The pc technician offers help with computer 

problems and virus removal got
a
virus?
pc technician says that even windows 7 needs a good anti-virus program, you can get free software 

from the
sources given on this page
virus help




pc computer repair

My PC Computer Repair Diary


Oct 5, 2012 Problem: Client cannot connect to central database
Analysis and solution:
The client has a shared database application. Normally, he would open the application and the program would connect to a database on a windows 7 computer ( which contains the shared database ). The first thing I looked at was the "network neighborhood" and all computers in the "workgroup". Well, this didn't show any of the other computers on the network. Obviously a network problem. By the way - the message he got from the application program looks like the screen shot below:



According to the client - he didn't do anything unusual, the application program just stopped working. The question is - why did "workgroup" become inaccessible? So I logged into the router ( linksys ) and displayed the DHCP table. See screen shot below:



Sure enough, all the computers on the network have been assigned an ip address by the router. The computer that contains the database is "Linda-HP". So I pinged "Linda-HP" and pinged failed - ie, "Ping request could not find host Linda-HP. Not sure of what the problem is - I took the computer to my workshop and hooked it up to my network. When I looked at "network places" and "workgroup" computers - nothing showed up. I thought that maybe the network card ( on the motherboard ) could be faulty - so I added a PCI network card - problem still exists - so it is NOT the network card on the motherboard.
I then downloaded the MS Fixit program 50135 and ran it. This allowed me to ping other computers on the network by name but these computers did not show up in the network neighborhood - > workgroup. I then just happened to notice a message from "AVG free". This version is newer than the one I use ( this one is 2013). Apparently, in AVG 2013 a new firewall feature has been added. So I poked around inside AVG free and there it showed that "printer and file sharing" had been turned off (see screen image below - this view shows the result after "enabling" the file and printer sharing )



So once it was turned on - everything worked - all icons showed up under the "workgroup" window. Normally, this setting is probably the default but the client somehow must have turned it off. Sometimes it is possible that a user may change a setting without knowing the full consequences of his action. So in the future, if I get this type of network error - and the client is running AVG 2013 - I will look at the AVG settings first. This is what makes troubleshooting so difficult as you may be unaware of the changes made by the client.
Fini!



June 28, 2012 Problem: Client says windows doesn't boot
Analysis and solution:
I turned on the client's computer and got the following message:

Windows could not start because the following file is missing
or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM
You can attempt to repair this file by starting Windows Setup
using the original Setup CD-ROM.
Select 'r' at the first screen to start repair.

Okay, I then started the setup disk ( the Dell restore disk) but I could not get to the option to do a "repair". So I tried the recovery console and typed the command:
chkdsk /r
This usually takes about 45 minutes, and unfortunately this didn't fix the problem. After some research, I found out that there is a backup copy of the "SYSTEM" file in the directory \windows\repair. I then started the computer with my copy of "Bart's PE Builder" disk. This allowed me to get into the directory structure of the C: drive. I then typed (from a command prompt window ) the following command:
rename c:\windows\system32\config\system c:\windows\system32\config\system.bad
I then copied the backup copy as shown:
copy c:\windows\repair\system c:\windows\system32\config\system

I then rebooted the computer and all was NOT well in Mudville. This time I got a different error message that flashed by quicker than Oprah pouncing on a boiled ham. Some more research and I decided to restore all five ( System, software, sam, security, and default) files of the registry hive ( who at Microsoft came up with this goofy name ). I still got the same fleeting message.
So I did some more research and I found a program called UBCD4win - and created a bootup disk. I ran this boot up disk to get to the UBCD4win interface and clicked on the sequence
Start > Programs > Registry Tools > Registry Restore Wizard
and specified C:\windows and then clicked on the button to "fix the system registry to that of a previous state". I selected a restore point that was about 2 months old. I then rebooted and it booted into the windows desktop BUT - neither the keyboard nor the mouse would function. Now what? I then put in the Dell restore disk again but this time I was able to start the "repair" option. This process took about 45 minutes afterwhich the computer booted to windows and oh joy of joys - the mouse and keyboard worked and all was well in Mudville.
Fini!


June 24, 2012 Problem: Client says Internet Explorer crashes
Analysis and solution:
The client computer runs Windows Vista and IE 8.0 - and it gave an error message that said "Internet Explorer has stopped running" (not the exact quote) and it asked if the user if he wanted to solve the problem. So I clicked on the button to solve the problem and it suggested to update windows. The update was actually a service pack 2 update to Vista. This took about 1.5 hours. I then ran IE8 again - no luck - same problem. again I followed the solution path - and updated about 50 patches. Yikes, this took about an hour. Still, had the same problem. Oh woe is me, these so called interactive solutions have never worked for me - ever. I have never had any success with any problem solving wizard - it always would take me to a point where there were no more steps to follow or the solution just didn't work. I am not sure what Microsoft ( or any other company ) would be able to do to improve this type of interactive wizard stuff - but they certainly need to do a better job - ah, I digress - so let's get back to the problem at hand.
Anyway, IE8 was also taking a long time to load ( about 3 minutes before IE8 would crash ). I then decided to load IE9 and happily it all worked. Internet Explorer 9 loaded quickly and when I followed the same steps that previously would make it crash - it worked just fine.
The fact that IE8 crashed and IE9 didn't is obviously a result of the upgrade but why the vast improvement in program load times really escapes me. One would think the two problems would be completely independent. So I will take this as a fix as the customer was satisfied.
Fini!


Apr. 18, 2012 Problem: Client says all desktop icons are missing and the start button is empty
Analysis and solution:
Sure enough, all desktop icons and start menu items were missing and about 15 popups appeared with some bogus message about the hard drive. Also, another popup appeared called "s.m.a.r.t. HDD" that looked like this:

bogus smart hdd program

Well this is a bogus program that alleges that something is wrong with the hard drive and the drive will fail very soon. I tried to fix the missing icons problem and after many attempts ( I had the problem fixed ) but after rebooting - the problems returned. I also tried to delete all files in "temp" directories - ie c:\windows\temp and %temp% ( which translated to this directory - c:\documents and settings\User\local settings\temp - where User would be the user name ). I also changed some registry settings as I was not able to right click on the desktop. After all of this work - all the problems would respawn - Crap!!! I decided not to try to remove this insidious piece of s**t - and for the first time in my life I caved in and just re-formated and re-installed windows. Of course, problem solved but very unsatisfying as I hate to let the hackers beat me. The problem with reloading windows is the reloading of the drivers and software and salvaging the user's files ( eg - user generated documents, etc. and email settings ) I did get all the hardware drivers and email messages but I forgot to save the email contacts - oops! The client accepted this omission as he would be able to get any email addresses from the "sent" email folder. Fini!


Apr. 9, 2012 Problem: Client say he gets a hard disk error when booting up
Analysis and solution:
The client dropped off his Dell computer and when I tried to boot the computer I got this error message:
"NOTICE - Hard Drive SELF MONITORING SYSTEM has reported that a parameter has exceeded its normal operating range. Dell recommends that you back up your data regularly. A parameter out of range may or may not indicate a potential hard drive problem."
At first I thought this was a bios error message but some research convinced me it was actually from the hard drive - I explored the possibility of turning off the "self monitoring system" - but did not find a way to do so. I then removed the hard drive (Samsung) and put it into an external hard drive case with a USB interface. I then put in a new drive in the computer and loaded window vista on the the new drive. After loading windows and some drivers and some other software ( the client had all the disks ) - I then plugged in the USB external drive. I was able to "read" this drive, so much for the error message about a potential hard drive error. Okay, now I tried to copy as many of the user folders ( my documents, photos, videos, etc) from the alledged "bad" drive - and was able to do so. I did experience some minor quirk - I got this message from windows vista that read:

You don't currently have permission to access this folder - click continue to get access to this folder" - (so I clicked continue) then it took 6 minutes before I could get access - I guess it was granting access to all files and folders, about 8 gigs ( this is ridiculous - what did microsoft do to make it work like this?). Once the permissions were set I was able to copy all the client generated folders to the new drive, that is, I recovered the documents, desktop, photos, videos, etc. folders. One final comment - I think that Samsung probably had a good idea to protect users from a catastrophic hard drive failure - but this anticipatory kind of monitoring is, in my experience, not very good. In this case, the drive was "readable" but it would not let me boot to the operating system, and did not really explain the "parameter" that was "out of range". But, the computer was fixed - had to buy a new hard drive and reload windows - to the satisfaction of the client.
Fini.


Mar. 15, 2012 Problem: Client says he cannot boot to windows
Analysis and solution:
The client dropped off his Dell computer (windows xp pro) and sure enough when I started the computer - the windows logo appears - then it just reboots. I then tried to reboot into safe mode and was successful. From safe mode I looked in some of the usual system directories - using command prompt - and listed the files by date order for files with .exe and .dll extensions. Nothing unusual. So I booted the computer from the windows xp install disk. I first selected the "repair" windows option - from the recovery console using the chkdsk command with the "/r" flag, with no success. Then I tried to repair windows by selecting the "R" option , this will show if you enter the install windows option, ie, you are given the choice of a "clean " install or a "repair". This method worked, the computer booted to the desktop. Now the fun began, I tried to run an AVG scan but I was stopped by a message that said my AVG free license did not match my system. I tried to re-install AVG but was stopped about half way through the installation with an error message. I tried all kinds of ways to install AVG ( wasn't able to do a clean uninstall so I just deleted the AVG folder and the AVG sys files in the
C:windows\system32\drivers    folder
I then tried to re-install AVG - no go. For some reason the AVG install program thought this was not a new install but a "change/repair" or a "remove" install. In other words I was not getting the normal sequence of steps for a new install. I was not able to install AVG and when I rebooted - the original problem occurred - that is, the computer didn't boot to the desktop - but just rebooted after displaying the windows logo. So I had to go through the "repair" option again. Yikes! another 45 minutes wasted.
I had to accept the fact I wasn't going to install AVG as I didn't want to screw things up and be forced to do another "repair" windows install. I told the client to get another anti-virus program.
Now I noticed another anomaly - the volume icon was missing from the "taskbar" ( lower right hand side ) and in fact I was not getting any sound from the speakers. I checked all the usual suspects to fix the problem. This included:

1. Check the speaker cable - it was okay
2. Check the "Sound and Audio Device Properties" from "control" panel.
     and under the "general" tab made sure the the box that reads -
     "Place volume icon in the taskbar" was checked - it was.
3. Check the other tabs to be sure all devices were properly selected - they were.
4. Check to see on the "audio" tab  under "Sound playback"  the Volume button
     which displays all the volume controls - that none were muted or turned down.
     -  all were okay.

After this I decided to pull out the rest of my remaining hair as I still have no sound or volume icon.
I found these steps to try to get back the volume icon.

1.Run regedit: click on Start > click on Run > type: regedit
2.Navigate to
HKEY_CURRENT_USER
 \Software
  \Microsoft
   \Windows
    \CurrentVersion
     \Explorer
3.In the Explorer folder change the value of EnableAutoTray to 0.
4.Right click Start (or anywhere on the taskbar) and select Properties.
5.Click the Taskbar tab.
6.Clear the Lock the taskbar option.
7.Check Hide inactive icons.
8.On the Taskbar tab, click Customize.
9.In the Current Items section, select each of the items as "Always Hide". 
Click OK, then OK again.
10.Start all over, re-open the properties dialog box, and select each item 
as "Hide when inactive" in the Current items section. Click OK, then OK again.
11.Navigate in the registry to
HKEY_CURRENT_USER
 \Software
  \Microsoft
   \Windows
    \CurrentVersion
     \Explorer
      \TrayNotify
12.Delete the IconStreams and PastIconStreams values.
13.Close the Registry Editor.
14.Close all open programs.
15.Open Task Manager: click on Start > click on Run > type: taskmgr
16.Click on the Processes tab.
17.Click on explorer.exe in the image name column.
18.Click on the End Process button.
19.Confirm Yes to kill the process. This will close the desktop except for Task 
Manager.
20.In Task Manager select the File menu command.
21.Click on the Create New Task button.
22.In the Open box type: explorer
23.Click OK.

Well, this did NOT work. So just for giggles, I logged off the current user (TOM) and logged into the other user (SHARON) - holy smoke - the volume icon was there and the sound worked - WTF! So, the next thing I tried ( I threw logic out the window) was to copy the "desktop" folder from "Documents and Settings> Sharon >" to "Documents and settings>Tom" and rebooted. This worked! The sound was working for "TOM" and the stupid volume icon was back on the taskbar. Thus the only problem that remains is the AVG - cannot install it - but I will leave it at that. Getting the sound back saved me from doing a reload of windows and the problems with a fresh reload, ie, to reload all the drivers, catch up with all the windows updates, reload all user applications, set the user's DSL connection, etc. By the way, I tried about 4 or 5 other tips to restore the volume icon - but none of these worked - it really should be a simple fix but from my research - it appears that there's a gazzillion "fixes" but none really state the reason behind the failure as to why the icon disappears. The fix should be simple but it's not - very strange.
FINI

Mar. 7, 2012 Problem: Client says he cannot start programs.
Analysis and solution:
The client dropped off his Dell laptop computer (windows 7) and sure enough when I started the computer - the desktop appeared - and a program claiming to be an anti-virus program - called "Internet Security 2012" opened first and reported a bunch of virus threats. I tried to execute several program icons on the desktop and nothing happened. This anti-virus program is bogus. (see image below - an example image is from this site "www.fixrogues.com")

screen shot of internet security 2012 program

All the authors of this program want you to do - is to pay a ransom so you can get your computer back. I really find this way of "doing business" very repugnant. So now I am off to fix the mess caused by this program.

The first thing I tried to do was open a command prompt - no good - as the start button only displayed a few items on the left hand panel. The right panel was completely empty. Yikes! what a mess. So I rebooted to safe mode (command prompt mode) and was able to look through some of the directories and found some suspicious looking files that had a recent date. I did this by typing at the command prompt the following:

prompt> dir /o:d *.exe ( to find all executables sorted by date)
and
prompt> dir /o:d *.dll ( to find all DLL files sorted by date )
and
prompt> dir /a:h ( to find all hidden files)

I did this for several directories - such as - c:\windows, c:\windows\system32, and c:\programdata. I noticed that all the latest files ( a few days old ) had suspicious looking file names ( i.e. , not microsoft type names ). I deleted all such files ( if you are afraid to delete files - then you can rename them ). What I may do is to rename a suspicious file say uuyytt123.exe to uuyytt123.xxx - so you will have a copy of the original. Then I would delete the file uuyytt123.exe.
While still in safe mode - I was able to run "msconfig" ( I typed it in the command prompt window). See the image below ( I already unchecked all boxes). See screen image below:
screen shot of msconfig windows 7
Notice the last entry " C:\ProgramData\wvgmkfnxI.exe" which looked suspicious and had a recent date. Also, the second column starts with Unk ( for Unknown manufacturer - again another red flag for me to think this is a bogus program ). After some research I noticed another program ( see image above) "C:\Users\User\AppData\Roaming\isecurity.exe" which belongs to the " Internet Security 2012 " program. After going through this list - and making a determination of bogus programs I then used command prompt to go these files and delete them.
After a reboot, and starting up windows in normal mode - well - Oh happy days, the Internet Security 2012 program was gone. But it left a mess. The left panel on the start menu was empty. To restore the start menu items you need to go to

C:\Users\user_name\AppData\Local\Temp\smtmp\1 and copy the entire content of the "1" directory to this directory

C:\ProgramData\Start Menu

To restore the desktop ( which by the way for this laptop was also messed up ) you need to copy the entire content of the "4" directory:
C:\User\user_name\AppData\Local\Temp\smtmp\4

To this directory
C:\ProgramData\Desktop

By the way, for some of these folders you may need to ( as administrator ) change the folder permissions to copy to these directories. By the way, this whole business of folder permissions and ownership is just plain ugly and confusing. Microsoft should really redo the entire security paradigm. Maybe in Windows 8?
Okay, now the start menu is working and the desktop icons have returned - I then installed AVG 2012 and ran a scan. It found 3 threats and quarantined them. I then rebooted and during the reboot - some microsoft windows 7 updates were applied and lo and behold - when the computer restarted - the BSOD appeared. Oh crap - now what? This was the error message I got:

Stop C0000135: The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem.

Yikes! - another microsoft error message beauty - what the hell is %hs and which program actually caused the problem ? The error message is totally useless. More information needs to be given so the user has a fighting chance. So, I have to guess at a course of action - oh great! Since the BSOD occurred after MS upgrades and the AVG install - I decided to remove AVG.
So, I then tried to get into safe mode - no good! Now what? I did some internet research and found a program from AVG - called "AVG Rescue Disk" - I suggest you get a copy as you can actually edit the registry using this program. You can find it HERE. I downloaded the *.iso file and created a CD boot disk.
Okay, I then booted up with the rescue disk and used it to get into the directory structure - this is done by selecting the first option "AVG Rescue CD" and after a little while - arrow-key down to the "Utilities" selection then select the "File Manager" you have to navigate with the keyboard ( since the interface is not graphical like windows) as the screens are text menus ( remember this is a unix like program that mounts your windows drive to a unix directory structure ).
Once inside the file manager - I navigated (using tab key to get to the right side) to the AVG directory and renamed this to AVG-OLD. You do this by moving the highlight bar to the AVG name and then press the F6 key - to get a dialog box - where you type in your new name.
Well this did not fix the problem - same STOP message. So, I rebooted with the rescue disk and navigated from the "Utilities" menu to the "Registry Editor" menu. I then followed these instructions from "http://blog.crosbydrive.com/?p=245" :
Here are the keys that need to be changed:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems

Under these keys, edit the data in the Value "Windows" and change the text from "consrv" to "winsrv" . This was not trivial as the text fields are in hexadecimal and you have to do this carefully. The entry (in plain text) looks like this:

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

Note the text in red - ie, "consrv" - this is the value that needs to be changed to "winsrv". For both of the keys given above. Remember to "save&return" your changes.
I think this AVG rescue disk is a terrific tool as it allows you to edit the registry on a computer that will not boot. I could have used this in the past many times - and it probably would have saved me from doing many windows re-installs.
Okay, with fingers crossed and whatever else I could cross - I rebooted and voila it worked - but after doing a few more tests - a few more problems showed up. I noticed that the "start menu --> all programs" panel did not contain the accessories folder ( and a few others). This was fixed by navigating to C:\ProgramData\Microsoft\Windows\Start Menu\Programs and making sure that the hidden attribute is NOT checked for the Accessories folder. The bogus Internet Security program probably set this attribute to hidden.
Another problem was the inability to right click on a program and trying to "Send To" the desktop - ie, there was no option to select "desktop". This was fixed by creating a file ( use notepad to open a new file ) and saving it as

"Desktop(create shortcut).DeskLink" to the
"C:\Users\user_name\AppData\Roaming\Microsoft\Windows\SendTo" directory.

I did this with a blank file - but I think you can put in the word "desktop" in the file.

Again, not sure how this file got lost - but I would bet the original bogus virus program or its removal caused this problem.
Well almost done, still some nagging problems - I could not start "task manager" by right clicking on the bottom task bar and some programs would not open , ie, after double clicking on a program icon - the cursor just kept spinning and would not actually open ( execute). So, after a few more reboots I was able to somehow open task manager. I noticed a process - which I traced to a program folder called "webroot" - which is an anti-virus program. On just a hunch, I tried to uninstall this program. I could not do a normal uninstall. I then just deleted the entire "webroot" directory and rebooted.
Again, after crossing my fingers - all the nagging little problems have disappeared. I think the webroot program is probably legit - but the "Internet Security 2012" program may have corrupted this program. In any case, the computer boots up real fast and doesn't appear to have any problems. FINI.

Jan. 23, 2012 Problem: Client says she cannot send email, although she can receive mail.
Analysis and solution:
I went to the client's house and sure enough I was unable to send an email message to myself - and I could see that she was able to receive mail. The computer was a Windows XP SP 3 dell computer and her email client was Outlook Express ( latest version and latest upgrade). When I sent a message here is what I got - see below:

error message from outlook express

The message did not say what was wrong - as the only message I got said "0 of 1 tasks have completed successfully". Yeah, I can see that the message was not sent because the email did NOT appear in her "Sent Items" folder. What the hell good is this message - it has no information about what failed. The other confusing part was this was characterized as a "warning" and when I looked under the Errors tab - no messages! So what is wrong - I then looked a little deeper and discovered that she had over 6 thousand messages in her "Sent Items" folder and about 6 thousand messages in the "Deleted Items" folder. I also noticed that in the "Sent Items" folder the same email was sent multiple times to different recipients , ie, instead of sending only one message to multiple recipients - she sent out the same message one at time to each person. Usually, there were about 6 or 7 people she sent the same message to and thus her "Sent Items" folder was bigger by a factor of 6. Yikes! So I showed her how to send a message to multiple recipients resulting in only one message instead of 6.
While mucking around in Outlook I did get a message about compacting folders. Then I tried to delete the messages in both the "Sent Items" and "Deleted Items" folders. Well, if you try to delete too many ( more than 200 ) messages - Outlook slows down to a snail's pace - so I was forced to delete about 50 at a time. In the "Sent Items" folder - this is what I did - I finally got down to about 60 messages ( I had a hunch that the problem may have to do with the number of messages in this folder which prevented the "send email" task from completing). After cleaning out this folder to 60 messages - I then ran the compact folder task - which took about 10 minutes ( for this folder only ). Now with a small and compact "Sent Items" folder - I tried to send an email - Voila - it worked !!!!
My hunch was correct - the problem has to do with a bloated and uncompacted folder.
I now deleted all the messages in the "Deleted Items" folder - all at once - and this operation took about 20 minutes - ridiculous - why don't these operations scale properly - when I deleted 50 message - it did it in a blink of an eye but delete 6 thousand and it takes 20 minutes. Now, after these messages were finally deleted - I ran a compact folder task - which took about 10 minutes.
I personally use a third party email client - and have not experienced anything like this. In fact, my email program doesn't even have a compact folders function so I assume the database cleanup must be done behind the scene, which, is exactly how it should be done. My philosophy is "let the computer do it" and not the user - if you want a well designed computer application. Fini!

Dec. 27, 2011 Problem: Client complained can't open email
Analysis and solution:
Customer dropped off computer at my shop. Sure enough, as soon as the desktop appeared a pop-up program called "XP Home Security 2012" opened. see image below:

bogus anti spy program xp home security 2012

Well, this is a bogus program as all it wants to do is extort money from you. This kind of exploit does a lot of harm - it prevents many applications from opening and just keeps re-opening itself to a point where your computer is essentially un-useable. So where do I start?
I first do what I normally would do - run HJThis. HJThis is a free program to analyze the entries in the windows registry ( google HJThis to get a copy ). The registry didn't show anything that looked harmful ,ie, program names that were not recognizable - all the names seemed to be legit. Look especially at the BHO entries - and if program has a strange name - like wisxcy.exe or some such nonsense - then this would be a candidate for deletion. I did clear out some entries that by my experience told me it was safe to do so.
I then tried ( after a reboot) to run AVG - it wouldn't start. I then got into safe mode and ran two more programs rkill and tdsskiller ( you can google both of these to get a copy). Still had problems with the bogus home security program. After some poking around the internet - I got some ideas. I looked into this folder:
C:\Documents and Settings\[UserName]\Local Settings\Application Data
and here I found 3 files with names like xxx.exe - and the strange thing about these files - was they all had the same file size and date stamp (today's date). This is very suspicious, so I deleted them. Now for my favorite pastime - I rebooted.
Okay, I felt like this would now clear up the problem. Ha! - No!
Yes, the "XP home security 2012" bozo did stop popping up but I could not execute anything - eg, the command prompt or the display program ( I wanted to change the display resolution ) the message said it could not find application rundll32.exe. So I ran xp_exe_fix.reg - this cleared up the execution problems. Now I rebooted and executed AVG free program and then ran malwarebytes program. Three or more hours later with both of these programs finding more threats - I figured I finally finished - but no - oh cruel and unjust world, a new problem appeared, and this is the fun part - my malwarebytes program would periodically pop-up an info window - which is shown below:

malwarebytes blocked access to potentially malicious 
website

I wanted to find out what was causing my malwarebytes program to continually warn me that E.T. wants to call home. I could have left it as is - ie, do nothing and return the computer to the client but this is most unsatisfying. The computer was running fine, no pop-ups and no problem with IE8 as this was re-directing google searches to ad sites. I suppose that malwarebytes, by preventing an E.T. phone call, solved the problem with IE8. But the client would have to endure the continuous annoyance of malwarebytes telling him about blocking outgoing traffic.
I would find it hard to return the computer ( even though it was now completely useable ) to the client like this, as I try to treat all repairs like it was mine.
I looked for a solution and all I could really find were two suggestions - run a scan with Kaspersky and combofix. I tried to install Kaspersky but ran into a problem as it would attempt to remove "incompatible programs" - even though it showed ( in the incompatible dialog box ) no programs , ie, this box was empty. So when I clicked next - it went on a search for null program names! It then searched for 20 minutes and then hung. I abandoned this "fix". I then tried to load combofix and not sure what happened as it ran and exited before I could read any completion messages. So I dropped this also.
By the way, at some point in all of these attempts to fix things - I had to do a windows upgrade ( 27 patches - took about 20 minutes) - more time lost. I am now at the point of rebooting - oh joy of joy - and I ran malwarebytes again. About an hour and a half - it found two more pieces of crapware - called PUP.adware.... or some such nonsense and was forced to reboot again by malwarebytes. I am now looking at the desktop and will wait about an hour before doing anything.
Well two hours passed - no pop-up from Malwarebytes. Opened IE8 and poked around for a while - still no problems. Will run one more AVG scan. Scan completed after 2 hours - no threats - FINI.

Dec. 20, 2011 Problem: Solution to the problem reported on Dec. 7, 2011
Analysis and solution:
As promised, I waited about 2 weeks to see if my changes to the clients computer actually worked. Well, the client said "everything is just great" . So it seems the programs I removed ( uninstalled) did the job. One was a commercial version of an anti-virus program and the other was a weather program that runs continuously in the background. I did not do further analysis as to which was the culprit. But, I have removed commercial versions of anti-virus programs a number of times before and this seemed to fix problems experienced by more than a few computers. As for the weather program ( a free download ) I suspect may have caused some lock-up problems as well. The lesson is - be careful of "free" programs that run in the background.
pc repair completed
Dec. 07, 2011 Problem: Two Computers -
One computer allegedly freezes up and the second computer required file organization.
Analysis and solution:
The computer that freezes up - I didn't experience any freeze ups while working on the computer so I took the client at his word and proceeded to remove some applications (that run in the background) and an anti-virus program. I then installed AVG free to replace the uninstalled anti-virus program. So I will have to wait a while to see if my changes worked. Will report back on this issue.

On the other computer - the user was having trouble locating and managing files. This is a windows 7 computer and the trouble she was having had to do with understanding the "Libraries" feature - which is new to windows 7. I have to admit, I could see why she was having problems as the concept of how files are organized and how the libraries feature works. You can see this new feature by opening windows explorer. Look at the left hand side and you will see the libraries organization. see below:
libraries in windows 7

As you can see - it looks like the folders are stored in
-> Libraries -> Documents ->
But where is this? It turns out some of the files are stored in Users -> dad -> my documents
and
Users -> public -> public documents
So you would think that the libraries feature is like a virtual storage area - and that the word "Libraries" is synonymous with the directory structure "User -> dad" . But if you go to the User->dad directory there is no folder called documents. In fact the folders you see in the above image are stored in two locations - "user->dad->my documents" and
"user->dad->public documents".
So now let us look at the "real" locations


-------------------------------------------------------------------------------




As you can see the virtual library is both of these combined. So if you think, as the client did, that "libraries" is the same as "user->dad" then got confused as there is no folder called "documents" under "user->dad" - but in reality the folder is "my documents". So I explained all this to the user and she can now navigate to the folders correctly.

To further explain this windows 7 feature you can watch this video.



Oct. 26, 2011 Problem: Two problems -
Client cannot print and 2nd computer running slow.
Analysis and solution:
The problem with the printer, according to the client, was that after somebody printed some documents from a database application - he could no longer print from another program. Well, I looked at the printer icon from Start > Printers and Faxes and noticed that the default printer was marked as "offline". So, I doubled clicked on the icon and then the Printer tab and saw that there was a check mark on the "Use Printer Offline" line. Why this was checked - was a mystery to me - but maybe the person who was printing things from the database application changed this. See the image below which now shows the "Use Printer Offline" is now unchecked.

Now I tried to print a test page - still no dice. So, I deleted the printer ( from "printers and faxes" ) and re-installed the printer making sure that the Port was correct. I also deleted any extra instances of this printer ( there was one extra one) and tried to print a test page - well, all's well in Mudville - it worked.
As for the slow computer, I essentially used msconfig and disabled all non-essential background jobs. This seemed to do a good job of making the computer run faster. I left the client site with AVG (anti-virus program) running and left instructions to let it complete and to call me if there was a problem. So far, everything seems okay, I didn't get a phone call after several hours. Fini.

Sept. 30, 2011 Problem: Customer says he cannot get into windows
Analysis and solution:
Okay, I turned on the computer and sure enough the minute I clicked on the user icon - windows said "logging on" and then it immediately said "logging off" and that's as far as it got. So I used my computer to search for a solution. Most solutions that were given were mostly not very good and a lot of people just gave guess work solutions. If you really don't know how to fix the problem - don't say any thing, period. But I did come across some interesting procedures, where one person thought the problem had to do with a corrupt registry ( I was also thinking along those lines). Even if the registry is corrupt how do I get at it since I could not get into windows to fix the registry key. That is, I could not even boot to safe mode. The suspected corrupt key is
HLM\SOFTWARE\Microsoft\windowsNT\CurrentVersion\Winlogon\ Userinit
This key should have the value:

c:\windows\system32\userinit.exe

And then I discovered, a way to edit the registry on a corrupt windows xp machine that has the symptoms similar to mine - ie, it gets at least to a logon screen. So, from another computer on the nework - start the regedit program by going to Start > Run and type regedit to launch the registry editor. Click on "file" and select "Connect Network Registry" by using the infected computer's IP address or name. Set the value of the key to C:\windows\system32\userinit.exe . Well, I thought I discoverd gold - a way to get to the registry of another computer to fix it. Well, this didn't work because I suspected the broken computer was on a different network ( I am on "workgroup" and probably the other computer was on "mshome") Later on, when I did fix the problem - this was the case ( ie, mshome). By the way, to use this remote registry feature you need to have set up both computers beforehand
1. Both need remote administration enabled.
2. Both are running the remote registry service.
So, in my case - this will not work.
Okay, to continue - I now booted the corrupt computer with "PE Builder" which allows me to examine the windows harddrive and snakes alive - no userinit.exe file in the windows\system32 folder. So, I copied the userinit.exe file onto a CD ( from my computer) and then copied it from the CD to the corrupt computer and rebooted. Zounds! ( as Billy Shakespeare would say )- it now booted to the windows desktop. Now I was faced with a another problem. Internet Explorer did not display anything - ie, could not connect. I then ran HiJackThis to see what was wrong - and bingo, there were unknown modules in the LSP winsock stack. No problem, says I, just run LSPfix.exe and clean it up - sure enough I did just this. Notice the two files in the remove column - below

I clicked on the checkbox - and then "finish". But I initially did not notice the name "Covenant Eyes NSP...." description. Now that I removed the two problem dll's - I got on the internet but the browser was still doing some bizzare things - I could not download a file ( I tried to get AVG free ). Now what? So I ran, and for no other reason but to do something - the rkill.exe program as described below in another problem see july 11,2011.) Well, running rkill did fix the problem - and I thought I was finished. I then rebooted and ran LSPfix.exe to double check - and both the bad dll files were reported again - even though I deleted both these files from the windows\system32 folder - so the LSP stack again caused failure to connect. Then, I remembered the description for the files ie, "Covenant Eyes" - so I went to control panel > add or remove folder and tried to remove a program called "Covenant Eyes". As I tried to remove it - it wanted a user code to remove the program. You've got to be kidding - this is totally stupid. I didn't have the code and most likely the client would not have this code as he inherited this computer from somebody else. So I just stupidly deleted the "CE - covenant eyes " folder which solved the problem - ie, the two files no longer were reported by LSP fix. As an aside, I looked up the "covenant eyes" program - and it turns out to be a program that reports on users visiting porn sites - Yikes and double yikes. Maybe a noble idea but if it screws up internet access and made me pull out what remaining hair I have - then the company needs to do a better job not to break the LSP stack. Here is an excerpt about this product:

Benefits and Features: Tracks every web visit and sends an e-mailed report to the accountability partner(s) of your choice. Removes the secrecy of using the Internet. Reports can be sent every seven, 14 or 28 days.

"I'm not religious, so I was pleased to find out that using this doesn't require religion. It is just common sense."

Promotes self-control, self-discipline, and personal accountability. Provides direct accountability for Internet use and time spent on the Internet.

"Thank you for an excellent program. For the last six weeks I have not looked at any porn. I hate to admit it, but I'm very grateful."

What can I say to this???? I guess - Pobody's Nerfect

  NEXT PAGE

PCTECHNICIAN.COM
Cool Counters @ pctechnician.com