[RKinner]

[2012/10/25 21:49:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

Hidden System file. You need to

Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button

[Advertisements]

Went to folder options. No "Display Contents of system folders" option. I see one in XP, but not in Win 7. Checked "Show Hidden", unchecked Hide file extensions. Unchecked "Hide protected".

Found the file. 1kb in size. Icon looks like it has an X through it. Right clicked, EDIT, Notepad opens with nothing inside. No text, no symbols, nothing. Looks empty.

Thanks.

[Jayli]

Went to folder options. No "Display Contents of system folders" option. I see one in XP, but not in Win 7. Checked "Show Hidden", unchecked Hide file extensions. Unchecked "Hide protected".

Found the file. 1kb in size. Icon looks like it has an X through it. Right clicked, EDIT, Notepad opens with nothing inside. No text, no symbols, nothing. Looks empty.

Thanks.

[RKinner]

Clear the event logs as before. Reboot and run VEW and let's see if anything has changed.

Are you still getting your office setup errors?

[RKinner]

PS. We will be off island for the next two days so expect delays.

[Jayli]

Yes, same problems with Office. I downloaded a Fix from Microsoft, but did not install it. It's a Service Pack.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/11/2012 1:40:55 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/11/2012 6:39:31 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 09/11/2012 6:39:00 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

*********************************************

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/11/2012 1:40:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks & Enjoy your weekend!

[Jayli]

Hello Ron and I hope you enjoyed your weekend.

I've been taking this break in repairs to learn more about the OTL log in order to search my system for more information. On the Drivers Services safelist OTL log section. File not Found. rdvgkmd.sys . Through research I've found this file is located in the System32\Driverstore\FileRepository folder. I checked, it's there.

The catchme.dll file is also missing and is located in the Qoobox\Quarantine folder. Quarantined by one of the virus removal programs.

Most of my pertinent Folders with information are now located under the NETWORK. I don't understand why they were moved to this location.

And it looks like the computer is booting from the smallest partition. DeviceID: Disk #0, Partition #0 Bootable: True, BootPartition:True, Size :100.00MB Is this correct?

Finally, the big item. All of my software programs were working perfectly before, like FL Studios 9 and MS Office are NOT working. Research pointed me to DEP (Data Execution Prevention). What do you think? I don't know if we can restore this back to a previous time when they were working, but I would like to try. I don't have disks to reinstall them.

My goal is to get my computer virus free and to continue using the currently installed programs.

Thanks.

[RKinner]

System32\Driverstore\FileRepository is just where windows keeps a copy of drivers. The file should really be at:

C:\System32\drivers\rdvgkmd.sys

See your OTL log DRV section:

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JayLi\AppData\Local\Temp\catchme.sys -- (catchme)

I think Catchme.sys is part of Combofix. Qoobox is where Combofix puts files that it removes. I always see this entry after running Combofix. I expect when you uninstall Combofix the entry will go away.

Most of my pertinent Folders with information are now located under the NETWORK. I don't understand why they were moved to this location.

Not sure where Network is. It does not show in the logs. Sometimes when the hard drive screws up a bunch of files will get moved to a new location. If running check disk doesn't help then you have to move them back where they belong.

And it looks like the computer is booting from the smallest partition. DeviceID: Disk #0, Partition #0 Bootable: True, BootPartition:True, Size :100.00MB Is this correct?

Normal for a lot of PCs which have some sort of factory recovery system.

Finally, the big item. All of my software programs were working perfectly before, like FL Studios 9 and MS Office are NOT working. Research pointed me to DEP (Data Execution Prevention). What do you think? I don't know if we can restore this back to a previous time when they were working, but I would like to try. I don't have disks to reinstall them.

Unlikely that DEP is the problem. Apparently some part of the install has gotten lost for Office. Not sure what the problem is with FL Studios 9. Could it be the one that wants a dongle to work?

[Jayli]

Yes, I understand FileRepository is a copy of drivers. OTL states "File not found", so does that file need to be copied into the correct location so the program(s) that depend on the file work correctly? Or perhaps this is not a real issue just because OTL did not find the driver???

When I open COMPUTER,there's are a list of Folder locations on the LEFT side. NETWORK is one of them. Before all of this, there was nothing under NETWORK. Now when I click on it, I have a Folder named LISETTEMILLER, under that are USERS, then JAYLI, PUBLIC & SYS. ** If I click on C Drive, Users I can see my folder, Jayli, but it has a LOCK on it. Why can't I even access my own folder without special permission?

As stated, FL Studios and other programs worked perfectly since I purchased this laptop. Never needed a dongle or anything else. Just clicked on the program and it opened up. Now it's saying "Cannot open file....the system cannot find the file specified.

Apparently this computer was being used at a school. Not sure if it was on a Network or what?? I'm trying my best to give you background on this laptop, so we can get this completed in the most efficient way possible.

Anyway, how do we proceed with this? Thanks.

[RKinner]

Normally under Network you just see your computer and any other computers that are on the same network. There aren't supposed to be folders there unless you open your computer up but then you will see folders. Can you give me a screen shot?

My Win 7 shows a lock on my users\username folder but it opens when I ask it to. If yours doesn't you should be able to right click on it and select Properties then Security. I have 4 entries. All but HomeUsers have full control (all items checked in the bottom). Click on Edit then click on Administrators and see if you can give admin full control. If not you may have to take ownership of the folder.

As stated, FL Studios and other programs worked perfectly since I purchased this laptop. Never needed a dongle or anything else. Just clicked on the program and it opened up. Now it's saying "Cannot open file....the system cannot find the file specified.

Any idea what file it is looking for? Are you clicking on a shortcut? Right click on it and select Properties then look to see what the target and Start from path are.

[Jayli]

Yes, clicking on Shortcut. It's looking for "C:\Program Files\Image-Line\FL Studio 9\FL.exe"

Attached: 5 Screen Shots. 1 from "Computer" and 4 from FL Studios.

I was able to access my folder by clicking on it.

I still have Windows Search disabled, so I am unable to search the registry. Should I enable it? Thanks.

Attached Thumbnails

• 
• 
• 
• 
• 

[RKinner]

OK. What you see in Network is normal. You have opened LisetteMiller (which is your computer) and it shows you the Users. If you go back and click on C: it should also show you your Users folder (along with a lot more)

Look in C:\Program Files and see if you can find the folders and files that it is looking for. Are they still there?

You can still search. It just takes a bit longer.

[Jayli]

Yep. Folders are still there. I clicked on the FL.exe application file and it gave me the same error as the desktop shortcut did. I see a previous version restore point in the properties of FL Studios. That should just restore FL Studios and not the OS right? Its from 8\29\2012. Should I try the restore to previous version?

Besides that, what do we need to do to continue cleaning my system? Thanks.

[RKinner]

I would stay away from Restore Points for now.

Right click on fl.exe and select properties then security. Check that you have full control.

[Jayli]

Ok. Checked properties. Doesn't look like Jayli has full control. Here's a screen shot. FYI, I've already tried other Users, but had the same result. Thanks.

[RKinner]

It says Everyone has full control which should include JayLi.

See if you can open MP3Genres.txt (image 4 of 5 in #145)