Unable to download Acrobat Reader

Question

Hello everyone,  I have Windows XP Pro Version 2002 Service Pack 3. After a Zlob attack that I cleaned up well, my Acrobat Reader 8.1.2 started malfunctioning. As a result, I can no longer read PDF files or watch any videos on YouTube because I can't download Flash Player properly. I've tried several times to download the latest version (Flash Player 9), the site tells me it’s downloaded successfully but the Adobe Flash Player Plugin icon that appears on the list of programs in my Control Panel has a little red X in the corner and no size in MB...  To continue, I consulted forums that suggested uninstalling Acrobat and downloading it again afterward. Like a good soldier, I uninstalled Acrobat from my computer and now I can't download it from anywhere!!! Every time I try to do it, I get a weird error message telling me that my computer is running Windows 2000 (!!??) and that I need to upgrade my computer to Windows 2000 SP 4 (!!??) in order to download Adobe Reader 8.1.2. I don’t understand this story at all and would like to know if anyone could help me...  As a side note, I downloaded Foxit Reader to read PDF files; I was still able to download Adobe Air and Adobe Media Player (which did not resolve my problem with watching videos on YouTube!!). And in case someone thinks to ask me, I have Java properly installed on my computer (even got the latest update!!, yes sir!)  So... HELP!!!!!!!  AND THANK YOU IN ADVANCE!  CP12

rebitus · Answer

Hi,
A Windows 2000 version (!!??) and that I have to upgrade my computer to Windows 2000 SP 4
SP4 for Windows 2000 is almost mandatory, we can't do anything without it. We just need to find SP4 for Windows 2000. However, I don't know if it's available for direct update since it's old and usually people have stored it directly on their hard drive.
For Acrobat, they are probably in security maintenance. There were issues, and they closed some downloads. They are also working on releasing new online products.

catpeople12 · Answer

Re-hello everyone,

I've also just realized that I can't even download Adobe Flash Player. The Adobe site keeps telling me that the download was successful, but the software is nowhere to be found on my computer.

The only thing that's there is Java, which works perfectly.

So either the Adobe site has issues, or my computer has a problem that I can't seem to identify! However, the computer's cryptography services are enabled, browsing the Internet and all displays on my computer are working very quickly as usual...

Not being a tech expert, I really need help from someone who knows what they're doing...

Thank you in advance everyone!

Catpeople12

catpeople12 · Answer

Hello everyone,  I believe I know why I can't download Adobe. It's because my computer apparently no longer has SP4 for Windows 2000. I went looking for it on the Internet and the download started fine. But at the time of installation, I received the following error message:  "The installer could not verify the integrity of the file Update.inf. Please make sure that the Cryptographic Service is running on this computer."  According to the instructions given on this forum to those who have the same problem, I went to Control Panel => Administrative Tools => Services => Cryptographic Services, I looked for the service properties and it is enabled in automatic mode. I even restarted the service and rebooted the computer. But after another attempt to download SP4 for Win 2000, the same message appeared again! I don't understand what's happening...  Can anyone please advise me on how to resolve this issue?  Thank you!  CP12

BOB3 · Answer

Hello everyone,
a question for catpeople12,

you say you're equipped with XP Pro SP3, I don't see why you're switching to XP 2000 + SP4 etc..
please confirm which exact version you have on your machine, I will try to find you a solution
see you later
BOB3

catpeople12 · Answer

Hi BOB3 and thanks for your reply.

I am on Windows XP Pro Version 2002 Service Pack 3. I'm trying to download Win 2000 SP4 just because every time I've tried to download the latest version of Acrobat, I get a message saying something like "the version 2000 you are using does not accept this file. Please update to Windows 2000 sp4 before downloading it".

I thought that Win 2000 SP4 was a necessary component for my system that would allow me to download the latest version of Acrobat. What do you think?

At the same time, I can't even download the latest version of Acrobat Flash Player on my system, which prevents me from watching videos on YouTube.

It would be great if you could find me a solution!

THANK YOU and see you soon!

catpeople12

BOB3 · Answer

Re catpeople12,

forget win2000,

restart in safe mode and try to completely uninstall ADOBE--you will reinstall it later.

you will check the integrity of your XP files afterwards
put your installation CD in the main CD drive
click on start, run, and type: sfc /scannow
look at the link
https://www.pcastuces.com/pratique/windows/xp/default.htm
and let it do its thing,
restart,
then you will run Microsoft onecare at this link
https://www.msn.com/fr-fr/
launch the link, accept the activex, and click on full scan.
it will take some time, windows will clean everything and restore your registry.
let it finish, reboot, and keep us updated.
see you later
BOB3

BOB3 · Answer

Good evening catpeople12,

I’m glad you were able to repair your system files,
the script error is related to your IE7 browser, I hope it’s not damaged.
Open Internet Explorer properties,
1--in General, then the 2 settings for searches + tabs, click on settings and set to default.
2--in Security, set everything to default
3--in Privacy, set it to default to automatically accept Microsoft cookies-----I recommend afterwards setting it to High
4--in Advanced, click on Restore advanced settings --- only.

And try to connect to oncare again.
See you later
BOB3

BOB3 · Answer

Hello catpeople12,

download IE7 again, install it + update without forgetting to reconfigure as specified in 11

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=en

go to onecare again, and do a full scan.
keep me updated.
BOB3

BOB3 · Answer

Good evening catpeople,

go to the control panel, click on Java, update it,
still on Java, disable the auto-update, and in Advanced,
then, for Java defaults in browsers, set it to Internet Explorer.
reboot, and in Internet Explorer properties, open Advanced, scroll down,
under Browsing, check both boxes ----disable script debugging
we'll see.
see you+
BOB3

BOB3 · Answer

Hi catpeople, repost the exact message that the system gives you when you're on one care. cya BOB3

BOB3 · Answer

Re catpeople,
download Hijackthis from this link, install it in auto mode,
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

click on its icon on the desktop, and do: Do a system scan and save logfile
copy/paste in the post
see you later
BOB3

BOB3 · Answer

Hello catpeople12, A good number of problems to fix  Download Ccleaner, install it without the YAHOO toolbar in applications check everything Launch it and perform a complete cleanup: cleaner then registry  1---To start, you will uninstall to fix a disorder in the registry windows live messenger, you will reinstall it later without the ads sponsors. windows live onecare logitech webcam---you will reinstall it later  2--You have a proxy service that needs to be disabled in internet explorer properties, then connections, network settings, and disable everything  3--Go to start, control panel, regional and language options, languages, details, advanced, and check to stop advanced text services.  4--Launch msconfig.exe, then startup, and if it exists, disable ctfmon.exe LVComS.exe   Restart your computer in safe mode, launch Hijackthis in Do a system Scan check the following keys, then click at the bottom left on: Fix Checked C:\WINDOWS\system32\LVComS.exe  O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  O2 - BHO: (no name) - {9989F1F6-70DE-4244-AC9F-6672983681A0} - (no file)  O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll (file missing) O2 - BHO: 238044 helper - {C0F371D7-926D-4700-B65E-63BFF1197205} - C:\WINDOWS\system32\238044\238044.dll (file missing) O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll (file missing)  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm 3D\Yodm3D.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MyTrashCan.lnk = C:\Program Files\Hiro's tool\MyTrashCan\MyTrashCan.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll  O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.serviceshub.microsoft.com/supportforbusiness/create O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - https://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e84a02c34e2ab3f9.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/ O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing) O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)  Launch Ccleaner, perform a complete cleanup  Reboot in normal mode, and reinstalls a new Hijackthis log. See you later BOB3

BOB3 · Answer

Re catpeople12,

we're making progress,
1--a question to confirm,
if I understood correctly, you did delete
--->C:\WINDOWS\system32\LVComS.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

if not, you can fix them with Hijackthis in normal mode.

download LSP Fix from this link developed by (IUP / Indiana University of Pennsylvania)
http://old.www.iup.edu/house/resnet/WinsockXPFix.exe

BUT DO NOTHING FOR NOW.
waiting for your response, I'm analyzing your log
see you soon
BOB3

BOB3 · Answer

Re catpeople12,  1---to verify, in the log I notice that your Kaspersky antivirus launches 3 times check the list of services at the beginning from Boot mode: Normal ----> until c:\program files	rend micro\hijackthis\hijackthis.exe   2--go to c:\windows\Downloaded Program Files--->and delete all installed activex right-click, then delete as you go, you will accept the windows activex again   3---you need to do the same operation with HJT, and perform a Fix checked on the following keys R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4578 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing) O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe  you run Ccleaner, reboot and send a new log. see you later BOB3

BOB3 · Answer

Re catepeople,

1--activex in normal mode
2--for the Fix, you do it in normal mode, if there are remaining traces, in safe mode.

I'm putting other actions for you to do, take your time, and proceed with caution.
see you later
BOB3

BOB3 · Answer

Re catpeople12,

traces of trojans to eradicate

1---Uninstall the Zango program via Add/Remove Programs (if you find it)

2---Download SDFix from AndyManchesta and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click on SDFix.exe and choose Install to extract it to a dedicated folder on the Desktop.
Restart your computer in Safe Mode.

Open the SDFix folder that has just been created in the C:\ directory and double click on RunThis.bat to launch the script.
Press Y to start the cleanup process.

It will delete services and Registry entries of certain trojans found and will then ask you to press a key to reboot.
So press a key.

Your system will take longer to reboot than usual because the tool will continue to run and delete files.

After loading the Desktop, the tool will finish its work and display Finished.
Press a key to complete the execution of the script and load your Desktop icons.

Once the Desktop icons are displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder as Report.txt. You will need to paste this report in your next reply.

3-----Press Ctrl + Alt + Delete to open the Task Manager.
Select the Processes tab
In the Image Name column, check if you find
the process zango.exe
Right-click on it and choose End Process
Then look for the process mnew1winc4.exe
Right-click on it and choose End Process

4-----Restart HijackThis and check the following lines if you find them

O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C1E0197791AE75760EA83FA5EF80752B94E2DE7E5A7A47203BCF - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe
O4 - HKLM\..\Run: [Memory manager] C:\WINDOWS\System32\himem32.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe
O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe
O4 - HKCU\..\Run: [dpr0] C:\WINDOWS\system32\prod.exe
O4 - HKCU\..\Run: [chsr] C:\WINDOWS\system32\lssrvc.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: rpccd - C:\WINDOWS\System32\rpccd.dll

Click on Fix Checked and confirm the following message.

5----With Windows Explorer, search for the following files/folders and delete them (if still present):
c:\program files\zango <-- The folder
C:\WINDOWS\System32\auditchk.exe (Be careful with the spelling)
C:\WINDOWS\System32\himem32.exe (Again, be careful with the spelling)
C:\WINDOWS\System32\rpcc.exe
C:\WINDOWS\system32\prod.exe
C:\WINDOWS\system32\lssrvc.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\WINDOWS\System32\rpcc.dll
C:\WINDOWS\System32\rpccd.dll

6--run Ccleaner, clean up, reboot, and post the log Report.txt from Sdfix.
a+
BOB3

BOB3 · Answer

Re catpeople12,

thank you for putting your responses in order, it prevents me from going back and forth,

to summarize,
1--you delete all the ActiveX in normal mode
2--you set aside the Kaspersky issue, we will deal with it later
3--if you haven't found the other keys, it's because they have been deleted

the most important
4--you run SDFIX as indicated in 29 and you put its report --- copy and paste

see you soon
BOB3

BOB3 · Answer

Re catpeople12,

for verification + modification

1---The following registry keys are added to run processes after reboot:
you open regedit.exe ----- with caution
you search for these keys and delete them

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "Printer"="%SYSDIR%\auditchk.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
• "Printer"="%SYSDIR%\auditchk.exe"

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
• "Printer"="%SYSDIR%\auditchk.exe"

2--then you search for the following keys and possibly modify them
the keys should be as follows:

– [HKLM\SOFTWARE\Microsoft\Ole]

Name Type Value

• "EnableDCOM"= REG_SZ N

– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]

• "restrictanonymous"= REG_DWORD 0X00000002 (2)

you close,

3---you note all the files you find
you search your disk for all files located in Temp, and delete them
c:\temp\xxxxxxx.xxxx

c:\documents and settings\administrator\local settings\temp
and you check in the other accounts found in c:\documents and settings\xxxxxxxx\local settings\temp

c:\windows\temp
c:\windows\system32\temp

and you give me the list
a+
BOB3

you reboot,

you run a scan with Spybot,

and you provide a new HijackThis log

a+
BOB3

BOB3 · Answer

Re catpeople12,

let's continue from 34 + this post.

forget the hijackthis + spybot reports for now,
the SDFIX report is not great

1---do what is requested in 34

2--I asked you to uninstall windows live messenger in 22, it still appears in the SDFIX report.

1--have you uninstalled microsoft live messenger, if not uninstall it
2--also uninstall microsoft active sync--it is infected----you will reinstall it after cleaning
3--also uninstall microsoft network diagnostic --- it is useless
4--uninstall spybot --- it is infected --- see below

clean up with Ccleaner, delete everything

download spybot again from this link
ftp://ftp.commentcamarche.com/download/spybotsd152.exe

install it, + update + launch the vaccination so that the counters are identical

then configure it as follows.

launch Spybot, then click on Mode at the top, then check Advanced mode
then on tools and check all boxes under tools.
click on System startup, which allows you to remove unwanted or superfluous programs that you can check and delete
click on System interior, run verify, and check them one by one, then click on fix problems
click on Hosts files, to update the list of unwanted sites, and redo this every time Spybot is updated
click on IE adjustment, and check all lock boxes
click on browser pages, and double click on all the links, one by one, and when it opens, delete the content
and click Ok
click on BHOs, and remove everything----> except those from your antivirus+Spybot
click on ActivX, and remove everything----> except those from windows+office+genuine advantage+Shockwave if present
click on Resident, and check both boxes.
and once a day before shutting down your computer,
click on Security Eraser, and click on Templates, then click on the list one by one, and click at the bottom
on Shred to clean everything.

finally run Ccleaner, and do a reboot.

launch Spybot for a complete scan, and give me the results.
a+
BOB3

BOB3 · Answer

Hello catpeople12,

WCESLog - CANNOT BE REMOVED
remove it in safe mode,

leave LSP Fix aside for now, I’m waiting for a response if it is compatible with XP in French.

you are going to download Norman Malware Cleaner
for this, go to the folder c:\SDFix
1---in normal mode with internet connection required.
launch RunThis.bat, it opens a DOS menu,
type 2, to download Norman_Malware_Cleaner
it will install itself in the same folder, its size=22268ko
normally it launches automatically after the download, otherwise open the SDFix folder, and launch
Norman_Malware_Cleaner.exe

let it scan all your drives, it may take some time, it finishes and puts a log on your desktop,
paste it in a new post so I can take a look.
see you+
BOB3

P.S.I WILL BE ABSENT ---->4:00 PM

BOB3 · Answer

Re catpeople12,  Your Zlob infection was still there---------->(Infected with W32/Zlob.BWLZ)  another infection that you caught on Facebook---->(Infected with Renos.XS)  Norman did a good job,  there's still an issue, he detected a file belonging to Kaspersky and he cleaned up the registry, 1---you need to check the folder c:\program files\KASPER~1\KASPER~2.0\adialhk.dll  right-click on this file, properties, version, and see if it is properly signed by Kaspersky  2--your Hosts file was heavily infected to restore the entries in the Hosts file, launch Spybot, tools, Hosts File, and click at the top on Add Spybot-S&D hosts list then click on IE Adjustments and make sure everything is checked.  3--launch Ccleaner for cleanup.  4--then right-click on My Computer, properties, System Restore. disable your restore okay, apply then come back and enable it again, and set it to about 2GB  5--create a new restore point called "Norman080708" close  6--then download  ftp://zebulon.fr/SmitfraudFix.exe  put it on your desktop, run it in mode 1 - Search, and post the log to me.  see you+ BOB3

BOB3 · Answer

Re catpeople12,  it's clean,  1--for the restoration, you don't need 18759MB, I asked you to set it to 3Go or 3000MB, that's more than enough.  2--in the end, there's no need to run "WinsockXPFix.exe"  because the request came from ---->C:\WINDOWS\system32\LVComS.exe but it has been eradicated ---- especially don't run it again.  3--check if the settings of your IE7 browser are working again.  4--one last thing, you will permanently disable ctfmon.exe check this link for how to do it, http://www.libellules.ch/dotclear/index.php?2007/08/28/2102-empcher-le-retour-de-ctfmonexe-au-dmarrage  5--log back into liveonecare to see if it works.  keep me updated.  see you BOB3

BOB3 · Answer

Hello catpeople12,  answers 1--in Spybot, click at the top on advanced mode, then settings, and again below on settings and in order from top to bottom, check only the following icon on desktop Advanced mode  icon in the bar----- no icon  in Spybot configuration check everything except Default mode (for new users)  scan priority Normal  age of backups 30  automation software launch  uncheck everything  startup no automation   and leave the rest by default  2---still in Spybot, tools, then IE adjustment check only Lock the Hosts file................etc  this way, the manual setting in IE7 will be released, but this action is not recommended, as malicious software can take over the launch address and connect without your knowledge. I advise you to leave it on :about blank  if you need to connect directly to an address from your desktop you just need to create a shortcut, and set the address---e.g.: http://www.microsoft.com/fr  see you later BOB3

BOB · Answer

Re catpeople12,  1--go to add/remove programs uninstall: microsoft network monitor  2--launch msconfig, and in startup, disable MDM.exe inetinfo.exe  N.B. check again in Internet Explorer properties, advanced, if the 2 boxes: disable debugging ...etc are checked  reboot your computer and try again on onecare. see you + BOB3

BOB · Answer

Re catpeople,  curious, they appear in the Smitfraudfix report: " C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe " it must be one or the other that is acting up  redo a Hijackthis log in normal mode see you BOB3

BOB · Answer

Regarding catpeople, go to add or remove programs, then add or remove Windows components, you expand and disable if they exist  Message queuing management and analysis tools Networking services Internet services (IIS) Terminal services  a+BOB3

BOB · Answer

Re catpeople,  To manually disable MDM.EXE  https://support.microsoft.com/fr-fr/help/321410 excerpt from the Microsoft documentation  OFF: Disabling the Machine Debug Manager service, Mdm.exe  "WARNING: Any improper use of the Registry Editor can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from improper use of the Registry Editor can be solved. You assume all the risks associated with the use of this tool.  For more information on how to modify the Registry, refer to the help topic "Modifying keys and values" in the Registry Editor (Regedit.exe) or the help topics "Adding and removing information in the Registry" and "Modifying Registry data" in Regedt32.exe. Be sure to back up the Registry before making any changes. If you are working under Windows NT or Windows 2000, we recommend updating your emergency repair disk. a. Click Start, then Run. b. In the Open box, type regedit, then click OK. c. In the Registry Editor, locate the following subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices d. In the right pane, right-click on MDM7, click Delete, and then click OK to confirm the deletion.  NOTE: The value corresponding to your version of Machine Debug Manager may differ from MDM7. e. Close the Registry Editor.  NOTE: Running the Detect and Repair command under Office 2000 adds the Registry entry associated with Machine Debug Manager and causes the service to run at startup. If this issue occurs on your system, follow the previous procedure to delete the Registry entry  end  please perform this manipulation before submitting a new HJT log  A+ bob3

BOB · Answer

Re catpeople,  we have synced,  1--rework----> 51 and 53,  2--another question, in your log, there is a list of addresses 015. you don't need to add that to the Trusted Zone, by the way the one from Yahoo is infected, I clicked on it, then on Carla's photo, and I got a Trojan alert  ad.yieldmanager.xxx  I advise you to delete everything, you can keep them in your Favorites instead  create a new log  later BOB3

BOB · Answer

Re catpeople, well seen let's continue the cleanup,  under hijackthis, Do a system scan only check and fix checked the following  C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe \?\C:\windows\system32\WBEM\WMIADAP.EXE  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carlo O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)  then,  in start, run type services.msc  look for the service line relating to (windows media player service -....wmpnetwk.exe), double click on it and set "Startup Type" to disabled  you close it and reboot,  then download LSP-Fix to repair the Winsock 2 System http://www.cexx.org/lspfix.zip  unzip it, and run LSPFix.exe, a window opens, showing you the files to delete, do not touch anything, note the names of the files and post them see you later BOB3

BOB3 · Answer

Re catepeople  1--do another search in the database from the upper root enter this value 9209B1A6-964A-11D0-9372-00A0C9034910  tell me how many addresses you find  2--you need to fix O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)  bye BOB

BOB3 · Answer

Re catpeople,  we keep finding surprises in your system,  one thing at a time you start with  File: nwprovau.dll Description: Transport Protocol... concerns a netware service, you need to uninstall it  you click on start, connections, all connections, and right-click on properties of your connection network  if you find in the scrolling window: Client service for Netware, uninstall it, and reboot and then do another LSP-Fix if you find it again, remove it---->nwprovau.dll  see you BOB3

BOB3 · Answer

Re catpeople? Go to control panel, connections, and right-click on properties of your connection network If you find in the dropdown window: Client Service for Netware, uninstall it, and reboot and then do another LSP-Fix If you find it again, remove it ----> nwprovau.dll See you later BOB3 P.S. I have a terrible fever, you got contaminated by your machine >>lol<<

BOB3 · Answer

No problemo catpeople,  take care of yourself, that's more important, he can wait,  but since you found Compatible transport protocol NWLink IPX/SPX/N..."   you uninstall it,  get some rest BOB3

BOB3 · Answer

Hello catepeople, the fever has gone down, I hope,  we must say that we are discovering things one after another,  1---check first in add/remove programs if you have the following programs. MSN Plus Sponsors! CID Help Circle Development Adverts Bittorrent BitDownload BitGrabber NetPumper BitRoll TorrentQ Torrent101  uninstall everything without exception. close it, and run a CCleaner scan  in your explorer, tools, folder options, view, check show hidden files and folders  then go to start, search and search in this order msnet32.exe sfx.exe  and let me know what you find see you later BOB3

BOB3 · Answer

Re catpeople,  go to the control panel, then open folder options, then View scroll down and check Show hidden files and folders  then you do start, search and you search in order msnet32.exe sfx.exe  a+ BOB3

BOB3 · Answer

Re cat,  1- Boot in safe mode and run a scan with Spybot,  if it is able to delete them, great, otherwise we will use another method.  2- Control Panel --> Administrative Tools --> Services. Look for Machine Debug Manager, right-click properties. --> Stop. Then in the drop-down list choose 'disabled' (the name doesn't ring a bell to you, especially with the capital letters? M D M ...)  What does it give?  3- Download SevenZip, it does everything.  http://mesh.dl.sourceforge.net/sourceforge/sevenzip/7z457.exe   See you later  BOB3

BOB3 · Answer

Re cat,  download Runscanner from this link, http://www.runscanner.net/  unzip it, and launch Runscanner.exe  set it to normal classic mode, then OK then start scan, it will give a list, click on save .log file at the top and post it  see you later BOB3

BOB3 · Answer

Re cat,  you run Runscanner.exe again  you set it to classic mode, then OK then start scan, in the dropdown list, you look for these lines that I have highlighted in bold  173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} * c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5} <bold>c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\program files\web photo album\webalbumcontext.dll (VicMan Software) {5C3CA950-420D-439E-A8C1-37F2196C48B2}  221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} * c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5} c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\program files\web photo album\webalbumcontext.dll (VicMan Software) {5C3CA950-420D-439E-A8C1-37F2196C48B2}  223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\program files\photo toolkit\ivbar\ivbshlext.dll {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}  225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5} * c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5} c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}   you check the left box, and then click on FIX SELECTED ITEMS  you close it, run it again, and provide a new log see you BOB3

BOB3 · Answer

Re cat,  I made a mistake,  you run Runscanner.exe again  you set it to classic mode, then OK then start scan, in the dropdown list, you look for these lines that I put in bold    173 HKCR\*\shellex\ContextMenuHandlers --------------------------------------  <b>c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\program files\web photo album\webalbumcontext.dll (VicMan Software) {5C3CA950-420D-439E-A8C1-37F2196C48B2}  221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers -------------------------------------------------------  c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\program files\web photo  223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\program files\photo toolkit\ivbar\ivbshlext.dll {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}  225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------  c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}  you check the box on the left, and then click on FIX SELECTED ITEMS  you close it, you run it again, and you put a new log see you soon BOB3

BOB3 · Answer

re cat,  I feel like the pages are acting up,  I'm resending, you run Runscanner.exe again  you set it to classic mode, then OK then start scan, in the drop-down list, you look for these lines that I have put in bold  173 HKCR\*\shellex\ContextMenuHandlers --------------------------------------  c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}    221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers -------------------------------------------------------  c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}   225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------  c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540} c:\progra~1\ultima~1\uzshlex.dll {2F860D81-AF3C-11D4-BDB3-00E0987D8540}    you check the box on the left, and then click on FIX SELECTED ITEMS  you close it, you run it again, and you make a new log see you BOB3

BOB3 · Answer

Re cat,  if you've already done the manipulation,  you need to restore the 2 values checked by mistake  c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} * c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}  you launch runscanner.exe again, run scanner, OK, then history / backups and you restore the 2 values, click on Restore to original setting,  then close it, and do a new log a+ BOB3

BOB3 · Answer

Re cat, so the doc prescribed you some fans to lower the heat >  back to our viruses, I noticed something else suspicious, corrupted or infected files what are these programs --->>>>c:\program files\photo toolkit\ivbar\ivbshlext.dll --->>>>c:\program files\web photo album\webalbumcontext.dll --->>>>c:\progra~1\ultima~1\uzshlex.dll  I advise you to uninstall them for cleaning, you can reinstall them later, backup the photos+videos+others on an external drive, put them in a single folder that you will create for that purpose.  in my opinion, with the uninstallation we will see a bit more clearly. I think your machine has accumulated several different infections for quite some time.  do a cleanup with ccleaner, and redo a log with Runscanner.exe  catch you later BOB3

BOB3 · Answer

Re cat,  I forgot to ask you to uninstall WinRAR too.  See you later BOB3

BOB3 · Answer

Hello cat, I hope the fever has gone down and that your fans worked well,  the log looks clean,  we'll check for other infections download Bitdefender from this link, http://download.bitdefender.com/windows/installer/en/bitdefender_tsecurity.exe run it and accept the ActiveX it will download the update --- about 50MB, it will start, let it run, and then send the report note all the programs we used to uninstall later and do some cleaning.  see you later BOB3

BOB3 · Answer

Re cat,  if the freshness returns, it's a good sign, 1---uninstall Bitdefender, it’s no longer useful, and run a scan with CCleaner, then reboot  2--Spybot+CCleaner you should keep--->>very useful  3--regarding your Kaspersky scan, it's normal with all the manipulations we've done, the sleepers have woken up  send a Hijackthis log to start later BOB3

BOB3 · Answer

Re cat,  you are going to launch runscanner in Classic mode,  you will integrate the harmful addresses found by Kaspersky into your hosts file, to do this, click on ---->>> Host file editor you will see a list of undesirable addresses, scroll down to the bottom of the list, and you will add by respecting the spaces after the last address example: 127.0.0.1 www.xxxxx.com place your cursor after the m in com and press enter and you integrate the following addresses 127.0.0.1 defendiendo.blogspot.com 127.0.0.1 www.3d-station.com 127.0.0.1 www.dl251.com 127.0.0.1 www.getbwd.com  and click on Save hosts file and close  talk to you later BOB3  P.S. I checked the site defendiedo.blogspot.com, my antivirus gave me 3 alerts, in my opinion this site is dubious, are you dropping it???

BOB3 · Answer

Re cat,  let's start by finishing the cleanup of the Hijackthis report,  you will do a fix checked on the following keys.  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = these 2 keys are duplicates  O23 - Service: Microsoft Network Service (Network) - Unknown owner - C:\WINDOWS\msnet32.exe (file missing)  this key must be removed at all costs,  N.B. IF YOU CAN'T MANAGE WITH HIJACKTHIS You launch Runscanner, in classic mode, then Start scan, scroll to find the key ---> C:\WINDOWS\msnet32.exe (file missing) it should appear in red check its box, then click on Fix selected items. you verify again to see if it is gone, and you put back a new hijackthis log  see you later BOB

BOB3 · Answer

Re cat,  good riddance and that's great,  we'll take care of the Runscanner report, there are keys to remove, you run it in Expert Mode, you scroll from top to bottom until you reach the title: 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) you'll find these 2 values --- usually in red - or is it in black ??? - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (Profos) - c:\program files\common files\bitdefender\bitdefender threat scanner	rufos.sys (Trufos) you check them, and you fix them  then, you check everything from top to bottom, and let me know if you find any corrupted keys it looks like hieroglyphic writings. and come back.  BOB3

BOB3 · Answer

Re cat, what we're doing is crazy, because it would have been faster to completely reinstall XP, but at this point we're going to continue but quickly because I'm leaving for a few days, probably back on the 8th or 9th  you say 7 keys,  you're going to do the same manipulation again, and you're going to note down to give me the detailed content of each key  when you point to a key, you right-click then ---->>>OPEN REGISTRY example HKEY_CLASSES_ROOT batfile you look at what's noted in the editor on the right (by default) EditFlags  you send them one by one, and I'll send you the corrections one after the other see you later BOB3

BOB3 · Answer

Re cat,  under HKEY_CLASSES_ROOT batfile click to open (default) and enter this value ----> copy from the log, then paste MS-DOS Command File  then right-click on batfile, new, binary value, create it and right-click on it, rename and name it EditFlags  click on it to open and enter this value 30 04 00 00 ok  Check in Runscanner if it has disappeared or not a+ BOB3

BOB3 · Answer

Re cat,  HKEY_CLASSES_ROOT cmdfile you click to open (default) and you enter this value ----> make a copy from the log, then paste Windows NT command script  then right-click on batfile, new, binary value, create it and right-click on it, rename it and name it EditFlags  you click on it to open and enter this value 30 04 00 00 ok  You check in Runscanner if it has disappeared or not a+ BOB3

BOB3 · Answer

Re cat,  HKEY_CLASSES_ROOT comfile you click to open (default) and you enter this value ----> copy from the log and paste Application MS-DOS  then right-click on batfile, new, binary value, create it and right-click on it, rename and name it EditFlags  you click on it to open it and enter this value 30 00 00 00 ok  You check in Runscanner if it has disappeared or not a+ BOB3

BOB3 · Answer

Re cat,  HKEY_CLASSES_ROOT exefile you click to open (default) and you enter this value ---->copy from the log, then paste Application  then right-click on exefile, new, binary value, you create it and right-click on it, rename it and call it EditFlags  you click on it to open it and enter this value 38 07 00 00  then right-click on exefile, new, string value, you create it and right-click on it, rename it and call it  InfoTip you click on it to open it and enter this value prop:FileDescription;Company;FileVersion;Create;Size   then right-click on exefile, new, string value, you create it and right-click on it, rename it and call it  TileInfo you click on it to open it and enter this value prop:FileDescription;Company;FileVersion  ok  You check in Runscanner if it has disappeared or not a+ BOB3  p.s. 113----it should have read then right-click on cmdfile, new, binary value, you create it 114----it should have read then right-click on comfile, new, binary value, you create it

BOB3 · Answer

Re cat,  you're confusing me,  you put what I send you... if you find other values you right-click and delete  see you+ bob3

BOB3 · Answer

Re cat,  HKEY_CLASSES_ROOT htafile click to open (default) and enter this value ----> copy it from the log and paste it HTML Application  then right-click on batfile, new, string value, create it and right-click on it, rename it and name it FriendlyTypeName  click on it to open it and enter this value @C:\WINDOWS\system32\mshta.exe,-6412 ok  Check in Runscanner if it has disappeared or not a+ BOB3

BOB3 · Answer

Re cat,  HKEY_CLASSES_ROOT piffile you click to open (default) and you enter this value ----> copy from the log, then paste Shortcut for the MS-DOS program  then right-click on piffile, new, binary value, create it and right-click on it, rename and name it EditFlags  you click on it to open and enter this value 01 00 00 00  then right-click on piffile, new, string value, create it and right-click on it, rename and name it  IsShortcut no value to give  then right-click on piffile, new, string value, create it and right-click on it, rename and name it  NeverShowExt no value to give  ok  You check in Runscanner if it has disappeared or not a+ BOB3

BOB3 · Answer

Re cat,  under HKEY_CLASSES_ROOT scrfile you click to open (default) and enter this value ----> copy from the log, then paste  Screen saver  ok you close your database, and you check in runscanner if they have disappeared.  N.B. THE INFO YOU GIVE ME IS FROM WIN 2000.  A+ BOB3

BOB3 · Answer

No panic,  you launch regedit.exe  you click on HKEY_CLASSES_ROOT TO EXPAND EVERYTHING  YOU SCROLL DOWN WITH YOUR CURSOR TO FIND ----->exefile ------------------------------------------------------------------------------------------------------------------- your answers should be in a row, don’t put answers in back and forth, specify in your reply which number it corresponds to from me, it avoids going up and down and is the best way to forget an answer,  were you able to fix HELP IN 121  DO NOT DELETE DEFAULTS YOU PUT IN FRONT OF IT THE VALUES I GAVE YOU  example --- scrfile (default) Screensaver  DON'T MESS UP, OPEN 2 PAGES OF THE SAME POST TO READ, CREATE KEYS, AND COPY PASTE A+ BOB3

BOB3 · Answer

Re cat,  I advise you to close Runscanner you stay in the registry and go down gradually to spot the keys  you close it and then launch Runscanner again to check if it's okay  N.B. YOU MUST FOLLOW TO THE LETTER WHAT I SENT YOU capital letters, lowercase, spaces, etc...  take your time see you later BOB

BOB3 · Answer

Re cat,  don’t panic you will copy what I send you into a file that you will name -----------> exefile.reg  look for a small file on your computer with extension xxxxxx.txt you open it, you empty it, and you copy all the text at the bottom starting from Windows and you paste it in there, and you reduce the empty space at the bottom you close it and you name it >>>>> exefile it will save as exefile.txt you rename it exefile.reg you right-click on it, then Merge and that's it   ___________________________________________________________________________________________ Windows Registry Editor Version 5.00  [HKEY_CLASSES_ROOT\exefile] @="Application" "EditFlags"=hex:38,07,00,00 "TileInfo"="prop:FileDescription;Company;FileVersion" "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"  [HKEY_CLASSES_ROOT\exefile\DefaultIcon] @="%1"  [HKEY_CLASSES_ROOT\exefile\shell]  [HKEY_CLASSES_ROOT\exefile\shell\open] "EditFlags"=hex:00,00,00,00  [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"  [HKEY_CLASSES_ROOT\exefile\shell\runas]  [HKEY_CLASSES_ROOT\exefile\shell\runas\command] @="\"%1\" %*"  [HKEY_CLASSES_ROOT\exefile\shellex]  [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}"  [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]  [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps] @="{86F19A00-42A0-1069-A2E9-08002B30309D}"  [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page] @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"    ________________________________________________________________________________   let me know if it worked a+BOB3

BOB3 · Answer

Re cat,  I know it's not easy when you're not used to it,  first of all, make a new restore point before doing the operation I sent you in 134  and be careful and take your time to replace all the keys I sent you  at the end, run Runscanner to check if there are any hieroglyphs because every space, comma, uppercase, and lowercase letter matters  good luck bob BOB3  P.S. put your answers, if I have a moment I will reply with my Blackberry, I will be back around the 15th

BOB3 · Answer

Hello cat, in the registry did you touch anything other than ----->exefile  see you + BOB3

BOB3 · Answer

Re cat,  I've looked at the Kaspersky report,  I think the problem comes from there, in his report he must have blocked several functions of the system,  excerpt  discovered: application presenting a potential risk Hidden data sending The process: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe discovered: application presenting a potential risk Hidden data sending The process: C:\WINDOWS\system32\rundll32.exe discovered: application presenting a potential risk Hidden data sending The process: C:\Program Files\Internet Explorer\iexplore.exe discovered: application presenting a potential risk Invader The process: C:\Program Files\RegCure\uninst.exe discovered: application presenting a potential risk Hidden data sending The process: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe  you need to explain to me, when you start Windows, does it show your desktop and your icons + taskbar at the bottom,  a+ BOB3

BOB3 · Answer

Re cat, sorry, I have to leave,  if you can run Runscanner, you open it and go to history / backup to restore the keys you deleted, otherwise if you can wait until Tuesday, if not try to repair with the XP CD, boot from your CD-ROM and use the repair function,  Have a good day BOB3

BOB3 · Answer

Re cat,  go see in C:\Windows\ServicePackFiles\i386\ what's there  normally you should have more than a gig of files a+ bob3

BOB3 · Answer

Re cat,  it should be good if you have 525MB  retry the process: C:\Windows\ServicePackFiles\i386\WINNT32 /unattend  copy and paste without spaces at the beginning or the end  see you BOB3

BOB3 · Answer

Apparently cat, your system is down in the dumps  there remains the radical solution,  you look at this link, and you pay very close attention to the repair procedure  https://www.thesiteoueb.net/faq-astuces/fiche-pratique-42-comment-reparer-windows-xp.html  important excerpt Insert the XP CD and boot from it at startup. In the menu that appears, click on "install". Windows will check your system and then you will have the option to repair. Be careful not to choose the "R" option the first time but rather the second time when you click "install". All you have to do is click on it and follow the instructions displayed.  normally it should work, see you later BOB3

BOB3 · Answer

That's right cat,  don't get confused  you ask him to install, and then to repair  see you later BOB3

BOB3 · Answer

Re cat,  in that case, save your working files, and reformat your disk the most radical method, and reinstall on a healthy drive. don't forget that repair doesn't mean getting rid of the viruses or other crap left on your machine. in my opinion, I already told you, it's the launch of Kaspersky that messed everything up, I think it was infected, and not the fact that you messed up the registry. we tried everything, but I think a fresh install will allow you to start off on the right foot.  have a good evening BOB3

BOB3 · Answer

Hello cat,  I noticed that you have XP Pro,  we will try one last manipulation before formatting and installing everything.  Go to C:\windows\erdnt\  Check inside, you should have 11 files,  just give me the date of the files  see you later.

BOB3 · Answer

Re cat,  tell me what's in C:\WINDOWS\ERUNT\  file names + dates  you don't need to compress for the backup, just make a backup on one or more DVDs  see you BOB3

BOB3 · Answer

Re cat, let's try one last maneuver before resorting to formatting,  if you can, launch ---- ERDNT.EXE IF IT WORKS IT WILL RESTORE TO THE DATE OF JULY 07 we'll see if it works see you BOB3

BOB3 · Answer

Re cat,  reboot your computer to see the result, and if you can run programs again without error messages. see you BOB3

BOB3 · Answer

Re cat,  forget it,  1--for backing up your files, burn them to DVD if you don't have an external drive. also check if you have any installation programs on your disk for which you don't have the CD-ROM also the utilities and drivers for your computer. take your time before formatting to not forget anything. normally, you should look in the folders located at C:\xxxxxxx as well as under C:\windows\xxxxxxxx  2--for formatting, it's quite simple, during the installation from the XP CD-ROM see the link ---- section --- Formatting for reinstallation http://www.commentcamarche.net/faq/sujet 543 formatage formater un disque dur#formatage disque dur xp ou autre sous dos  3--you don't have anything to uninstall, XP will overwrite everything on the disk 4--once the installation is complete, install your antivirus + spybot + updates then update XP + SP3 + IE7 and you're good to go good luck see you BOB3

Unable to download Acrobat Reader

74 réponses

Windows spotlight is not working.

Samsung j5 unable to answer

Scam of the suvedene highway

Remove 360 antivirus

My pc's screen is flickering.

Fujitsu siemens laptop won't start anymore

Wearline: what do you think?

Eko tank smartwatch

Ibiza sound reviews

Only one of my iphone headphones works. what to do?