msavyy.cmd -

[longbeachlouise]

Okay, I am going to do that. Just I am posting a screen shot of the StartUp folder. It includes, IR. Is that the infra red mouse and keyboard control? Will I be able to put that back?

[AdvancedSetup]

No you just want to remove the one named:  ERUNT AutoBackup leave the others alone.

[longbeachlouise]

Okay, I deleted the ERUNT AutoBackup from the Start/StartUp folder, and there is no Windows Block message, like before.

 

Something else got solved: Since we downloaded and ran scanners, 75% of my harddrive was used and only 25% was free; whereas before it was less than half was used, and more than half free. Defraggler now shows it back to less than half - view attached.

 

Before I download Security Essentials, would you help me delete and uninstall the items OTCleanIt didn't get? Such as JRT (7Z Setup SFX), AwdCleaner, Security Check, ERUNT, INTREGOPT (part of ERUNT), and any programs you think I don't need from the Uninstall panel?

 

Please don't be alarmed.

 

After I deleted ERUNT Autobackup, before I rebooted I emptied the Report Queue in the WER folder, which slows my computer down, then emptied the recylce bin and ran CCleaner, then ran TFC, which effected a reboot to finish emptying. On reboot, there was DOS text on the screen which read:

 

Checking File System C:

This type of file system is NTFS.

 

One of your disks need to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue.

Windows will now check the disk.

 

CHKDSK is verifying the files (stage 1 of 3) . . .

Deleting corrupt attributes record (160,$130)

 

*********************Then the screen scrolled and I read more text**************************

 

Recovering orphaned file 00010027.dir (1822.35) into directory file 1157.

.

*********************There were several lines like this**************************

 

33 unindexed files processed.

Recovering orphaned file CAD001.002 (199264) into directory file 1157.

 

CHKDSK is verifying correction in file system.

 

****************************End*********************************************************

 

The DOS messages disappeared and it finished starting up okay.

[AdvancedSetup]

As long as there are no other signs of an infection we can remove everything.  As for the Disk Check that could potentially be a sign of your hard drive dying.  Might want to see if you have a built-in routine to scan the hard drive for problems.  I would also make sure you have a backup of your data just in case the drive is dying.

 

Let me know if everything seems okay now and I'll help you to remove the files and stuff.

 

Thanks

[longbeachlouise]

Hi, Booted up okay with no check disk to hold up the process. Good idea to save data! But, I think I deleted the ERUNT data which was stuff saved in the registry, and deleted the crash reports, so that might have generated confusion or a conflict to the hard drive.

 

This had to be, because my harddrive was 30% cleaner, according to Defraggler, when I checked, after deleting ERUNT autoBackup, after rebooting. Maybe ERUNT works with the WER folder.

 

When I first ran the DDS, the report said my drive had 13% defragmentation, so I checked it on Defraggler, and noticed that the pie chart for the hard drive was 3/4 full! This was after the ERUNT scan which created a backup of the registry. Everything I do on this laptop takes twice the space, and twice as long, because of the WER crash reports, which keep a record of everything. But I like it. I like Vista. Because I can be filling out a form online, and if the battery dies and the laptop shuts down, it will reboot EXACTLY where I was on the online form, with fields filled out. Plus, I am still logged in the same on each website . . .

 

That's why I want to delete things before I run a Security Essentials, because mine will take twice as long. Then, I will be without the computer. A defrag takes 7 hours.

 

Also, I have ComboFix.exe in one of my folders in the documents folder. Should I just delete?

[AdvancedSetup]

Please do the following. Start an Admin Command prompt and then type the following line by line pressing the Enter key after each line.

Click on Vista Start button.

Locate the Command Prompt menu item (buried deep inside Accessories under All Programs or appear on program access history).

Right click on Command Prompt.

On the pop-up right click context menu, select “Run as Administrator”.

 

DIR C: /A >%USERPROFILE%\Desktop\Cleanup.txtDIR %USERPROFILE%\Desktop >>%USERPROFILE%\Desktop\Cleanup.txtNOTEPAD.EXE %USERPROFILE%\Desktop\Cleanup.txt

Then post back the results

[longbeachlouise]

Hi, Here are the results, attached. There was an error, when I tried to post the results within the comment.

 

Here is just the directory of the Desktop:

 

Directory of C:\Users\Carol\Desktop

07/04/2013  05:08 PM    <DIR>          .
07/04/2013  05:08 PM    <DIR>          ..
10/22/2012  12:32 PM       134,429,488 306.97-desktop-win8-win7-winvista-32bit-english-whql.exe
06/20/2013  10:37 PM                 0 AdobeWeb.log
06/22/2013  12:18 PM           648,201 AdwCleaner.exe
07/03/2013  04:47 AM             8,809 Attach.txt
11/01/2011  03:28 PM             1,614 Calculator.lnk
09/07/2012  11:05 PM            43,826 chkdsk.txt
07/04/2013  05:08 PM           137,847 Cleanup.txt
09/14/2011  04:11 PM               206 CNN.url
07/03/2013  04:42 AM           688,992 dds.scr
07/03/2013  04:47 AM             9,705 dds.txt
08/07/2008  11:06 AM             1,674 dfrgui.lnk
06/22/2013  11:02 AM               674 ERUNT.lnk
08/08/2008  11:39 AM            70,613 Gmail.mht
03/06/2013  06:27 AM           173,132 GodaddyWhosIsGraphSearch03062013.htm
05/24/2009  04:22 PM            55,328 Jetnet.mht
06/22/2013  12:04 PM           545,954 JRT.exe
06/22/2013  12:10 PM             1,427 JRT.txt
06/01/2008  09:19 PM           219,472 Merriam-Webster Dictionary & Thesarus.mht
10/18/2011  07:04 AM               134 Network and Sharing Center - Shortcut.lnk
06/22/2013  11:02 AM               693 NTREGOPT.lnk
01/09/2013  11:59 AM    <DIR>          Old Firefox Data
12/16/2011  08:19 PM               169 Program Guide.url
05/03/2009  08:32 PM               172 Router Login.url
05/20/2010  07:44 PM             5,868 Router_Setup.html
06/28/2013  04:03 AM           890,988 SecurityCheck.exe
09/15/2011  08:43 AM           392,980 Speakeasy - Speed Test.mht
07/30/2012  03:12 AM           448,512 TFC.exe
03/30/2013  08:55 PM           384,096 ThinkBigGetPaidSuggestion03302013.htm
09/06/2009  10:46 PM               172 Weather.url
03/11/2012  04:47 PM            86,226 Win7upgrade report 1.0.mht
              29 File(s)    139,246,972 bytes
               3 Dir(s)  28,915,965,952 bytes free

Cleanup07042013.txt

[AdvancedSetup]

First please enable your computer to show File Extensions.

How to Hide or Show Known File Type Extensions

Then go to where you have Combofix saved and rename it to UNINSTALL.EXE and double-click it to run it. That will remove Combofix from your system properly.

Next, You can delete all these files from your desktop. If needed go back and once again set your File extensions to be shown.

AdobeWeb.log

AdwCleaner.exe

Attach.txt

chkdsk.txt

Cleanup.txt

dds.scr

dds.txt

ERUNT.lnk

JRT.exe

JRT.txt

NTREGOPT.lnk

SecurityCheck.exe

TFC.exe

Other than this then, is there anything else malware related I can assist you with?

[longbeachlouise]

Hi, This is going to take time - please leave my ticket open. I have not yet downloaded and installed Microsoft Security Essentials. I wanted to delete things before I run that.

 

I'll flag your email if I post a question before then, so you do not have to keep checking back!

[AdvancedSetup]

Its should actually be pretty easy but okay.

[longbeachlouise]

Hi, Thanx - I deleted those. There somehow was an ERUNT and ESET left when I opened the programs in the control panel, so I uninstalled those.

 

Then I cleaned the crash reports and rebooted.

 

Now, I tried to install Microsoft Security Essentials, but it finished, a message appeared that said there was already an installation taking place. Should I reboot and try again?

[AdvancedSetup]

It is probably still broken.  That requires a bit of work on some computers to fix.  We'll see if we can fix it.
 
First off start with this program.  Then when it's done post back the log and we'll run a fix on what it finds.
Then we'll use another tool to help fix up permissions issues that the infection has done to thwart MSE from running.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[longbeachlouise]

Hi, I did as you said, and am doing as you said to run the scan and attach the files.

 

First, by showing the desktop, I found the glitch that might have hung up the Security Essentials download: yesterday, I clicked on Microsoft Word icon in the system tray, but I didn't want it, but Word was trying to load in the background. Word takes forever to load, and it wants a key to load onto this laptop. Word asks for the key each time. There was a little popup asking me to install the Microsoft CD, because it didn't recognize word when I saw the desktop this morning - view attached. So, I canceled it out. The hang up might be solved, now. Still,

 

Here is the contents of the FRST***********************************************************************

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013
Ran by Carol (administrator) on 09-07-2013 07:49:06
Running from C:\Users\Carol\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Nalpeiron Ltd.) C:\Windows\system32\astsrv.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Keynote Systems, inc.) C:\Program Files\Keynote Systems\MITE 3\MITEC.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8497696 2007-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-08] (NVIDIA Corporation)
HKLM\...\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-12-06] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE"&"prod=90"&"ver=2012.0.1831"&"mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91 [x]
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [x]
HKCU\...\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-08] (Dale Nurden)
HKCU\...\Run: [Google Update] "C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-09] (Google Inc.)
HKCU\...\Runonce: [shockwave Updater] "C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe9.0 [x]
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM - {49691058-B72F-448B-BE1B-A245BBF26BDB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {49691058-B72F-448B-BE1B-A245BBF26BDB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU -No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\6j2g9fmw.default
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Carol\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

========================== Services (Whitelisted) =================

S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [562176 2011-04-15] (Hauppauge Computer Works)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-03] (Avanquest Software)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
S3 MxL111SF_AVS_USB; C:\Windows\System32\DRIVERS\hcwC6bda.sys [85248 2011-02-15] (Hauppauge Computer Works, Inc.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
S3 cpuz134; \??\C:\Users\Carol\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-09 07:47 - 2013-07-09 07:47 - 01216596 ____A (Farbar) C:\Users\Carol\Desktop\FRST.exe
2013-07-09 07:47 - 2013-07-09 07:47 - 00000000 ____D C:\FRST
2013-07-08 10:40 - 2013-07-08 10:51 - 00000000 ____D C:\234e92475f812bcbe62977e2
2013-07-08 10:16 - 2013-07-08 10:28 - 00000000 ____D C:\1a098c1885e2dadcd1f4cc
2013-07-08 09:55 - 2013-07-08 09:55 - 11091432 ____A (Microsoft Corporation) C:\Users\Carol\Downloads\mseinstall.exe
2013-07-03 04:48 - 2013-07-03 04:48 - 00009705 ____A C:\Users\Carol\Documents\DDS.txt
2013-07-03 04:48 - 2013-07-03 04:48 - 00008809 ____A C:\Users\Carol\Documents\Attach.txt
2013-06-30 22:31 - 2013-06-30 22:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-22 12:50 - 2013-06-22 12:50 - 00000000 ____D C:\Program Files\ESET
2013-06-22 12:23 - 2013-06-22 12:24 - 00001311 ____A C:\AdwCleaner[s1].txt
2013-06-22 12:22 - 2013-06-22 12:23 - 00001241 ____A C:\AdwCleaner[R1].txt
2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\Windows\ERUNT
2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\JRT
2013-06-22 11:07 - 2013-06-22 11:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-22 11:07 - 2013-06-22 11:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-11 21:31 - 2013-06-11 21:31 - 00000000 ____D C:\Users\Carol\AppData\Local\Citrix

==================== One Month Modified Files and Folders =======

2013-07-09 07:47 - 2013-07-09 07:47 - 01216596 ____A (Farbar) C:\Users\Carol\Desktop\FRST.exe
2013-07-09 07:47 - 2013-07-09 07:47 - 00000000 ____D C:\FRST
2013-07-09 07:14 - 2013-02-09 19:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job
2013-07-09 02:13 - 2006-11-02 05:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 02:13 - 2006-11-02 05:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 21:07 - 2012-07-31 14:15 - 01386529 ____A C:\Windows\WindowsUpdate.log
2013-07-08 14:35 - 2006-11-02 03:33 - 00799906 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 13:38 - 2012-05-03 19:42 - 00000000 ____D C:\Users\Carol\Documents\Louise
2013-07-08 10:51 - 2013-07-08 10:40 - 00000000 ____D C:\234e92475f812bcbe62977e2
2013-07-08 10:51 - 2011-10-16 09:06 - 00002153 ____A C:\Windows\epplauncher.mif
2013-07-08 10:29 - 2008-02-22 08:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-08 10:28 - 2013-07-08 10:16 - 00000000 ____D C:\1a098c1885e2dadcd1f4cc
2013-07-08 09:55 - 2013-07-08 09:55 - 11091432 ____A (Microsoft Corporation) C:\Users\Carol\Downloads\mseinstall.exe
2013-07-08 08:55 - 2013-02-09 19:57 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job
2013-07-08 08:45 - 2008-05-29 16:02 - 00027335 ____A C:\Users\Carol\AppData\Roaming\nvModes.001
2013-07-08 08:45 - 2008-05-04 13:25 - 00000258 ____A C:\Users\Public\Documents\hpqp.ini
2013-07-08 08:43 - 2006-11-02 05:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 22:55 - 2006-11-02 05:58 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 04:48 - 2013-07-03 04:48 - 00009705 ____A C:\Users\Carol\Documents\DDS.txt
2013-07-03 04:48 - 2013-07-03 04:48 - 00008809 ____A C:\Users\Carol\Documents\Attach.txt
2013-07-02 00:10 - 2008-05-26 12:22 - 00087456 ____A C:\Users\Carol\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 00:05 - 2006-11-02 05:44 - 00352776 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-30 22:34 - 2013-06-30 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-29 22:36 - 2012-08-29 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-27 14:30 - 2012-06-07 12:40 - 00000000 ____D C:\Users\Carol\AppData\Roaming\Mozilla
2013-06-22 12:50 - 2013-06-22 12:50 - 00000000 ____D C:\Program Files\ESET
2013-06-22 12:24 - 2013-06-22 12:23 - 00001311 ____A C:\AdwCleaner[s1].txt
2013-06-22 12:23 - 2013-06-22 12:22 - 00001241 ____A C:\AdwCleaner[R1].txt
2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\Windows\ERUNT
2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\JRT
2013-06-22 11:49 - 2013-06-22 11:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-22 11:49 - 2013-06-22 11:07 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-22 11:02 - 2012-07-19 23:07 - 00000000 ____D C:\Windows\erdnt
2013-06-21 21:39 - 2006-11-02 03:23 - 00000215 ____A C:\Windows\system.ini
2013-06-21 20:17 - 2008-02-22 09:41 - 00000000 ____D C:\Program Files\Java
2013-06-20 22:30 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Registration
2013-06-11 21:31 - 2013-06-11 21:31 - 00000000 ____D C:\Users\Carol\AppData\Local\Citrix

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-08 23:27

==================== End Of Log ============================

 

***************************************************End of FRST************************************************************************

 

Here is the contents of Addition********************************************************************************************************

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2013
Ran by Carol at 2013-07-09 07:50:42
Running from C:\Users\Carol\Desktop
Boot Mode: Normal
==========================================================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player (Version: 10.2.0.023)
AIM 6
Atheros Driver Installation Program (Version: 7.1)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
CCleaner (Version: 3.12)
Cisco WebEx Meetings
Citrix Online Launcher (Version: 1.0.109)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.36.7.60)
Defraggler (Version: 2.10)
DVD Suite (Version: 5.5.0928)
EPSON Scan
EPSON Stylus NX400 Series Printer Uninstall
Google Talk Plugin (Version: 4.1.3.13728)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
Hauppauge WinTV 7 (Version: v7.0.29124 (CD 2.3f))
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
HP Active Support Library (Version: 2.3.0.2)
HP Doc Viewer (Version: 1.02.0001)
HP DVD Play 3.6
HP Easy Setup - Frontend (Version: 5.4.0.2430)
HP Help and Support (Version: 1.5.1)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Quick Launch Buttons 6.40 B2 (Version: 6.40 B2)
HP Smart Web Printing (Version: 111.0.19071)
HP Total Care Advisor (Version: 1.4.19.2433)
HP User Guides 0091 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 H2)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)
hpphotosmartdisclabelplugin (Version: 2.02.0000)
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
Icon Restore 1.0
JetMP3 (Version: 1.0618.1244)
Keynote Mobile Internet Testing Environment 3 (Version: 3.0.9.17)
LabelPrint (Version: 2.20.2128)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.46)
NVIDIA Drivers
Power2Go (Version: 5.6.3327)
PowerDirector (Version: 6.5.2129)
PSSWCORE (Version: 2.02.0000)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TClockEx
TeamViewer 7 (Version: 7.0.12142)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC Runtimes MSI (Version: 9.0.21022)
VideoToolkit01 (Version: 100.0.128.000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Watchtower Library 2001 - English Edition
WeatherBug Gadget (Version: 1.0.0.6)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
 

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 03:23 - 2013-06-21 18:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1B98F068-2A01-452D-8958-C00C31DBF424} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {1BCF4F69-28C3-41F6-BC89-DD281B3F26DC} - System32\Tasks\Microsoft\Windows\RestartManager\{DB73A8C6-C5CE-4788-82A5-83B6424E2B44} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3389C687-D42C-4B00-BD3A-B5FCBA7562C7} - System32\Tasks\User_Feed_Synchronization-{9E06FBA6-5435-4F6C-ADE5-BE2D3BE2EA8F} => C:\Windows\system32\msfeedssync.exe [2011-05-19] (Microsoft Corporation)
Task: {430BE4F0-1BE3-4040-88E9-1020DE2473D7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {49721CAD-0649-49AF-B7C5-2BFAB6FB2B35} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {86EDA900-42E1-41C2-86D2-699697BAB55C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {9FA1D586-7634-415C-AF4A-F5045AB1D236} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {A122570B-64C1-459E-BEF4-B91504733252} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {B461AA38-8FC0-45F1-8C6F-D9224BB2B1A0} - System32\Tasks\Microsoft\Windows\RestartManager\{307ADEEE-38A6-468f-AC24-1C5FF4BFFA59} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D339AEA7-CE0C-414B-9D9E-BA5EF5446981} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2013 02:16:48 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ShellvRTF.dll, version 1.1.0.8, time stamp 0x46d83e7c, exception code 0xc0000005, fault offset 0x000057ab,
process id 0xb18, application start time 0xExplorer.EXE0.

Error: (07/08/2013 10:26:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c2fcd83-e8ab-451d-af4f-7a21e3bb697e}

Error: (07/08/2013 08:44:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 07:15:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.   (0x80070490)

Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 0x%08x (0xc0041800 - The content index cannot be read.  )

Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index metadata cannot be read.   (0xc0041801)

System errors:
=============
Error: (07/09/2013 07:44:37 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (07/08/2013 04:21:02 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/08/2013 01:36:23 PM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (07/08/2013 01:36:23 PM) (Source: DCOM) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/08/2013 08:44:06 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Error: (07/08/2013 08:44:06 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/07/2013 10:54:37 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/07/2013 10:53:52 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/07/2013 10:53:04 PM) (Source: Service Control Manager) (User: )
Description: Adobe Acrobat Update Service1

Error: (07/07/2013 07:15:10 AM) (Source: Service Control Manager) (User: )
Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-21 02:47:23.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:23.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:22.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:22.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:21.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:21.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:20.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:20.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:19.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-21 02:47:19.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 3261.99 MB
Available physical RAM: 1253.54 MB
Total Pagefile: 6771.88 MB
Available Pagefile: 4423.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.63 GB) (Free:24.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:11.15 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 89488948)
Partition 1: (Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

[longbeachlouise]

Now, after canceling the Word alert, I was able to install Security Essentials, and I am running it.

 

Edited to Attach the Result of the Automatic Quick Scan. The Quick Scan took over an hour - maybe an hour and a half.

 

Now, I am performing the full scan, re your directive, above.

[AdvancedSetup]

Wow - it really should not take that long.  Based on the slowness you've continued to express I'd have to think that the hard drive is probably at fault here but aside from replacing it probably not too much you can do about it.
 
Please see the following links to check for a possible fix for  your MS Office error.
 
When you try to start a Microsoft Office 2003 program for the first time, you receive the "Installation Error: File not Found" error message

What to try when Office update can't find SKU111.CAB
 
 
Please download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

fixlist.txt

[longbeachlouise]

Right now, I am running Microsoft Security Essentials full scan. After 8 1/2 hours, it doesn't appear 1/10th done, but maybe it will speed up later . . .

 

Did you see anything from the Farbar Recovery Scan Tool reports? Would you teach me how to delete it?

 

Thanx!

[AdvancedSetup]

I would go ahead and cancel the scan.   Then run the fixlist I provided in the other report.

For now let's not worry so much about deleting reports as they are not causing any harm by being there but the fix provided will actually remove some of them for you.

 

I am concerned that it takes that long to run things which as I said could be sign that your hard drive is failing.  You should make sure that you have good back ups of all your data to an external hard drive in case this drive does die.   You may want to consider purchasing a new drive and reinstalling Windows and then restore your data back.

[longbeachlouise]

Okay, I canceled the scan. After 11 hours, it was still only about 10-15% finished. See screenshot, attached, before I canceled it.

 

I have a theory. Will you bear with me? The Fabar Recovery Scan Tool backed up the whole registry, which data was duplicated in entirty in the WER reports.

 

This is why Vista never caught on. The constant backups gum up the scans and make the laptop run slow.

 

But I delete the WER reports regularly, and my computer is usable.

[AdvancedSetup]

Well it's up to you and I suppose your tolerance of the computer but a Quick Scan from MSE normally runs in well under 10 minutes on almost all computers. On some it can run in under 5 minutes. A typical FULL scan certainly is no more than a couple of hours for most modern computers.

At this time I believe we have removed the infections and the computer should no longer be experiencing any malware related issues.

I don't know your budget or your computer skill set and only speaking for myself if possible I'd look into buying an OEM Windows 7 DVD and possibly an SSD drive for the laptop and installing Windows 7 from scratch and then restore my data back. You would be amazed I'm sure at how much faster everything runs and is so much smoother than on Vista. But if you don't have the budget I can understand that too.

So at this point is there anything else I can assist you with or are there still any specific malware related issues with the computer still?

[longbeachlouise]

So at this point is there anything else I can assist you with or are there still any specific malware related issues with the computer still?

 

Hi, How does one uninstall the Farbar Recovery Scan Tool? Should I rename it uninstall, then uninstall it?

 

Stand by. I want to uninstall it, delete the crash reports, then reboot, then run the full scan overnight.

 

Edited to say: Oh, you said run fixlist. I'll download and run it.

[longbeachlouise]

I would go ahead and cancel the scan.   Then run the fixlist I provided in the other report.

For now let's not worry so much about deleting reports as they are not causing any harm by being there but the fix provided will actually remove some of them for you.

 

Hi, Okay, I ran the FRST the way you said. First, I downloaded the Fixlog.txt file and placed it in the desktop where FRST is. Then I ran FRST, but it wanted to update. So, I updated it and saved it over the first one. Then I clicked, "Fix." Here is the report, which opened at the end:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-07-2013 01

Ran by Carol at 2013-07-09 23:25:21 Run:1

Running from C:\Users\Carol\Desktop

Boot Mode: Normal

==============================================

C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable) => Moved successfully.

"C:\ProgramData\Malwarebytes' Anti-Malware (portable)" => File/Directory not found.

C:\JRT => Moved successfully.

C:\AdwCleaner[R1].txt => Moved successfully.

"C:\AdwCleaner[R1].txt" => File/Directory not found.

C:\AdwCleaner[s1].txt => Moved successfully.

"C:\AdwCleaner[s1].txt" => File/Directory not found.

C:\Users\Carol\Documents\Attach.txt => Moved successfully.

C:\Users\Carol\Documents\DDS.txt => Moved successfully.

C:\1a098c1885e2dadcd1f4cc => Moved successfully.

"C:\1a098c1885e2dadcd1f4cc" => File/Directory not found.

C:\234e92475f812bcbe62977e2 => Moved successfully.

"C:\234e92475f812bcbe62977e2" => File/Directory not found.

Could not move "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" => Scheduled to move on reboot.

Could not move "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" => Scheduled to move on reboot.

cpuz134 => Service deleted successfully.

=========== Result of Scheduled Files to move ===========

"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" => File could not move.

"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" => File could not move.

==== End of Fixlog ====

[longbeachlouise]

Would you tell me how to uninstall the FRST.exe program on the desktop?

[AdvancedSetup]

Just delete it, it's not installed like a normal program.

 

Okay that should have remove much of the files we've been using already.

 

Any other programs of files can also be deleted from your desktop.

[longbeachlouise]

HI Ron Lewis, This is how it is. I deleted the FRST, then deleted the crash files, 2 archived, and the rest current. Then I emptied the recycle bin, and ran CCleaner, view attached. Then I ran TFCCleaner, which still managed to delete 44 MB. So, you see, when I run CCleaner after deleting things and emptying the recylce bin, the monolithic records of my activities on the laptop amount to the tens of thousands of MG, not just 50MB, or 100MB, or 200MB. And, it's usually at least 50,000 MB, or 60, or even up to 70,000 MB that I clean out.

 

That is how I learned to use Vista for Home on the HP Compaq laptop, and it works for me! That's why I got this laptop as a hand-me-down, becuase it was slow and gummed up for the previous user. Someone here at Malwarebytes helped me troubleshoot it, until we discovered where the huge amount of files was stored.

 

So, now I will delete and empty the recylce bin and run the cleaners once again, and reboot.

 

Then I will run the Microsoft Security Essentials full scan, re your original directive. If it comes out clean, I am uninstalling Security Essentials, and install Malwarebytes, except if you think I should have both installed . . .  I have to disable one or the other to run one or the other?

[AdvancedSetup]

No, you need to have an antivirus.  Malwarebytes is not an antivirus.  We help an antivirus.