Posts by gerbil

Sometimes things in the registry just get broken, Anne, and there is no option but to fix them. Glad it worked for you. Cheers.

Anne, this should do the trick. I have included some links as a way of acknowledging the author of the fix.
Home - http://www.dougknox.com/
Links - http://www.dougknox.com/xp/xp_fixes.html
The link - http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.lnk]
@="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

[HKEY_CLASSES_ROOT\lnkfile]
@="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}]
@="Shortcut"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID]
@="lnkfile"

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex]

[HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu]

Er, no, I cannot.. that command does it for me. Have you checked Group Policy settings?

.. see this bit: "not resetting system file - C:\windows"... it wants you to remove the system attribute first [or as well...], so..

attrib -s -h C:\Windows /s /d

...which is just a slightly more targetted command than that of Vikas - his would show you files which, normally, you just don't want accidental access to.

Firstly, George, remove one [your choice] of those resident AV services... one is alll you should be running cos of conflicts.
Next, go Start, Run, type cmd, and OK it, paste this into the window at the prompt, and press Enter:

attrib -h C:\Windows /s /d

-and close the window.
By the way, it is another personal choice, but to see hidden files etc you must make the selection in Tools > Folder Options > View tab.

Rarely for us mortals. Very likely the replacing file was written into the location of the original [simply expressed...]. But you can try. Get REST2514 ... dl it onto a floppy or thumb, and run it from that. Your file if it appears at all will have a dummy name.

Yeah.. it's all relative to the security you desire. RAID1 is just great, lessn someone nicks the whole box, or lightning stikes [it does]. External USB drive, plugged in just for backups, otherwise kept in a fireproof, concrete lined, dropsafe under the office floor.
Sure.

You most likely selected Default Settings when you exited BIOS. They are not necessarily the best settings, or even not exactly what you want... but if you are satisfied with them just go into BIOS Setup, and exit, but Saving the settings.
Job done. It just wants you to confirm that you like the defaults... which are really just a bunch of low-level, suit just about anything settings for when you are desperate.

ComboFix does operations that are in general terms similar to other anti-malware tools. Briefly, I would not dream of attempting to emulate it manually. Check its bat file for some of its operations.
I see the point of your infection - a USB device.

==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera. Repeat in other User profiles.
Close ATF.
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Please ATTACH to your post the log it produces.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Woliver, ...damn... but I was expecting failure on this one. I think you are going to have to go back to my earlier post and clean the drive of whatever malware was interfering with the Repair. It would possibly do the same thing to a fresh installation. On that point, if you had room enough on the drive to create another partition by shifting a partition boundary then you could try a fresh installation into that. But as I pointed out earlier, it is the job of a decent worm or virus to infect, even across partition boundaries. But if you wish to try it, and I would if it was my machine, GParted 3.7.7 or Parted-Magic-3.0 would be the tools of choice. For me. You make a live cd by burning the iso of choice, and it is bootable. And simple as. Help or guides are on the net.

Doing that is messy.... it involves the partitioning pgm moving a lot of files from the beginning of the F: partition to 10GB further back.
That happens slowly. And seems to be a bit error prone. Another way is to shrink F:, make a third partition and copy all F: contents into it. Then you can easily, and more safely, move the boundary between C: and F:.
Then copy back to F: the files you want in there. That procedure will be more difficult if you have applications in F:, but still possible - you would have to rebuild the original F: directory structure.
Well, that is the way I would do it, if free space in F: permitted that. Even borrow a hdd as a temp F: file store...
Software to use is the GParted 3.7.7 Live CD, or Parted-Magic 3.
There is a catch.. Windows knows where it lives, there is a reg key devoted to that, and I have forgotten which one it is... [find it and delete its value, so XP will be forced to create a new value when it is started after the move]. But I have done what you are attempting with no problems [did it as I describe above, with GParted] and because I did not change the drive letters Windows did not complain.
I'm too lazy to check, but I seem to remember the key contains info about drive size and the surrounding drive letters.

Orright. I've switched my focus after a break just sos I pick up on other stuff. Hope the grub stomping is still going well.

Heya, crunchie... :)

Ripper! Glad it worked for you...
Cheers.

Yep, I follow you. And did it stop again with the rundll32 msg as before or just freeze at 34 mins?
During Setup you can press Shift+F10 to enter the cmd mode once the progress has reached a certain stage... Installing Devices. Check in C:\Windows\setupapi.log for any logged problem... it will appear at the very bottom of the file. At the cmd prompt just type ...
C:\Windows\setupapi.log ..the log will open in notepad. If that does work then you can also get into My Computer by going File > Open... in that notepad. If the notepad will not open then simply list the file in the cmd window -enter...
type C:\Windows\setupapi.log |more
Say what you find....

At the stage you are in, Setup is checking your hardware, copying in and installing related drivers. I don't know if it is actually registering them at this point. But if you pull the pin I am fairly certain XP will not start, rather it will try to re-enter Setup again, and ask if you wish to boot from the cd. No other option, I am afraid, as far as I can see. [If you don't press a key to boot from the cd it will try to boot from your hdd... okay, see if it can.... and we'll both learn something!]

This one, again: "Start hijackthis, open the Misc Tools section, choose the Open ADS Spy button, then uncheck Quick Scan box, and finally press Scan."

Mmm... I just glanced at your earlier post... and I am not the person you wish to hear from.
But the keys you want are :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
or HKEY_CURRENT_USER...
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
-these are the common autorun keys that are used to load and start files at the various stages of the loading of Windows.
But I have not come across your particular malware; well, you do not specify it.

May also appear because you once used "load default settings" in BIOS. If you otherwise like the way BIOS is operating just go in to BIOS Setup, select Save and Exit.

I've never done this stuff, but what you would need to scan your sys is a bootable USB [thumb] drive, and a suitable AV to run from the command line. Or a liveCD AV.
Avira has some goodies... http://www.free-av.com/en/download/index.html
Their LINUX-based Rescue System which burns a bootable CD for you, would allow you to copy out files to CD etc...
NTFSforDOS loaded on a thumdrive probably would do the same thing, but would also allow you to run a suitable DOS-based AV from the thumb drive.
And one of those scans would be.. well, you google for your choice of "free DOS command line AV scanner"
Or "free live CD AV scanner"
Something by Dr Web, maybe?
Good luck.. :)

What happens to your sys will depend upon exactly where you are stuck in the Repair job. Past the "copying Files" point and things will get interesting. I spose I should point out that repairs etc should only be done on a clean sys.... a virus or worm would have a ball with all those files coming in. Only some of them are protected. In those cheap movies I longed for someone to pull the plug on the deranged computer, but they never did. Pull it, and you may not have a working OS with which to run cleaning scans. Slave the drive in another puter and a half decent worm or virus would infect that one too. Heck, what are friends for, but to join with you against the odds...?
K, does ctrl-alt-del get you Task Manager?

Good work. Okay, navigate to this directory:
C:\DOCUMENTS & SETTINGS\Owner\LOCAL SETTINGS \Temp\_ISTMP1.DIR\
Delete these 3 files, and then the directory _ISTMP1.DIR :

_INS5576._MP
ZDataI51.dll
_WUTL951.DLL

Only if the files prove difficult to find or delete, use this Killbox deletion tool:
==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_INS5576._MP
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\ZDataI51.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_WUTL951.DLL
C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR

-in killbox, go File menu, choose Paste from clipboard.

Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" button.
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.

Good. Now run the ADS scan again and place checkmarks against these four for deletion:
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 05EE1EEF (498 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : DFC5A2B2 (98 bytes)

Repeat the ADS scan to see that they, or similarly named files, do not re-occur. And then please say how things are, now.

.

hello, anthony...
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Ah, that was a nice cleanup.
Navigate to and drag this file into an open notepad:
C:\WINDOWS\_delis32.ini
- attach that notepad to your next post.
Delete these files:

C:\aa0019f0269a2bb7fa4d45
C:\WINDOWS\system32\msexcr.ini
C:\WINDOWS\_delis32.ini

Start hijackthis, open the Misc Tools section, choose the Open ADS Spy button, then uncheck Quick Scan box, and finally press Scan.
Please save and post the log file.

**When this is done with, go to the Symantec site, find the tool suited to the removal of your version of their AV, dl and run it.

Yep, first thing is to check for bugs, as sittas pointed out. But your explorer shell is broken. Try this also...
To fix the explorer shell:
You could save this to your desktop. If it will not run by dclicking then run it from task manager by inputting its pathname. The entries should be valid... but it's too long for me to check them all. The way regsvr works is that if it does not recognise a name it just ignores it.
==Please copy the text in the box to a notepad and save as fixexplorer.bat, as type "all files", to your desktop; dclick it to run it.

regsvr32 acelpdec.ax /s
regsvr32 actxprxy.dll /s
regsvr32 asctrls.ocx /s
regsvr32 browseui.dll /i /s 
regsvr32 browseui.dll /s
regsvr32 browsewm.dll /s
regsvr32 cdfview.dll /s
regsvr32 comcat.dll /s
regsvr32 comctl32.dll /i /s
regsvr32 corpol.dll /s
regsvr32 crswpp.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 cryptext.dll /s
regsvr32 csseqchk.dll /s
regsvr32 danim.dll /s
regsvr32 datime.dll /s
regsvr32 daxctle.ocx /s
regsvr32 digest.dll /i /s
regsvr32 directdb.dll /s
regsvr32 dispex.dll /s
regsvr32 dssenh.dll /s 
regsvr32 dxmasf.dll /s
regsvr32 dxtmsft.dll /s
regsvr32 dxtrans.dll /s
regsvr32 fpwpp.dll /s
regsvr32 ftpwpp.dll /s
regsvr32 gpkcsp.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 hlink.dll /s
regsvr32 hmmapi.dll /s
regsvr32 icmfilter.dll /s
regsvr32 iedkcs32.dll /s
regsvr32 iepeers.dll /s
regsvr32 iesetup.dll /i /s
regsvr32 ils.dll /s
regsvr32 imgutil.dll /s
regsvr32 inetcfg.dll /s
regsvr32 inetcomm.dll /s
regsvr32 inetcpl.cpl /i /s
regsvr32 initpki.dll /s
regsvr32 inseng.dll /s
regsvr32 jscript.dll /s
regsvr32 l3codecx.ax /s
regsvr32 licdll.dll …

I'm guessing that you have some malware in your sys. Maybe you could give us a glimpse of some things...
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Orright!!
And you were going to finish it that Fri night ten days ago... :)

When you do a Windows Repair some of your registry is saved into Windows\repair directory. Now I do not know exactly which bits of registry are saved, but it will [should] not hurt for you to try this:
Go to Windows\repair, copy over to Windows\system32\config these files:
sam
security
software
system
default
ntuser.dat
And then restart.
You might consider saving the newer versions already in \config to a scratch pad file.
Say what happens. Worst case is another Repair job.
It all depends, I suppose, upon where the original fault occurred.
And once back on the road, get something like ERUNT... it gives you COMPLETE system backups, unlike the incomplete efforts of Windows Sys Restore.

A couple of points... did you get BIOS to see your IDE CD/DVD drive as IDE finally, and not SATA ?!! It showed up in My Computer with the disk in it recognised! Beats me....
The other point is... this is an upgrade Vista disk, so it will require an XP OS preinstalled on the hdd.
That error comes because your disk is formatted.. you cannot boot from it. So install XP and go from there.

Two ways... if you actually know the password just go into BIOS Setup, security section and cancel the pw, else...Power down your sys, right down, even unplug; open the case and remove the CMOS battery from the mb. Either wait about 10mins or switch the battery jumper to disharge position, just a sec or two... and BACK AGAIN, then reinsert the battery. Voila.. no password. No special settings left either, just defaults.

It is important to discriminate between Sun Java and MSJava, and Javascript, the last being a completely different animal. Most of what you found in that search is MSJava related, which is why it is still there [uninstalling SUN Java would not touch it].
Do not remove anything associated with Javascript or you may find accessing some webpages impossible....
Now I don't have MSJava installed on my machine, having SUN's version. . Having any Java version is a personal choice - it is generally utilised by web pages to present animations, some graphics, charts, tables.. whatever object the webpage wants to show you [ small pgms are downloaded by the page to deliver some image or...experience, and you require a Java to enable them to run].
Javascript in html documents [or webpages] is used/interpreted by the browser to control or build a varity of objects in that document, and sometimes that includes commands back to the website. Javascript can only exist inside an html doc because it is [only] the browser which executes it [have you noticed that all html docs always open inside your browser?]. Java is a stand-alone programming language which can be turned to just about anything. May I suggest you do a web search to learn what Java does for you?
Okay, you may delete..
Java C:\WINDOWS\Sun
java C:\Documents and Sett ings\Vee\Application Data\Sun
java. gif C: \Docurnents and Settlngs\Vee\Local Settlngs\Temporary Intern...
...not much to remove, is there? If …

...and if you rclick the Start button, > Start Menu tab, customize button, Advanced tab, scroll down and check that box... what happens?

Mmm.. don't delete those files. The correct way to manually update Java is to update first, then uninstall any old versions via CP > Add/Rmv Pgms.
Any chance you still have an old Java installation file on your sys? Because if not you will have to dl the whole installation again, and it is big. Updates are smaller files that self-install into the old framework.
You will have to visit the website...

Mmm... lessee, when you start it from cold you hear the hdd spin up... its drive light flash intermittently, but no visible sign of a POST process? Not the hdd then... could be your RAM though... do you have two RAM modules - try unplugging one/swapping. Do you have a separate video card installed, or are you plugging the monitor into the mb socket?

A real problem with the web is that much of the information posted upon it is not dated.. and not updated. That lil trick has not applied since the introduction of SP1.
Of course, on another tack, LINUX does not take the slightest notice of Windows passwords.

If your are like most folk you have not set an ADMINISTRATOR password [the default Administrator...]., so start in Safe Mode and use a blank as password, then reset your own.

Some things to do, in this order....
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF. Run it in all other profiles, except for that new one...don't think of touching that one!
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeusers/solutions/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Please ATTACH to your post the log it produces.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that …

It's a CRT display, Stephanie? The control circuit for the field coils around the back of the tube which "magnify" or broaden the electron beam is dying... it's not spreading the beam as it should. Time to get a new screen; generally they are not worth repairing.

Actual files should still be recoverable, unless overwritten. Did you try recovery software? Some will even restore the profile itself.... but for files you could try REST2514.exe. Dl it with another sys and run it from a floppy or thumbdrive, it does not install so no risk of overwriting there.
I do not know if it can recover email .dbx files such as for OE...

Nice job! If I may assume that the Vundofix log shows that it deleted ALL files that it found, including these?:
Vundofix log :
C:\Windows\system32\dKQWxyxx.ini
C:\Windows\system32\dKQWxyxx.ini2
C:\Windows\system32\xxyxWQKd.dll

If that is the case then use Hijackthis to fix these orphaned entries, and you should be clean to go.

O2 - BHO: (no name) - {97E86A6B-BB35-4E0D-99BC-E8253759E763} - C:\WINDOWS\system32\fccaAsRL.dll (file missing)
O2 - BHO: (no name) - {CA9536AD-C9E1-4829-B2DF-AE7D0593C468} - C:\WINDOWS\system32\xxyxWQKd.dll (file missing)
O20 - Winlogon Notify: fccaAsRL - fccaAsRL.dll (file missing)

Cool.

Well, no, you did not say that, not really. You said you cancelled all jobs. I assumed that you did that via the Printer software.

I see that SDFix detected no malware. Please run this scan to see what it turns up:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

It would be nice to see the Vundofix log... there is a malware startup entry in that HT log..
O2 - BHO: (no name) - {CA9536AD-C9E1-4829-B2DF-AE7D0593C468} - C:\WINDOWS\system32\xxyxWQKd.dll
I am keen to see what Vundofix made of it. And we can proceed from there, if needs be.

Ah. I had a glance at your screenshot... it is much more than Folder Options missing, it is an explorer shell problem. This may help [it will not do harm]:
You could save this to a floppy, or to your desktop. If it will not run by dclicking then run it from task manager by inputting its pathname. The entries should be valid... but it's too long for me to check them all. The way regsvr works is that if it does not recognise a name it just ignores it.
==Please copy the text in the box to a notepad and save as fixexplorer.bat, as type "all files", to your desktop; dclick it to run it.

regsvr32 acelpdec.ax /s
regsvr32 actxprxy.dll /s
regsvr32 asctrls.ocx /s
regsvr32 browseui.dll /i /s 
regsvr32 browseui.dll /s
regsvr32 browsewm.dll /s
regsvr32 cdfview.dll /s
regsvr32 comcat.dll /s
regsvr32 comctl32.dll /i /s
regsvr32 corpol.dll /s
regsvr32 crswpp.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 cryptdlg.dll /s
regsvr32 cryptext.dll /s
regsvr32 csseqchk.dll /s
regsvr32 danim.dll /s
regsvr32 datime.dll /s
regsvr32 daxctle.ocx /s
regsvr32 digest.dll /i /s
regsvr32 directdb.dll /s
regsvr32 dispex.dll /s
regsvr32 dssenh.dll /s 
regsvr32 dxmasf.dll /s
regsvr32 dxtmsft.dll /s
regsvr32 dxtrans.dll /s
regsvr32 fpwpp.dll /s
regsvr32 ftpwpp.dll /s
regsvr32 gpkcsp.dll /s
regsvr32 hhctrl.ocx /s
regsvr32 hlink.dll /s
regsvr32 hmmapi.dll /s
regsvr32 icmfilter.dll /s
regsvr32 iedkcs32.dll /s
regsvr32 iepeers.dll /s
regsvr32 iesetup.dll /i /s
regsvr32 ils.dll /s
regsvr32 imgutil.dll /s
regsvr32 inetcfg.dll /s
regsvr32 inetcomm.dll /s
regsvr32 inetcpl.cpl /i /s
regsvr32 initpki.dll /s
regsvr32 inseng.dll /s
regsvr32 …

Okay, now that you know your way around Services, go back in there and Stop the Print Spooler.
Navigate to C:/windows/system32/spool/printers and delete any documents listed there, and then back to Services and reset to Automatic.
Should do the job.

I have not used OPHCrack, sittas, cos I don't forget passwords but I know the pgm is based on rainbow tables, and you do it slowly with a small table and small RAM, or more quickly with a large table and large RAM. Now you can generate those tables... or dl them. I reckon that a 1/2GB dl is huge. A 1 1/2GB table is monstrous. But I don't dl movies, so...
Check out this site and play if interested. Sourceforge has a selection of rainbow tables also.
http://elliottback.com/wp/archives/2006/04/26/cracking-windows-passwords-with-ophcrack-and-rainbow-tables/

Go Start, Run, and enter ..
services.msc
Scroll down to Print Spooler and ensure that Startup Type is Automatic. If not, rclick Print Spooler, > Properties and select Automatic in the drop down menu.

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:0000000

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserOptions"=dword:00000000

..and that should restore the options. This is a generally used fix for a case with your sysmptoms.