Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Dell 9400 is infected, but I am unable to determine by what.


  • Please log in to reply
27 replies to this topic

#1 Johnny 5 Alive

Johnny 5 Alive

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 09 November 2014 - 09:32 AM

Dell Inspiron 9400 LT

Win XP Pro

 

XP updaes will not install, and it takes 10 minutes for it to start up. Browsers don't always take me where I want to go.

 

ETC.

 

I reviewed a similiar situation in another post and am going to try those tecniques.

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 09 November 2014 - 10:43 AM

That slow start could be caused by too many items in startup, a failing hdd, a very fragmented hdd or malware.

Suggest you backup all important files or create an image of the entire drive and store it on an external medium. If the 

hdd is failing, the more you use it the more likely it will become unbootable and unable to recover files.

 

Use CCleaner to cleanup the crud. Once you have done that open CCleaner and click on Tools and choose Startups.

At the bottom of that page you will see a button when clicked will allow you post the list of programs presently starting up

at boot. Post that list back here.

 

After you have backed up the computer and posted the list of startups you can run some programs to hopefully find and

remove whatever adware and malware is on the computer.

 

Use the instructions for Rkill, MBAM, AdwCleaner, Junkware Removal Tool, and Eset online scanner in your previous topic for a different computer.

Make sure that all active security programs are stopped from running/ disabled before running the scans.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 09 November 2014 - 02:25 PM

I am in Safe Mode, am I able to get to the list of startups, where do I locate that list, and do I need to start a service first.


Edited by Johnny 5 Alive, 09 November 2014 - 02:26 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 09 November 2014 - 02:48 PM

So, CCleaner won't work in safe mode or is not installed?

 

You can try another route....if Step One in the link below is usable in Safe Mode then remove the startups that

use the most RAM such as Office programs, Media programs like WMP, Java, Browsers, Antivirus program, Antispyware program

3 Ways to Alter Startup Programs in Windows XP - wikiHow

 

Are you unable to boot into regular mode?

If so, boot into Safe Mode With Networking and attempt to download and run the programs to find adware and malware.


Edited by buddy215, 09 November 2014 - 02:49 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 10 November 2014 - 05:27 PM

I am using regular boot.

 

I do not wish to run a backup at this time.

 

 

Startup.txt

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\Utils\System\CCleaner\CCleaner.exe" /MONITOR
No    HKCU:Run    ctfmon    Microsoft Corporation    C:\WINDOWS\system32\ctfmon.exe
No    HKCU:Run    msnmsgr    Microsoft Corporation    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
No    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
No    HKCU:Run    TeaTimer    Safer-Networking Ltd.    C:\Program Files\Utils\System\Spybot-S&D\TeaTimer.exe
No    HKLM:Run            
No    HKLM:Run    AdobeARM    Adobe Systems Incorporated    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No    HKLM:Run    Apoint        
No    HKLM:Run    AppleSyncNotifier    Apple Inc.    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
No    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\Utils\System\Avast\AvastUI.exe" /nogui
No    HKLM:Run    BJMyPrt    CANON INC.    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
No    HKLM:Run    BrCcBoot    Brother Industries, Ltd.    C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
No    HKLM:Run    BrStMonW    Brother Industries, Ltd.    C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
No    HKLM:Run    cli    ATI Technologies Inc.    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
No    HKLM:Run    CNSLMAIN    CANON INC.    C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
No    HKLM:Run    CTSVolFE    Creative Technology Ltd    "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
No    HKLM:Run    Everything        "C:\Program Files\Utils\files&Folders\Everything\Everything.exe" -startup
No    HKLM:Run    ifrmewrk    Intel Corporation    "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
No    HKLM:Run    IndexSearch    Nuance Communications, Inc.    "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
Yes    HKLM:Run    IntelZeroConfig    Intel Corporation    "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
No    HKLM:Run    IObit SmartDefrag        "\\Desktop\desktopd\Program Files\Utils\Disk\IObit SmartDefrag\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
No    HKLM:Run    iTouch    Logitech Inc.    C:\Program Files\Logitech\iTouch\iTouch.exe
No    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\Media\A-V\iTunes\iTunesHelper.exe"
No    HKLM:Run    jusched    Oracle Corporation    "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No    HKLM:Run    LWS    Logitech Inc.    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
No    HKLM:Run    mm_tray    MUSICMATCH, Inc.    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
No    HKLM:Run    mmtask    TODO: <Company name>    c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Yes    HKLM:Run    MSConfig    Microsoft Corporation    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
No    HKLM:Run    OpwareSE4    Nuance Communications, Inc.    "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
No    HKLM:Run    PaperPort PTD    Nuance Communications, Inc.    "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
No    HKLM:Run    PDF5 Registry Controller    Nuance Communications, Inc.    C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
No    HKLM:Run    PDFHook    Nuance Communications, Inc.    C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
No    HKLM:Run    PPort12reminder    Nuance Communications, Inc.    "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
No    HKLM:Run    qttask    Apple Inc.    "C:\Program Files\QuickTime\qttask.exe" -atboottime
No    HKLM:Run    quickset    Dell Inc    C:\Program Files\Dell\QuickSet\quickset.exe
No    HKLM:Run    s mqrt        regsvr32 /s mqrt.dll
No    HKLM:Run    SetPoint    Logitech, Inc.    C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
No    HKLM:Run    sprtcmd    SupportSoft, Inc.    "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
No    HKLM:Run    SSBkgdupdate    Nuance Communications, Inc.    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
No    HKLM:Run    stsystra    SigmaTel, Inc.    %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
Yes    HKLM:Run    SynTPEnh    Synaptics, Inc.    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
No    HKLM:Run    ToolbarHelper        
No    HKLM:Run    WrtMon        C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
No    Startup Common        Adobe Systems Inc.    C:\PROGRA~1\Office\Adobe\ACROBA~2.0\Distillr\acrotray.exe
No    Startup User            
 

I had already run the makware programs and i will post in next post.I ran defraggler twice.


Edited by Johnny 5 Alive, 10 November 2014 - 05:34 PM.


#6 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 10 November 2014 - 05:51 PM

there about 10 microsoft updates that would not install. this is not a new problem.



#7 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 10 November 2014 - 06:20 PM

adwcleaner R0 file.

 

# AdwCleaner v4.100 - Report created 08/11/2014 at 06:55:03
# Updated 08/11/2014 by Xplode
# Database : 2014-11-07.1
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Elvis - DELL9400LT
# Running from : C:\Documents and Settings\Elvis\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Reimage.ini
Folder Found : C:\Documents and Settings\Administrator\Application Data\NCH Software
Folder Found : C:\Documents and Settings\Administrator\Application Data\Search Settings
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
Folder Found : C:\Documents and Settings\Elvis\Application Data\NCH Software
Folder Found : C:\Documents and Settings\Elvis\Application Data\Slick Savings
Folder Found : C:\Documents and Settings\John\Application Data\adawaretb
Folder Found : C:\Documents and Settings\John\Application Data\NCH Software
Folder Found : C:\Documents and Settings\Visitor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Found : C:\Program Files\adawaretb
Folder Found : C:\Program Files\Common Files\Spigot
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\Toolbar Cleaner

***** [ Scheduled Tasks ] *****

Task Found : Reimage Reminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5370C3A1-BEAB-40E1-BBEF-4B5C0398B577}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\StartNow Toolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01F3D033-9228-49CA-A4E2-FED51F18D169}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{180E5EA5-B41A-4DA4-8A56-3105BE019C48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Reimage
Key Found : HKLM\SOFTWARE\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[8frsmvdc.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[8frsmvdc.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[8frsmvdc.default] - Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v38.0.2125.111

[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [7247 octets] - [08/11/2014 06:55:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7307 octets] ##########
 

 

adwcleaner S0

 

# AdwCleaner v4.100 - Report created 08/11/2014 at 07:01:40
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Elvis - DELL9400LT
# Running from : C:\Documents and Settings\Elvis\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Elvis\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Elvis\Application Data\Slick Savings
Folder Deleted : C:\Documents and Settings\John\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\John\Application Data\NCH Software
[!] Folder Deleted : C:\Documents and Settings\Visitor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\WINDOWS\Reimage.ini

***** [ Scheduled Tasks ] *****

Task Deleted : Reimage Reminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01F3D033-9228-49CA-A4E2-FED51F18D169}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{180E5EA5-B41A-4DA4-8A56-3105BE019C48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5370C3A1-BEAB-40E1-BBEF-4B5C0398B577}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[8frsmvdc.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[8frsmvdc.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[8frsmvdc.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v38.0.2125.111

[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [7387 octets] - [08/11/2014 06:55:03]
AdwCleaner[S0].txt - [7464 octets] - [08/11/2014 07:01:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7524 octets] ##########
 

 

jrt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Elvis on Sat 11/08/2014 at  8:32:26.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Elvis\Local Settings\Application Data\adawarebp"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/08/2014 at  8:38:57.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------------------------------------------------------------------------

 

ESET

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Elvis\Application Data\Slick Savings\CouponsHelper.exe.vir    a variant of Win32/Toolbar.Widgi.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburn.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressBurn\expressburnsetup_v4.72.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressZip\expresszip.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\ExpressZip\expresszipsetup_v2.28.exe.vir    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\MixPad\mixpad.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\MixPad\mpsetup_v3.00.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\MixPad\uninst.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Pixillion\pixillion.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Pixillion\pixillionsetup_v2.59.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Switch\switch.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Switch\switchsetup_v4.22.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Switch\uninst.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\uninst.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\wavepad.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\wavepadsetup_v5.48.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\WavePad\wpsetup_v5.05.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Documents and Settings\All Users\Desktop\Malware\Bleeping_Computer\spsetup118.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Documents and Settings\All Users\downloads\ccsetup324.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Documents and Settings\All Users\downloads\defragsetup (1).exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\Documents and Settings\All Users\downloads\defragsetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\Documents and Settings\All Users\downloads\IOGEAR_GKM681R_Driver_Update_08-2013.exe    a variant of Win32/Systweak.H potentially unwanted application    deleted - quarantined
C:\Documents and Settings\All Users\downloads\wpsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Elvis\My Documents\Downloads\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Elvis\My Documents\Downloads\dfsetup215.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Elvis\My Documents\Downloads\dfsetup217.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP191\A0045179.exe    Win32/Toolbar.Babylon.T potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052739.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052740.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052741.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052742.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052744.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052745.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052746.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052747.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052748.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052749.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052750.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052751.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052753.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052754.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052762.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052763.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{47C617A7-94F1-4E24-815A-8726EA209321}\RP225\A0052778.exe    a variant of Win32/Toolbar.Widgi.F potentially unwanted application    deleted - quarantined
 

----------------------------------------------------------------------------------------------------------------------------------------------------------

 

mbam

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/10/2014
Scan Time: 2:19:27 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.10.03
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 534457
Time Elapsed: 36 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

----------------------------------------------------------------------------------------------------------------------------------------------------------

 

i ran tweaking.com

 



#8 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 10 November 2014 - 07:13 PM

I saw nothing malicious...just a ton of adware...

 

Have you tried updating after the cleanup and running the All In One tool set?

 

Is the computer still taking 10 minutes to boot?

 

I see CCleaner Monitor is in startup....you should disable that.

 

Have you checked the temperatures? Overheating can cause slowness, too.

I've used this program: SpeedFan - Access temperature sensor in your computer

Disclaimer

This program is aimed at the power user. At those who know what they're doing. I've known of no real problem caused by SpeedFan, but may be it's due to the fact that once it made the PC explode and the user disappeared in the blast, thus being unable to report :-) Anyway: SpeedFan can be extremely useful, but you should first watch its behavior before setting and forgetting it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 10 November 2014 - 07:19 PM

Meant to add...delete all of the Restore Points....lots of unwanted crapware in them.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 10 November 2014 - 11:04 PM

how can you control the fans in a LT? Still takes some time, What can I run to see if there are still adware on the system? I ran all of the programs except fo rkill.



#11 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 11 November 2014 - 05:54 AM

Speed Fan will offer the ability to control fan speeds....but not all recognized or controllable. Have you tried it?

 

If you want a more thorough search for malware and adware then you can start a new topic.

Start a new topic after creating a DDS log by following instruction #6 found here: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs

 

Post the DDS log along with a description of the problem in the Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com

 

Do not bump your topic once it is posted. Wait for a response. It could be a few days.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 11 November 2014 - 06:45 AM

i have not tried speedfan. I just tried to download & install, it downloaded, but did't seem to load. The installation program closed immediately after opening when I clicked on it.

 

What report are you looking a to determine I still have a lot of malware on my system? Should I use rkill?

 

i do not know to delete a restore point, i have  never tried. Found out how to delete them & did.


Edited by Johnny 5 Alive, 11 November 2014 - 07:45 AM.


#13 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 11 November 2014 - 08:11 AM

I said the scans you have done only find a ton of adware but if you want a more thorough look then you will need to start

a new topic.

 

Be sure to enable the ability to create restore points if you haven't done that. You disabled the ability to create store points

to delete the existing ones. You simply go back and enable.

 

From the Speed Fan site:  The latest version is SpeedFan 4.50. Some tools (like Norton Internet Security or ZoneAlarm) may interfere with the download process. Basically, the REFERER field must be properly sent to SpeedFan's web server. Download won't work if any tool blocks it.

 

If you have any active security programs (such as Avast) running, suggest you disable them while downloading and installing Speed Fan.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:04:09 PM

Posted 11 November 2014 - 11:43 AM

The LT now starts up in about 5 minutes, but the HD keeps churning until after 10 minutes has passed and the Avast icon comes up in the program tray.

 

You mentioned the all in one tool set, if that is the eset, the answer is yes if it is something else the answer is no. Yea I tried to install the updates after running eset twice, didn't help.

 

I just shut off the run when windows starts for CCleaner and MBAM.

 

The HD now stops in 6 minutes and a few seconds.

 

SpeedFan still won't install, but now says My system does not have the minimum requirements.

 

I had not run RKill in my last post, did you want me to run it now. I had no instructions on how to run it.


Edited by Johnny 5 Alive, 11 November 2014 - 12:09 PM.


#15 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:09 PM

Posted 11 November 2014 - 12:42 PM

No, I was mentioning this All In One....Windows Repair (All In One) Download  which has a Windows Update repair feature.

 

You can read in this link and there are repair suggestions and a Fix It tool for repairing Windows Update.

0x80080008 error message when you try to install updates by using Windows Update or Microsoft Update

 

There is no reason to run RKill.

 

I'm surprised SpeedFan says that you don't meet minimum requirements.

Follow the directions in the link below for creating a Speccy report. Either post the report or a link to the report.

Publish a Snapshot using Speccy

Pay attention while installing and watch for toolbars being offered.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users