131 replies to this topic

[Happy]

It's probably never good to have two active threads at the same time, is it? Well, here we go... On my Dell Insiron 9300 laptop I run Windows XP. I run Adaware and Spybot regularly, and update both each time I begin a scan. Approximately a week ago, I undertook the task of assisting my wife with the problem of her laptop locking up on her during use. Her cursor would freeze up on her. My laptop was running reasonably well, though I was encountering frequent notifications that Adaware had encountered an unexpected problem and needed to close. Normally I will send the log to Lavasoft as requested. Well, I decided that I would remove my current Adaware version and reload the latest version available from Lavasoft and was redirected to the mirror site CNET.com. The removal process wasn't easy, and somehow I was getting an indicator that there were 82 revisions that hadn't completed. Undaunted, I removed the program, and finally got it reloaded after several attempts. However, after reload, I was blue-screen crashing after about 5 minutes. So, I restarted in safe mode, and then tried to go to a reset point, and then checked to see if all Microsoft Windows updates were current, and on balance, they were though I did load a few files from the custom updates. That seemed to help a bit as I was able to function (for the most part) without a blue screen crash. At this time, I was receiving regular notifications that were saying something about a failure to add data to a Windows System 32 file, but I seemed to be able to plod along. So, being the smart guy that I am, I ran a TFC scan and removed a bunch of crud that it found. Then I ran the Malwarebytes' Anti-Malware scan. It took a couple of tries, but I ended up finding 5 objects and promptly failed to save a log, but did click on the remove button, and then restarted as instructed. And that, was that. When I wnet to restart, I received the following blue screen message... STOP: c0000218 [Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWEAR or its log or aternate. It is corrupt, absent, or not writable. Beginning dump of physical memory Physical memory dump complete. Contact your system administrator or technical support group for further assistance. I'm no comuter expert, but that can't be good. Am I wrong in that I am concerned that there's a connection, or loose association, with my problem and my Adaware software? Any help you might be able to offer would be greatly appreciated!!!

Attached Thumbnails

• 

[Tomk]

Hi there Happy! Looks like you're stuck with me again. Please start your Malwarebytes program. Click on the Logs tab that you will find in the middle of the page towards the top. All the logs are saved there by date. You can double click on one to open it in notepad. If there are multiple ones there, please post me the last two. If there is only one... I'll take it.

[Tomk]

Hi there Happy! Looks like you're stuck with me again. Please start your Malwarebytes program. Click on the Logs tab that you will find in the middle of the page towards the top. All the logs are saved there by date. You can double click on one to open it in notepad. If there are multiple ones there, please post me the last two. If there is only one... I'll take it.

[Happy]

TomK, I feel comforted that you are with me on this problem. My main question is, how do I get to a point where I can access the Malwarebytes log when I'm going blue-screen right from the jump? I'm not even getting ot the desktop. I've tried safe mode and last known retore point....

[Tomk]

Good question. I missed that you couldn't even boot to safe mode. Do you have your XP disk? Do you have a USB drive (thumb drive)?

[Happy]

You know, I should have that dang disk around here somewhere, but I looked in the file it should be in, and sure enough... no disk. I do, however have a zip drive. I think it's 2G.

[Tomk]

Let's give this a try:

You will need your USB drive and a working computer.

Download http://unetbootin.so...dows-latest.exe & http://noahdfear.net.../xpud-0.9.2.iso to the desktop of your clean computer

• Insert your USB drive
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
• Double click the unetbootin-xpud-windows-387.exe that you just downloaded
• Press Run then OK
• Select the DiskImage option then click the browse button located on the right side of the textbox field.
• Browse to and select the xpud-0.9.2.iso file you downloaded
• Verify the correct drive letter is selected for your USB device then click OK
• It will install a little bootable OS on your USB device
• Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
• After it has completed do not choose to reboot the clean computer simply close the installer
• Next download http://noahdfear.net/downloads/rst.sh to your USB
• Remove the USB and insert it in the sick computer
• Boot the Sick computer
• Press F12 and choose to boot from the USB
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Click on the folder that represents your USB drive (sdb1 ?)
• Confirm that you see rst.sh that you downloaded there
• Press Tool at the top
• Choose Open Terminal
• Type bash rst.sh
• Press Enter
• After it has finished a report will be located at sdb1 named enum.log
• Plug that USB back into the clean computer and open it
• Remove the USB drive and insert back in your working computer and navigate to enum.log
  
  Please note - all text entries are case sensitive

Copy and paste the enum.log for my review

[Happy]

Hmm. Ok, I've been able to execute the instructions down to the point of finding the rst.sh on sda 1. I can see the file on the zip drive - Type file: SH 2.99 KB, but I cannot see it on in sda 1. It turns out I had sda 1, 2, & 3. I've checked each, and it isn't on any of them.

[Tomk]

Do you not have a sdb1

[Happy]

er, sorry, I did mean sdb1, not sda as I had indicated.

[Tomk]

Ok... Please tell me what you normally have for drives on your system. C:, D:.....

[Happy]

Ok, normally, just C & D, I think. I've never really thought about it. However, as I recall, it is set up to have a second environment for my wife (this was obviously before she had her own laptop), but I don't believe she ever used it. Having said that, I doubt that creates it's own drive, but it was the only unusual thing I could think of. Otherwise, it's a fairly basic home laptop.

[Tomk]

Having a separate user profile will not give you another drive. Besides... the profile only exists in windows... and you're not in Windows but rather Linux. I could only get access to three different computers this evening to do a little experimenting... and each time my thumb drive came up as sdb1 - and my hard drives came up as sda1 or sda1 and sda2 depending on whether I had two hard drives or one. Please look again at the three choices that you have and see if one of them contains two folders.... boot and opt.

[Happy]

You know TomK, initally, I don't think I quite understood the distinction between sda and sdb in the instructions (hence the error in my reply post). So, let me describe for you what I am seeing...

Under the File System, I can find the mnt file. Within that, I see files labled sda1, sda2, and sda3.
Within sda1: There is a file folder labled 'dell', then a file that is titled Adaptec.mdm, the next is Adaptec2.mdm, ami_raid.mdm, and 68 other 'mdm' files, the last of which is titled Video.mdm.
In sda2, I find what appear to be my C Drive. 27 file folders beginning with 11c66e3d8b710f135f06, 86dcf675ec0742b3894a768cf05965, 92d45bf3f4a95e16339a10, _OTMoveIt, cmdcons, Config.Msi, through to a file folder labled Windows. It also contains 60 other files beginning with aaw7boot.log, AUTOEXEC.BAT, Boot.bak, all the way through to one labled sqmnoopt19.sqm.
In sda3, I find 8 file folders, labled bat, bin, img, src1, src2, src3, src4, src5, and 5 files labled autoexec.bat, command.com, config.sys, dellbio.bin, and dellrmk.bin.

That's everything listed under the file mnt. If you require more detail, I would be more than happy to give that to you. Did I do something wrong when I loaded my zip drive?

[Tomk]

I don't think you did anything wrong... your computer is just being screwwy. You had to have done everything correct because you loaded and started the Linux distro. The information your computer used to do that is on the thumb drive and contained in the Boot and opt folders. I don't know why it isn't showing. I'm going to get some advice from Noahdfear, a colleague who wrote the script we are trying to run. One of us will get back to you.