/security/201...atform-allows-attackers-to-hijack-player-pcs/

http://www.dayonepatch.com/index.php?/topic/42959-question-about-eas-origin-and-malware/

There are several removal solutions on Google, but I have not yet done anything.

=========================

Avast WAS turned off.

=========================

I can no longer get to the C-drive or any of its sub-folders (Program Files -x86-).
Therefore, a plain delete of the tweaking app is not possible.

==========================

I have an idea, but it might be flawed:
Would it make a difference if Farbar Service Scanner were downloaded to a service in the cloud? And then run from that service? And then have its output placed in the cloud?

You could tell me which service you prefer.

============================


----------



## JSntgRvr (Jul 1, 2003)

Right click on the *Start* button and select *Explore*. Are you able to browse the folders in the computer?


----------



## idonquixote (Sep 18, 2010)

Explore.exe

"No such interface supported."


----------



## JSntgRvr (Jul 1, 2003)

Your installation of Windows 7 is corrupted. You have two options, perform a repair install or a Destructive Recovery to Factory setting. A Repair Install wont erase your documents, but some of the programs must be installed as the registry entries for those programs will be erased. A Destructive Recovery will reformat the partition and all will be erased.

You can read about the Repair Install *here*. For the Destructive Recovery you should consult your manufacturers instructions.


----------



## idonquixote (Sep 18, 2010)

Before I jump off the cliff, perhaps you could give me some info:

1. I have discovered that I CAN see the c-drive. In both outlook.com and gmail, if I "browse" to see which file I want to "attach" to a new email, I can get into the c-drive. The file never successfully gets added.

2. That way, I was able to download FSS.exe to my desktop. I started to run it but did not know which boxes to check. Could you tell me so I can try it?

3. Where are the emails from outlook.com and gmail kept? I have no backup of them. I'd like to make backups.

4. Since I am able to see the c-drive, maybe some of the apps you want run could be done via DOS. You would have to give me the command line(s).

5. What is the name of the tweaking program you wanted me to DELETE from Program files (x86)?

6. If it does reach the point that I need a windows download, could you pls walk me through it? The thought terrifies me.


----------



## JSntgRvr (Jul 1, 2003)

> Please download Farbar Service Scanner and run it.
> *Make sure all options are checked:*
> It will create a log (FSS.txt) in the same directory the tool is run.
> Please copy and paste the log to your reply.


The instructions called for all options. See if you can run it from the Command Prompt.

*"%userprofile%\desktop\FSS.exe"*

Here is another command you can run at the prompt:

*SFC /Scannow*


----------



## idonquixote (Sep 18, 2010)

FSS.txt run as administrator----------------below from notepad, file attached also

====================================

Farbar Service Scanner Version: 21-07-2014
Ran by dudley (administrator) on 25-10-2014 at 19:56:57
Running from "C:\Users\Edward Kirsch\Desktop\Farber Service Scanner"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll
[2014-10-15 07:02] - [2014-07-06 22:06] - 0187904 ____A (Microsoft Corporation) 19D511CC455C19DE1ADF60E6C39C85B6

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


----------



## idonquixote (Sep 18, 2010)

I'm logged in to windows as the administrator. 

How do I get to run a "console Session" for SFC /Scannow ? 
Also, is there a space before the / ?

Do I run it at the c-prompt as I did for the FSS?


----------



## JSntgRvr (Jul 1, 2003)

> How do I get to run a "console Session" for SFC /Scannow ?


What is a Console Session? You said you were able to run programs at a command prompt, as I suggested to run FSS.exe. It is the same process. Get to a command prompt and run the application, and Yes, there is a space between SFC and /Scannow.


----------



## idonquixote (Sep 18, 2010)

The "console" I was asking about is reached by right-clicking and choosing "Run as Administrator." It seems
it is not enough to only be logged on as administrator for this command,

from SFC:
"Windows Resource Protection did not find any integrity violations."

Was I supposed to send you a file from SFC? Where would it be?


----------



## JSntgRvr (Jul 1, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :folderfind
> Tweaking.com
> 
> :filefind
> tweaking*



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## idonquixote (Sep 18, 2010)

SystemLook-------------------------notepad and attached file

SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 26/10/2014 by dudley
Administrator - Elevation successful

========== folderfind ==========

Searching for "Tweaking.com"
C:\Program Files (x86)\Tweaking.com	d------	[23:56 10/10/2014]
C:\Users\dudley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com	d------	[23:56 10/10/2014]

========== filefind ==========

Searching for "tweaking*"
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\TweakingImgCtl.ocx	--a---- 852960 bytes	[07:19 13/09/2014]	[20:02 25/08/2014] 32649C14086F89B898F0C770241EB2DC
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\tweaking_com_treeview.ocx	--a---- 271328 bytes	[22:29 21/09/2013]	[21:54 03/04/2014] 7FB26599C0C80A9AAD9FC70C6FF87E6C
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\tweaking_tabs.ocx	--a---- 234464 bytes	[18:23 23/09/2013]	[21:54 03/04/2014] 326D3906393053FD6E8838482F6BDAFB
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\Tweaking_CleanMem.exe	--a---- 66528 bytes	[18:41 13/02/2014]	[19:08 13/02/2014] 27EC7614F489A47B6B6BB310ABF54DE4
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\Tweaking_CleanMem.exe.manifest	--a---- 565 bytes	[18:41 13/02/2014]	[18:41 13/02/2014] F1C7B624CC1E1951ABC6FFAC0B27F263
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\Tweaking_CleanMem.ini	--a---- 195 bytes	[18:41 13/02/2014]	[18:34 13/02/2014] 30F82AC9B1BBDB5E4442DF9CEB2655C8
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe	--a---- 46048 bytes	[05:02 03/06/2014]	[22:58 19/08/2014] 13DE29CF5CEE42AF76A0D20019AF6086
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe.manifest	--a---- 1416 bytes	[05:02 03/06/2014]	[03:17 03/06/2014] AF02B6CB0ADDEE581DC0572314B6FF74
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_rati.exe	--a---- 46048 bytes	[01:16 20/07/2014]	[22:58 19/08/2014] F93B6FC590220F8DE262E8FFF19A56B7
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_rati.exe.manifest	--a---- 1426 bytes	[01:16 20/07/2014]	[01:10 20/07/2014] 933B1CE055541F94F01126CB549998F3
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingImgCtl.ocx	--a---- 852960 bytes	[00:22 24/09/2014]	[20:02 25/08/2014] 32649C14086F89B898F0C770241EB2DC
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe	--a---- 1397728 bytes	[00:22 19/07/2013]	[12:53 21/10/2014] E9378B7A2E708CCCF64F546E178B56F3
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe.manifest	--a---- 5948 bytes	[00:22 19/07/2013]	[00:31 02/10/2014] 5D60E2FD1BA9AE2E6908D730DA470731
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\tweaking_com_treeview.ocx	--a---- 266240 bytes	[00:22 19/07/2013]	[06:15 20/07/2013] C65C08F26338D4BE82D142242F0162EB
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\tweaking_tabs.ocx	--a---- 234464 bytes	[02:07 31/08/2013]	[01:01 08/10/2014] E91943186A34779E344D27F3706E828B
C:\Users\dudley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk	--a---- 2726 bytes	[23:56 10/10/2014]	[23:56 10/10/2014] 37A698A3FA14F2EB40FF90619C1E8A93
C:\Users\dudley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair (All in One).lnk	--a---- 2295 bytes	[23:56 10/10/2014]	[23:56 10/10/2014] 26887C8C012984B84A8988006A7549A7
C:\Users\dudley\Desktop\Tweaking.com - Windows Repair (All in One).lnk	--a---- 2255 bytes	[23:56 10/10/2014]	[01:13 11/10/2014] 63838D58D2E8C243517C8C3A3D604CF7
C:\Users\dudley\Desktop\Windows Repair Tool\tweaking.com_windows_repair_aio_setup.exe	--a---- 9811720 bytes	[23:05 22/10/2014]	[23:05 22/10/2014] 0F53F72920448BCFE8BCA1E5A1B24A04
C:\Windows\Tweaking.com - Windows Repair (All in One) Setup Log.txt	--a---- 513392 bytes	[23:55 10/10/2014]	[23:20 22/10/2014] B018B085320500861BE9292AC99CBE74
C:\Windows\tweaking.com-regbackup-EDWARDKIRSCH-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat	--a---- 207 bytes	[01:19 11/10/2014]	[01:19 11/10/2014] CA2A8AF1DBAD0F31F9B33A2827DFBC16

-= EOF =-


----------



## JSntgRvr (Jul 1, 2003)

If you click on the *Tweaking.com - Windows Repair (All in One)* link to run the application, not the setup program, would the application run?


----------



## idonquixote (Sep 18, 2010)

Question: Every time I did something in DOS, I did it at the c-prompt, upping the level at which DOS originally opened. Was this correct? When something like a FIND is done at the c-prompt, does the FIND look within the sub and sub-sub folders?

=============================

Windows Repair (All in One)
Step 1 - did
Step 2 - skipped
Step 3 - part 1 - log below
DID NOT DO ANYTHING ELSE
=============

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (255514 of 283904 file records processed) 
283904 file records processed.

File verification completed.
1852 large file records processed.

0 bad file records processed.

0 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
30 percent complete. (321258 of 383328 index entries processed) 
Index entry Local State in index $I30 of file 196762 is incorrect.
Index entry LOCALS~1 in index $I30 of file 196762 is incorrect.
31 percent complete. (333446 of 383328 index entries processed) 
383328 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

C:\>


----------



## JSntgRvr (Jul 1, 2003)

The command should be ran as follows:

*chkdsk C: /R*

Download the latest version of *Tweaking.com Windows Repair (All In One) version 2.10.0*. Skip all steps already done and proceed with the repairs.


----------



## idonquixote (Sep 18, 2010)

the command *chkdsk C: /R* looks like it should get run at the DOS c-prompt.

I have downloaded Tweaking.com Windows Repair (All In One) version 2.10.0. It does not seem to have a place to type in *chkdsk C: /R*

Are these 2 separate instructions for me? Which is done first?


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> the command *chkdsk C: /R* looks like it should get run at the DOS c-prompt.
> 
> I have downloaded Tweaking.com Windows Repair (All In One) version 2.10.0. It does not seem to have a place to type in *chkdsk C: /R*
> 
> Are these 2 separate instructions for me? Which is done first?


There are two separated instructions. CHKDSK C: /R at the prompt, and the Repair Utility, skipping the steps already done.


----------



## idonquixote (Sep 18, 2010)

=================================

Did CHKDSK C: /R at the prompt. I don't know where to find a log for Chkdsk done at the c-prompt.

=================================

Did the Repair Utility. Two logs attached. Did not do tweaking section.

=================================


----------



## idonquixote (Sep 18, 2010)

Some other files here and in following message.


----------



## idonquixote (Sep 18, 2010)

Some more files.


----------



## JSntgRvr (Jul 1, 2003)

Where those logs come from?


----------



## idonquixote (Sep 18, 2010)

The 8 files in posts #80 and #81 are in folder
Tweaking.com>Windows Repair (All in One)>Logs>10.28.2014_10.31.00-PM

I have another set dated 
10.10.2014_9.21.26-PM

Are they of any use?


----------



## JSntgRvr (Jul 1, 2003)

They looked familiar, but no heading was included.

Please put a checkmark on *addition.txt* and re-scan with *FRST*. Post the new *FRST.txt* and *Addition.txt* reports.


----------



## idonquixote (Sep 18, 2010)

Here are the new FRST.txt and Addition.txt reports.


----------



## JSntgRvr (Jul 1, 2003)

How is the computer doing?


----------



## idonquixote (Sep 18, 2010)

===========================

I spent most of today trying to get my missing external disk drive to show up again. 
After trying a million things, the system offered to do a drive check on that drive, and that seems to have gotten it back.

============================

IE is still not working. The screen turns black, but it no longer crashes to a blue screen. Progress??

============================

What's next?

============================


----------



## JSntgRvr (Jul 1, 2003)

Try option one (1) *here* and let me know the outcome. If able to uninstall, you may be able to reinstall using Windows Updates.


----------



## idonquixote (Sep 18, 2010)

I did Option 1. It seemed to uninstall properly.

On the left, I still have 2 icons for IE. I did not check whether or not they did anything.

IE is gone from installed updates and programs.

IE does not show up as a pending update, so I didn't have to hide it.


----------



## JSntgRvr (Jul 1, 2003)

At least IE 8.0 should engage. Go to start -> Windows updates and check for Updates


----------



## idonquixote (Sep 18, 2010)

I cannot find a plain "Windows" in the listed programs after clicking START. All Windows-type listings have another word after it.

========================================

I went into Control Panel>Windows Update and found that on Nov 4 the following were updated:

*1* Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB2909210)

Installation date: ‎11/‎4/‎2014 1:24 PM

Installation status: Successful

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information: 
http://support.microsoft.com/kb/2909210

Help and Support: 
http://support.microsoft.com​
*2* Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2987107)

Installation date: ‎11/‎4/‎2014 1:23 PM

Installation status: Successful

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information: 
http://support.microsoft.com/kb/2987107

Help and Support: 
http://support.microsoft.com​
*3* Definition Update for Windows Defender - KB915597 (Definition 1.187.1263.0)

Installation date: ‎11/‎4/‎2014 7:38 AM

Installation status: Successful

Update type: Important

Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information: 
http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx

Help and Support: 
http://go.microsoft.com/fwlink/?LinkId=52661​===========================================

Two Optional Updates are available. I have NOT yet installed either of them:

*1* Internet Explorer 11 for Windows 7 for x64-based Systems

Download size: 56.3 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

Download the fast and fluid browser recommended for Windows 7.
Internet Explorer 11. Fast and fluid for Windows 7.
 Fast. Fast at loading sites and fluid as you navigate through them.
 Easy. Seamless with Windows, it just works the way you want.
 Safer. Better protection from threats and increased privacy online.

More information: 
http://go.microsoft.com/fwlink/?LinkID=329031

Help and Support: 
http://go.microsoft.com/fwlink/?LinkID=281970​
*2* Microsoft driver update for HP LaserJet 6L

Download size: 11.6 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

This driver was provided by Microsoft for support of HP LaserJet 6L

More information: 
http://winqual.microsoft.com/support/?driverid=4188

Help and Support: 
http://support.microsoft.com/select/?target=hub

This 2nd update puzzles me because I keep updating it but it keeps re-appearing.​===========================================

I tried to run the IE which exists. No good.

Blinking black screen>disappearing cursor>blue screen.

===========================================


----------



## JSntgRvr (Jul 1, 2003)

Install the Internet Explorer 11 for Windows 7 for x64-based Systems and let me know the outcome. Let the installation run unhindered until done.


----------



## idonquixote (Sep 18, 2010)

================================

Google has a lot of sites to choose from. Is this OK?

_http://www.microsoft.com/en-us/download/internet-explorer-11-details.aspx_

================================


----------



## JSntgRvr (Jul 1, 2003)

Yes it is.


----------



## idonquixote (Sep 18, 2010)

================

Downloaded and installed IE11. Same story as before.

================

BTW, Java has been hounding me about installing an update. I finally gave in, and attempted to install. FAILED. Files were missing.

================

IS THERE A WAY TO UNINSTALL IE10?

==================


----------



## JSntgRvr (Jul 1, 2003)

Is it under Control Panel -> Programs Features -> View Installed Updates?


----------



## idonquixote (Sep 18, 2010)

No. Only Windows IE Platform Preview


----------



## JSntgRvr (Jul 1, 2003)

open an Administrator Command prompt. (Click on Start, type CMD and press CRTL+SHIFT+ENTER). The Administrator Command prompt should open as C:\Windows\System32. At the C:\Windows\System32 prompt type the following and press Enter:

*SFC /ScanNow*

Let me know the outcome.


----------



## idonquixote (Sep 18, 2010)

===================================

from SFC:
"Windows Resource Protection did not find any integrity violations."

===================================

Should I try to UNinstall and then re-install JAVA?

===================================

Does it make sense to uninstall IE 11 again and then to try to uninstall IE 10 (or whatever is sitting there)? How?

===================================

When I try to attach a file to an Outlook email, it looks like it attaches but it then can't open.

===================================

I mention some of these things because I really don't know which, if any, of them is relevant.

===================================


----------



## idonquixote (Sep 18, 2010)

*By the way, previously, whenever you told me to go to the command prompt, I went to the c-prompt (higher than system32). Did that give incorrect results?

I still don't know whether if something like a "find" runs at the c-prompt it automatically looks within subordinate folders?*


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> *By the way, previously, whenever you told me to go to the command prompt, I went to the c-prompt (higher than system32). Did that give incorrect results?
> 
> I still don't know whether if something like a "find" runs at the c-prompt it automatically looks within subordinate folders?*


It should't as the System32 is in the path, but the command prompt should contain the word *Administrator* on the upper left corner.

Lets attempt to do this under the built in_hidden Administrator account.

Open an Administrator Command prompt. At the prompt type the following and press Enter:

*net user administrator /active:yes*

Close all windows and restart the computer. Logon under the built in Administrator. Remove and reinstall JAVA and IE11.


----------



## idonquixote (Sep 18, 2010)

==============================

I don't think I accomplished anything with the built in_hidden Administrator account. 

With the regular Administrator (dudley), I added the Java 8 Update 25. I could not remove the Java 7 Update 67 because I did not have access to that file (C:\Users\dudley\AppData\LocalLow\Sun\Java\jre1.7.0_67\) .

As for IE11, I re-installed it, but I am not sure it ever got un-installed.

The IE icon appears on the bottom line (with the other open programs), but it still does not function correctly.

I tried to "repair" WINDOWS INTERNET EXPLORER PLATFORM PREVIEW 1.9.8023.6000: iepreview.exe - Ordinal Number" but got the msg:
"The ordinal 701 could not be located in the dynamic link library iertutil.dll". Don't know what that means.

================================


----------



## JSntgRvr (Jul 1, 2003)

> I tried to "repair" WINDOWS INTERNET EXPLORER PLATFORM PREVIEW 1.9.8023.6000: iepreview.exe - Ordinal Number" but got the msg:
> "The ordinal 701 could not be located in the dynamic link library iertutil.dll". Don't know what that means.


This platform preview, responds to IE9. In your position I would remove it.

*JavaRa* is a program that can help you remove and reinstall JAVA.

Does IE11 gives you an error message? Go to the Control Panel. Select Internet Options. Click on the Advanced tab, then on Reset. Lets see if that helps. Post any error as received.


----------



## idonquixote (Sep 18, 2010)

==========================

Removed the platform preview. No problem.

==========================

JavaRa did install Java 8, but the remnants of 7 remain. Got same msg that file was not accessible.

==========================

Attempted to reset IE11. Got as far as "Meet your new browser," before pgm froze.

===========================

Attached are logs from JavaRa.

===========================


----------



## idonquixote (Sep 18, 2010)

===========================

This comes from Avast. Does it help?

===========================


----------



## JSntgRvr (Jul 1, 2003)

*Here* is another JAVA uninstall Tool. Try it and let me know the outcome.

I don't see Iobit or Advanced System Care in your installed programs. Open a command prompt. At the prompt type the following and press Enter:

*Dir /a:d "c:\program files (x86)" >"%Userprofile%\Desktop\Report.txt"*

A *Report.txt* should be produced on your desktop. Post its contents in your reply.


----------



## idonquixote (Sep 18, 2010)

JSntgRvr said:


> *Here* is another JAVA uninstall Tool. Try it and let me know the outcome.


Pls give me EXACT instructions for this website. I think I have some setting that is keeping me from proceding.


----------



## JSntgRvr (Jul 1, 2003)

Click on* I agree to the terms and want to continue*. If out-of-date versions are found, this tool will help you remove them. .

I will compare the folders listed with your installed programs. Will let you know.


----------



## JSntgRvr (Jul 1, 2003)

I am looking for something that may be interfering with IE11. I still see folders for AVG, Symantec and TrendMicro, but no active files.

Lets run OTL:

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *30*

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of the *OTL.txt* file and attach the *Extras.Txt*, if any, in your next reply.


----------



## idonquixote (Sep 18, 2010)

====================

Still cannot get Java uninstall tool to run. See screenshot of where it stops.

=====================

Avast popped up while I was running things. See screenshot of what Avast thinks it found.

=====================

The OTL scan ran for a long time.

======================

Attached are the 2 OTL files, OTL.Txt and Extras.Txt

=====================


----------



## JSntgRvr (Jul 1, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :regfind
> S-1-5-21-1625300122-3579882335-3230745189-1007.bak



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## JSntgRvr (Jul 1, 2003)

Check *this* out also.


----------



## idonquixote (Sep 18, 2010)

=======================

I ran SystemLook. See attached.

========================

I looked at IE11 pre-reqs. 
I do have Service Pack 1 (SP1) for Windows 7 installed. 
I cannot find Windows Server 2008 R2, nor can I figure out which files to install---clear as mud!

========================

I have 9 files from http://support.microsoft.com/kb/2847882# downloaded and ready to go once I find out what to do about Windows Server 2008 R2 .

========================

In my wanderings, I did see an update for IOBIT on my system.

========================


----------



## JSntgRvr (Jul 1, 2003)

Windows Server 2008 R2 is a Server Operating System. Nothing to do with Windows 7, although it uses the same kernel of Windows 7. The Systemlook report shows that a profile somehow became corrupted and the machine booted with a backup profile. I need more information about this.

Download the enclosed file. Save it in the same location FRST is saved. Run FRST and allow it to update. Once updated click on the Fix button. The program will produce a report in the same location FRST is saved, Fixlog.txt. Please post the contents of this report.


----------



## JSntgRvr (Jul 1, 2003)

Edited post attachment due to a syntax error.


----------



## idonquixote (Sep 18, 2010)

=============================

Post #115 --- WHAT was edited?

=============================

Downloaded your fixlist.txt.
Updated FRST. 
Ran SCAN.
Ran FIX. This fixlog.txt is NOT attached.

*Got msg from TechGuys that I am missing a TOKEN!!*

*HOWEVER, SYSTEM EXPLODED AND WOULD NOT WORK AT ALL! TRIED RUNNING STARTUP REPAIR, BUT FAILED. 
EVENTUALLY, RESTORED TO A BACKUP CREATED THIS MORNING. THIS MEANS THAT THE (NOT) ATTACHED FIXLOG.TXT REFLECTS A CONDITION LATER THAN IS CURRENTLY RUNNING!!!*

I think the "fix" caused the problem.

What should I do about re-running FRST and creating a new fixlog.txt?

============================

What should I do about my 9 downloaded--but not installed--IE11 pre-reqs?

============================


----------



## JSntgRvr (Jul 1, 2003)

In *FRST*, do not run *Scan*. Rather click on the *Fix* button and wait. Make sure the *Fixlist* is downloaded to the same location *FRST* is saved. I ran it in my machine and had no problems.


----------



## JSntgRvr (Jul 1, 2003)

> What should I do about my 9 downloaded--but not installed--IE11 pre-reqs?


Let me first check that profile.


----------



## idonquixote (Sep 18, 2010)

Before I do anything with bad files, pls tell me in Post #115 WHAT was edited?


----------



## JSntgRvr (Jul 1, 2003)

I don't know if you understand this:

Before:

Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" *\*s

After

Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

The command required a forward slash, not a back slash.


----------



## JSntgRvr (Jul 1, 2003)

Lets make it easier. It shouldn't take more than 30 seconds. I only need to know the setting of the corrupted profile and the folder created under C:\users.

Download the enclosed file. Save it in the same location FRST is saved. Run FRST and click on the Fix button. The program will produce a report in the same location FRST is saved, Fixlog.txt. Please post the contents of this report.


----------



## idonquixote (Sep 18, 2010)

Regarding the reg query--
Typed it at c-prompt without the first REG:

"ERROR: The system was unable to find the specified key or value."



Did you really mean WINDOWS NT? I have WINDOWS 7.


----------



## idonquixote (Sep 18, 2010)

=============

Fixlog.txt attached.

=============

By the way, my viewing screen shrunk. No longer fills the whole screen.

=============


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> =============
> 
> Fixlog.txt attached.
> 
> ...


The monitor should have controls to resolve that. It isn't related to software or the screen resolution controlled by the Operating System.

Any improvement on the requirements for IE11 and Windows 7?


----------



## idonquixote (Sep 18, 2010)

=======================

I fixed the monitor.

=======================

Was I supposed to do something with the 9 files?

In Post #118, you said


JSntgRvr said:


> Let me first check that profile.


=======================


----------



## JSntgRvr (Jul 1, 2003)

There are two profiles too many recognized in the registry, with corresponding folders under C:\Users, *Admin* and *Marsha Slucker*. The System is only recognizing as users: *Edward Kirsch* ; *Marsha F Slucker* ; *dudley *; *Administrator* and *DefaultAppPool*. These profiles however, should't affect you or your ability to install IE..

If you are unable to install IE11, try a previous version. If you do, however, you must remove the latest version.

IE10 *LINK*


----------



## idonquixote (Sep 18, 2010)

====================================

PROFILES-----
Edward Kirsch (my husband) is an ordinary user.
Marsha F Slucker (that's me) is also an ordinary user. This profile can be killed because for run-of-the-mill activities I sign on as Edward Kirsch.
Dudley (a dog) is the name of the administrator.

Any/all other users were either created at your request or created by accident.

=====================================

I attempted to run the 9 files I had uploaded the other day because they are pre-reqs for IE11. 
* 7 were already installed
* I was told Windows6.1-KB2834140-v2-x64 (1).msu was not applicable to my computer
* I was told Windows could not open Windows6.1-KB2639308-x64.cab

At http://windows.microsoft.com/en-us/internet-explorer/download-ie I tried to install IE11. Got error msg "Internet Explorer did not finish installing--Setup can't continue because a more recent version of Internet Explorer is installed on your computer."

What could be more recent than IE11?

IE now appears under PROGRAMS. Under its PROPERTIES, it seems to be installed at C:\Program Files\Internet Explorer\iexplore.exe

I tried to run it but got the familiar bad results.

======================================

I'm not sure now whether we should try to fix IE11 or uninstall it and then try to install IE10. It was problems with IE10 that originally started this mess.

======================================

The link you gave me for IE10 says it is for the 32-bit version of Windows 7. I have the 64-bit version.

======================================


----------



## JSntgRvr (Jul 1, 2003)

Remove IE11 and try this *link* for IE10.


----------



## idonquixote (Sep 18, 2010)

====================================

My clock is now 3 hours earlier than it should be. I know how to fix it, but why would it happen?

====================================

I did a backup but had some errors. Some files were skipped.

I understand why you can't do a backup of files already existing on the drive you are using to receive the to-be-backed-up files (2 files).

However, 3 of the files were supposedly on Drive-E.
This is the history of Drive-E and Drive-F:
When I first bought this external drive, I gave it the first unused letter, E. I put this name into the internal volume name of the drive. Eventually there was a problem and the tech at Staples externally called it Drive-F. Internally, the name of the drive is still E. I didn't care what its name was as long as I knew what it was.

During this backup, *3 files were skipped because they cannot be found on Drive-E*.

*Do I even have a Drive-E that the system knows about?*

======================================

I think I uninstalled IE11. I found instructions via Google.

*I think I installed IE10, but cannot tell for sure. It gave me messages in German!* _(I called my 94-year-old mother who had studied German in high school, but it was too much for her to recall a language she had learned but not used for almost 80 years!)_

Why would it think I understand German?

======================================

Tried to run IE but had the usual problem.

By the way, I keep saying "no" when asked if I want to make IE my default browser. I'm afraid if I give it that power, I'll be locked out of everything.

======================================


----------



## JSntgRvr (Jul 1, 2003)

About Internet Explorer, we have try every Fix in the book. I really don't know what else to try, except to reinstall Windows, which shouldn't be an option.



> 3 files were skipped because they cannot be found on Drive-E.
> 
> Do I even have a Drive-E that the system knows about?


 Lets check that.

Please download *Listparts* to a flash drive.

*Note*: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

From an *Off* position in the computer, enter the *System Recovery Options*.

*To enter the System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Click on *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*On the System Recovery Options menu you will get the following options:*

*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*​
Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\ListParts.exe* (for x64 bit version type *e:\ListParts64.exe*) and press *Enter*
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Put check mark on *List BCD*.
Press *Scan* button.
It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.


----------



## idonquixote (Sep 18, 2010)

=============================

I downloaded LISTPARTS onto a flash drive. 
I plugged it into the PC. The system decided to call the flashdrive "E".

============================= 

The system started up and did about 32,000 updates.

============================

I printed your instructions out so I could continue to refer to them, but I'm having trouble understanding the instructions. 
Is an OFF POSITION where you are after you shut the computer off? That is what I assumed.

I further assumed you have to turn the computer ON to ENTER THE SYSTEM RECOVERY OPTIONS.

But where is the ADVANCED BOOT OPTIONS? (I think I have seen this on the same screen as when I am asked if I want to be in SAFE mode, but I don't know how to get there.)

What does the BIOS look like? I recall the Dell techs telling me to keep hitting F8, but I don't recall how to get there.

============================

What is the name of the OS I want to repair?

============================

For now, this is enough questions. Maybe with these answers, I'll be able to go further.

============================


----------



## JSntgRvr (Jul 1, 2003)

> I think I have seen this on the same screen as when I am asked if I want to be in SAFE mode


Yes.

Turn the computer ON and tap on F8 every second until you reach the Advanced Options Menu. Ignore any error message or sound. Select *Repair your computer*, then follow the instructions above to run* Listparts64.*


----------



## idonquixote (Sep 18, 2010)

I'm still having trouble.
The command-prompt *opens to X: \Windows\system32>*

I did not get as far as e:\ListParts64.exe
Did you choose "E" because you think that is my flashdrive?

I'm told I have the following disks:

*HARD DISK DRIVES (4)*
OS (C
My Book E (F _This is the E/F external hard-drive situation I had described._
Recovery (D
Boot (X

*Devices with Removable Storage (3)* 
Removable Disk (E 474 MB free of 500 MB _OR, is this the E/F external hard-drive situation I had described._
CD Drive (H
Removable Disk (G

WHICH OF THESE IS MY FLASHDRIVE?

===============================

*AVAST*
Keeps telling me I have to remove Browser Add-ons, but then fails.
Also says it failed to connect to remote server.

===============================

UPDATES
Wants to give me an IE11 update. Didn't I remove IE11?

===============================

Does _colon followed by close-parenthesis_ turn on these goofy smileys? "No icon" is selected.

===============================


----------



## JSntgRvr (Jul 1, 2003)

> The command-prompt opens to X: \Windows\system32>


Type Notepad. Select File, then open. Check the drive letter of the drive Listparts is, then use that drive letter.

*Y:\listparts64*

Where *Y* is the drive letter of the drive *listparts64* is saved.


----------



## idonquixote (Sep 18, 2010)

=======================

These instructions didn't exactly work.

========================

I found ListParts64.exe and ran that.

Result.txt is attached.

=========================


----------



## JSntgRvr (Jul 1, 2003)

How did you run Listparts? The report seems incompleted.


----------



## idonquixote (Sep 18, 2010)

===========================

Instructions didn't work.

===========================

I found ListParts64.exe on Removable Disk (E _which is subordinate to Computer._

Double-clicked it.

===========================


----------



## idonquixote (Sep 18, 2010)

Can't recall. I may not have checked BCD.

Tried again now with BCD checked.


----------



## JSntgRvr (Jul 1, 2003)

Did you run it in the Recovery Environment Command prompt?


----------



## JSntgRvr (Jul 1, 2003)

You ran it as Edward Kirsch, which is a limited Account. You need to be logged in an administrator account to run all our tools. Even installing programs.


----------



## idonquixote (Sep 18, 2010)

============================

Reran it again as administrator.

See attached. My clock is now 5 hours slow, so my time is really about 9:30pm.

============================

I disconnected my Western Digital external HD because I did not want to have an intermediate multi-plug USB coming between the flashdrive and the laptop. Thought that might be causing problems.

Therefore, my external HD, which had been plugged into the multi-plug USB, won't show up on this analysis.

============================


----------



## JSntgRvr (Jul 1, 2003)

The report looks clear.

At the Recovery Environment Command prompt, type the following and press Enter:

*CHKDSK C: /R*

Let me know how it goes.

Boot in Normal Mode and attempt to reinstall IE throughout an administrative account.


----------



## idonquixote (Sep 18, 2010)

==========================

I've been thinking about whether or not I always used the administrator account. I don't think I can say for certain that I always did. If I was on Edward Kirsch and I was asked/told to get the admin's permission, of course, I did. Otherwise, I'm just not sure.

Should I re-run everything starting from Post #1?

==========================

I fixed the clock, but it is losing time again. Just thought I'd mention it.

==========================

I never did see the BIOS.

I think I ran CHKDSK C: /R properly.

Before I could run it, I was forced to DISMOUNT Drive-X.

It ran to completion. At the end, it said "Unable to obtain a handle to the event log."

==========================

Installed IE11 as administrator. I think it installed properly.

==========================

Tried again to run IE (as administrator). It almost looked like it was going to succeed, but then the cursor froze, (no blinking this time), and crashed to blue screen.

===========================

I am going to try again now. If I succeed, I'll sign on and let you know. If I fail, I'm going to sleep!

===========================

Let me know if I should re-run any process as administrator.

===========================


----------



## JSntgRvr (Jul 1, 2003)

idonquixote said:


> ==========================
> 
> I've been thinking about whether or not I always used the administrator account. I don't think I can say for certain that I always did. If I was on Edward Kirsch and I was asked/told to get the admin's permission, of course, I did. Otherwise, I'm just not sure.
> 
> ...


All processes should be ran under an administrator account, due to permissions.


----------



## idonquixote (Sep 18, 2010)

============================

In the last file I sent you, Results.txt, both Global Settings and Ram Defects say "BAD MEMORY". Is this a problem?

=============================

Question: In your last post, you say "All processes should be ran under an administrator account, due to permissions."

Are you instructing me to re-run all processes under an admin account, OR are you telling me that the way the processes are written, *if* I had followed the processes' instructions, I definitely would have run them under an admin account?

Please clarify.

=============================


----------



## JSntgRvr (Jul 1, 2003)

> In the last file I sent you, Results.txt, both Global Settings and Ram Defects say "BAD MEMORY". Is this a problem?


No. That is part of the Boot Configuration Utility.



> Question: In your last post, you say "All processes should be ran under an administrator account, due to permissions."
> 
> Are you instructing me to re-run all processes under an admin account, OR are you telling me that the way the processes are written, if I had followed the processes' instructions, I definitely would have run them under an admin account?
> 
> Please clarify.


All processes must be ran under an administrative account. The limited account cannot install or make changes in your configuration. So, if you attempted to install IE under a limited account, chances are the installation is incomplete.


----------



## idonquixote (Sep 18, 2010)

=============================

I plan to re-run everything from the beginning tomorrow.

1. Does it matter if I use Dudley (my administrator) or YOUR "super-administrator"?

2. Can I use the files or strings you gave me or were they created in response to the file results I sent you. (If my results change, would your files or strings be different?)

3. Any last minute suggestions?

=============================


----------



## JSntgRvr (Jul 1, 2003)

As long as the account has Administrative rights, by all means. Let me know the outcome.


----------



## idonquixote (Sep 18, 2010)

==============================
Downloaded and Run as Dudley (administrator)
==============================
Per Post 7 - FRST


----------



## idonquixote (Sep 18, 2010)

Per Post 9

Can I skip installing AVAST and AdwCleaner even if I might not have installed them under an administrator?


----------



## idonquixote (Sep 18, 2010)

Can I use your Fixlist.txt from Post 9 or do I have to wait for you to analyze what I just sent you?


----------



## JSntgRvr (Jul 1, 2003)

*Step 1*

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

*Step 2*

There are Microsoft unsigned files. Lets try Combofix and see the results of its action.

Please download ComboFix from *Here* to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
-----------------------------------------------------------​
Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link*  or *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._
-----------------------------------------------------------​
Close any open browsers.
*WARNING: Combofix will disconnect your machine from the Internet as soon as it starts*
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on *combofix.exe* & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the *"C:\ComboFix.txt" *.
***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.


----------



## idonquixote (Sep 18, 2010)

With regard to NOT renaming programs, I have a question:

On my DESKTOP, I have now created a file called "TECH GUYS - ADMINISTRATOR"

My plan is that I will put each program which I now (and in the near future) use into this folder in its own sub-folder. The sub-folders will keep each pgm separate, and it will prevent any confusion with something having the same name which I may previously have run without the administrator.

I don't think this is "renaming programs," but I wanted to check to be sure.

HAPPY THANKSGIVING TO YOU AND YOUR FAMILY!!​


----------



## JSntgRvr (Jul 1, 2003)

Did you run Combofix and the fixlist.txt on post 152?


----------



## idonquixote (Sep 18, 2010)

===========================

Fixlog.txt is attached.

===========================

Trouble downloading ComboFix. See attached screenshot.

===========================


----------



## JSntgRvr (Jul 1, 2003)

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


----------



## idonquixote (Sep 18, 2010)

=============================

Avast was disabled.

Could not figure out how to disable Microsoft Security Essentials and Adwcleaner. Neither of these shows in bottom right-hand-corner flip-open box.

=============================

Did not know how to exit Google Chrome browser and still be able to click on the "here" of Combofix.

Instructions said browser would close when Combofix started, but it never closed.

=============================

Combofix.txt attached.

=============================


----------



## JSntgRvr (Jul 1, 2003)

As you can see in Combofix, there are many unsigned files in your system. Unsigned files are not malware, but in your case, are newer files than those with a signature. I prefer not to replace these files as we may make the computer unstable and possible unbootable.

Besides IE, what other behavior the computer has that you feel should be better.


----------



## idonquixote (Sep 18, 2010)

==============================

Please give me a few days to work with the computer and see what things are wrong.

==============================

To start, Outlook.com:
1. Often asks to be refreshed.
2. Will not allow me to delete an email when I am reading it. I have to go back to the folder and delete the email from the folder.
3. Does not open any file I attach to an email. Once I send the email, the recipient is able to open the attachment.
4. Sometimes freezes.

==============================

This list is not complete.

==============================


----------



## JSntgRvr (Jul 1, 2003)

Is this Outlook, part of Microsoft Office?


----------



## JSntgRvr (Jul 1, 2003)

Found this on the web:

Issue

How to make outlook refresh itself automatically so as I don't have to click on send/receive every time?

Solution

All you will have to do:


Open Outlook
Select Tools --Options
Select the Mail setup Tab
Tick "send immediately when connected"
Click OK.


----------



## idonquixote (Sep 18, 2010)

==========================

In Outlook.com, I can't find:
Select Tools --Options

I can't find Tools at all.

I have often thought I was missing a line of commands in Outlook.com which would include things such as EDIT, FIND, COPY, etc. Maybe these 2 things are related.

What do you think?

==========================


----------



## JSntgRvr (Jul 1, 2003)

It is possible. If you press the Alt key and the Down Arrow, would't the menu appears.

Sometimes these programs have an option to repair, either from the Programs Features in the Control Panel or the program itself. Also read *here* for an option to detect and repair Office Products.


----------



## JSntgRvr (Jul 1, 2003)

Opening the topic.


----------



## idonquixote (Sep 18, 2010)

You had asked me to see what behaviors on this PC I felt could be better. Here is my list:


1.	Clock continues to lose time.

2.	Got a msg from AVAST that my computer is running very slow.

3.	Nearly every file or application resident on my PC has trouble opening. First, at the top of the page, it says (not responding). After a few seconds, it does open.

4.	For my previous computer, I had purchased MS-Office, including Word and Excel. My husband purchased this laptop but did not get the MS apps. I have continued to use Word and Excel, but I am not sure where the software is coming from. 

Along the way, I downloaded some free or trial software such as Kingsoft Office Suite 2013 PRO-FREE. I think I should uninstall the extra baggage, but, since I never directly installed Word and Excel, Im not sure if I will be able to use them if I uninstall the other software(s). 

I also have several different versions of Word and Excel.

5.	Outlook continues to prevent me from deleting emails unless I go back to the email list for the particular Outlook folder.

6.	Running updates is hit or miss. First Im told they all failed, then, without doing anything different, they sometimes run successfully.

7.	AVAST wanted me to repair my browsers, but I didnt do that because of the IE situation.

8.	I am currently using Chrome. Sometimes, without a cause, Chrome just closes down. Upon Chrome's restarting, it remembers what had been open.

9.	Shockwave Flash crashed.

10.	IE still has the same problems.


----------



## JSntgRvr (Jul 1, 2003)

I have gone back and check this thread from left to right, and other than unsigned files, which by the way, are not malware, I find no issues as Software is concern. If your clock is losing time, chances are the Clock Battery must be replaced. That is a small battery in the motherboard. The Additional report shows you are running Microsoft Office Enterprise 2007.

When you Start the computer, is there an option for *Diagnostics* on screen?


----------

