longbeachlouise Posted July 4, 2013 Author ID:698581 Share Posted July 4, 2013 Okay, I am going to do that. Just I am posting a screen shot of the StartUp folder. It includes, IR. Is that the infra red mouse and keyboard control? Will I be able to put that back? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 4, 2013 Root Admin ID:698610 Share Posted July 4, 2013 No you just want to remove the one named: ERUNT AutoBackup leave the others alone. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 4, 2013 Author ID:698623 Share Posted July 4, 2013 Okay, I deleted the ERUNT AutoBackup from the Start/StartUp folder, and there is no Windows Block message, like before. Something else got solved: Since we downloaded and ran scanners, 75% of my harddrive was used and only 25% was free; whereas before it was less than half was used, and more than half free. Defraggler now shows it back to less than half - view attached. Before I download Security Essentials, would you help me delete and uninstall the items OTCleanIt didn't get? Such as JRT (7Z Setup SFX), AwdCleaner, Security Check, ERUNT, INTREGOPT (part of ERUNT), and any programs you think I don't need from the Uninstall panel? Please don't be alarmed. After I deleted ERUNT Autobackup, before I rebooted I emptied the Report Queue in the WER folder, which slows my computer down, then emptied the recylce bin and ran CCleaner, then ran TFC, which effected a reboot to finish emptying. On reboot, there was DOS text on the screen which read: Checking File System C:This type of file system is NTFS. One of your disks need to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue.Windows will now check the disk. CHKDSK is verifying the files (stage 1 of 3) . . .Deleting corrupt attributes record (160,$130) *********************Then the screen scrolled and I read more text************************** Recovering orphaned file 00010027.dir (1822.35) into directory file 1157..*********************There were several lines like this************************** 33 unindexed files processed.Recovering orphaned file CAD001.002 (199264) into directory file 1157. CHKDSK is verifying correction in file system. ****************************End********************************************************* The DOS messages disappeared and it finished starting up okay. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 4, 2013 Root Admin ID:698657 Share Posted July 4, 2013 As long as there are no other signs of an infection we can remove everything. As for the Disk Check that could potentially be a sign of your hard drive dying. Might want to see if you have a built-in routine to scan the hard drive for problems. I would also make sure you have a backup of your data just in case the drive is dying. Let me know if everything seems okay now and I'll help you to remove the files and stuff. Thanks Link to post Share on other sites More sharing options...
longbeachlouise Posted July 4, 2013 Author ID:698797 Share Posted July 4, 2013 Hi, Booted up okay with no check disk to hold up the process. Good idea to save data! But, I think I deleted the ERUNT data which was stuff saved in the registry, and deleted the crash reports, so that might have generated confusion or a conflict to the hard drive. This had to be, because my harddrive was 30% cleaner, according to Defraggler, when I checked, after deleting ERUNT autoBackup, after rebooting. Maybe ERUNT works with the WER folder. When I first ran the DDS, the report said my drive had 13% defragmentation, so I checked it on Defraggler, and noticed that the pie chart for the hard drive was 3/4 full! This was after the ERUNT scan which created a backup of the registry. Everything I do on this laptop takes twice the space, and twice as long, because of the WER crash reports, which keep a record of everything. But I like it. I like Vista. Because I can be filling out a form online, and if the battery dies and the laptop shuts down, it will reboot EXACTLY where I was on the online form, with fields filled out. Plus, I am still logged in the same on each website . . . That's why I want to delete things before I run a Security Essentials, because mine will take twice as long. Then, I will be without the computer. A defrag takes 7 hours. Also, I have ComboFix.exe in one of my folders in the documents folder. Should I just delete? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 4, 2013 Root Admin ID:698898 Share Posted July 4, 2013 Please do the following. Start an Admin Command prompt and then type the following line by line pressing the Enter key after each line.Click on Vista Start button.Locate the Command Prompt menu item (buried deep inside Accessories under All Programs or appear on program access history).Right click on Command Prompt.On the pop-up right click context menu, select “Run as Administrator”. DIR C: /A >%USERPROFILE%\Desktop\Cleanup.txtDIR %USERPROFILE%\Desktop >>%USERPROFILE%\Desktop\Cleanup.txtNOTEPAD.EXE %USERPROFILE%\Desktop\Cleanup.txtThen post back the results Link to post Share on other sites More sharing options...
longbeachlouise Posted July 5, 2013 Author ID:698931 Share Posted July 5, 2013 Hi, Here are the results, attached. There was an error, when I tried to post the results within the comment. Here is just the directory of the Desktop: Directory of C:\Users\Carol\Desktop07/04/2013 05:08 PM <DIR> .07/04/2013 05:08 PM <DIR> ..10/22/2012 12:32 PM 134,429,488 306.97-desktop-win8-win7-winvista-32bit-english-whql.exe06/20/2013 10:37 PM 0 AdobeWeb.log06/22/2013 12:18 PM 648,201 AdwCleaner.exe07/03/2013 04:47 AM 8,809 Attach.txt11/01/2011 03:28 PM 1,614 Calculator.lnk09/07/2012 11:05 PM 43,826 chkdsk.txt07/04/2013 05:08 PM 137,847 Cleanup.txt09/14/2011 04:11 PM 206 CNN.url07/03/2013 04:42 AM 688,992 dds.scr07/03/2013 04:47 AM 9,705 dds.txt08/07/2008 11:06 AM 1,674 dfrgui.lnk06/22/2013 11:02 AM 674 ERUNT.lnk08/08/2008 11:39 AM 70,613 Gmail.mht03/06/2013 06:27 AM 173,132 GodaddyWhosIsGraphSearch03062013.htm05/24/2009 04:22 PM 55,328 Jetnet.mht06/22/2013 12:04 PM 545,954 JRT.exe06/22/2013 12:10 PM 1,427 JRT.txt06/01/2008 09:19 PM 219,472 Merriam-Webster Dictionary & Thesarus.mht10/18/2011 07:04 AM 134 Network and Sharing Center - Shortcut.lnk06/22/2013 11:02 AM 693 NTREGOPT.lnk01/09/2013 11:59 AM <DIR> Old Firefox Data12/16/2011 08:19 PM 169 Program Guide.url05/03/2009 08:32 PM 172 Router Login.url05/20/2010 07:44 PM 5,868 Router_Setup.html06/28/2013 04:03 AM 890,988 SecurityCheck.exe09/15/2011 08:43 AM 392,980 Speakeasy - Speed Test.mht07/30/2012 03:12 AM 448,512 TFC.exe03/30/2013 08:55 PM 384,096 ThinkBigGetPaidSuggestion03302013.htm09/06/2009 10:46 PM 172 Weather.url03/11/2012 04:47 PM 86,226 Win7upgrade report 1.0.mht 29 File(s) 139,246,972 bytes 3 Dir(s) 28,915,965,952 bytes freeCleanup07042013.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 5, 2013 Root Admin ID:698966 Share Posted July 5, 2013 First please enable your computer to show File Extensions. How to Hide or Show Known File Type Extensions Then go to where you have Combofix saved and rename it to UNINSTALL.EXE and double-click it to run it. That will remove Combofix from your system properly. Next, You can delete all these files from your desktop. If needed go back and once again set your File extensions to be shown. AdobeWeb.log AdwCleaner.exe Attach.txt chkdsk.txt Cleanup.txt dds.scr dds.txt ERUNT.lnk JRT.exe JRT.txt NTREGOPT.lnk SecurityCheck.exe TFC.exe Other than this then, is there anything else malware related I can assist you with? Link to post Share on other sites More sharing options...
longbeachlouise Posted July 6, 2013 Author ID:699313 Share Posted July 6, 2013 Hi, This is going to take time - please leave my ticket open. I have not yet downloaded and installed Microsoft Security Essentials. I wanted to delete things before I run that. I'll flag your email if I post a question before then, so you do not have to keep checking back! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 6, 2013 Root Admin ID:699325 Share Posted July 6, 2013 Its should actually be pretty easy but okay. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 8, 2013 Author ID:700273 Share Posted July 8, 2013 Hi, Thanx - I deleted those. There somehow was an ERUNT and ESET left when I opened the programs in the control panel, so I uninstalled those. Then I cleaned the crash reports and rebooted. Now, I tried to install Microsoft Security Essentials, but it finished, a message appeared that said there was already an installation taking place. Should I reboot and try again? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 9, 2013 Root Admin ID:700549 Share Posted July 9, 2013 It is probably still broken. That requires a bit of work on some computers to fix. We'll see if we can fix it. First off start with this program. Then when it's done post back the log and we'll run a fix on what it finds.Then we'll use another tool to help fix up permissions issues that the infection has done to thwart MSE from running. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 9, 2013 Author ID:700694 Share Posted July 9, 2013 Hi, I did as you said, and am doing as you said to run the scan and attach the files. First, by showing the desktop, I found the glitch that might have hung up the Security Essentials download: yesterday, I clicked on Microsoft Word icon in the system tray, but I didn't want it, but Word was trying to load in the background. Word takes forever to load, and it wants a key to load onto this laptop. Word asks for the key each time. There was a little popup asking me to install the Microsoft CD, because it didn't recognize word when I saw the desktop this morning - view attached. So, I canceled it out. The hang up might be solved, now. Still, Here is the contents of the FRST*********************************************************************** Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013Ran by Carol (administrator) on 09-07-2013 07:49:06Running from C:\Users\Carol\DesktopMicrosoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) ===================(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(Nalpeiron Ltd.) C:\Windows\system32\astsrv.exe(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe() C:\Program Files\CyberLink\Shared Files\RichVideo.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\system32\msiexec.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Keynote Systems, inc.) C:\Program Files\Keynote Systems\MITE 3\MITEC.exe(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\system32\wermgr.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-08] (NVIDIA Corporation)HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8497696 2007-10-08] (NVIDIA Corporation)HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-08] (NVIDIA Corporation)HKLM\...\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-12-06] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE"&"prod=90"&"ver=2012.0.1831"&"mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91 [x]HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [x]HKCU\...\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE [89088 2000-03-08] (Dale Nurden)HKCU\...\Run: [Google Update] "C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-09] (Google Inc.)HKCU\...\Runonce: [shockwave Updater] "C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe9.0 [x]HKCU\...\Policies\system: [DisableRegistryTools] 0HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)Startup: C:\ProgramData\Start Menu\Programs\Startup\AutoStart IR.lnkShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)Startup: C:\ProgramData\Start Menu\Programs\Startup\WinTV Recording Status..lnkShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comSearchScopes: HKLM - {49691058-B72F-448B-BE1B-A245BBF26BDB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {49691058-B72F-448B-BE1B-A245BBF26BDB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtBHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU -No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msdaipp - No CLSID Value -Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\6j2g9fmw.defaultFF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Carol\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Carol\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2========================== Services (Whitelisted) =================S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [562176 2011-04-15] (Hauppauge Computer Works)R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()==================== Drivers (Whitelisted) ====================S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-03] (Avanquest Software)S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)S3 MxL111SF_AVS_USB; C:\Windows\System32\DRIVERS\hcwC6bda.sys [85248 2011-02-15] (Hauppauge Computer Works, Inc.)R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)S3 cpuz134; \??\C:\Users\Carol\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]U1 eabfiltr;S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 SymIM; system32\DRIVERS\SymIM.sys [x]S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-07-09 07:47 - 2013-07-09 07:47 - 01216596 ____A (Farbar) C:\Users\Carol\Desktop\FRST.exe2013-07-09 07:47 - 2013-07-09 07:47 - 00000000 ____D C:\FRST2013-07-08 10:40 - 2013-07-08 10:51 - 00000000 ____D C:\234e92475f812bcbe62977e22013-07-08 10:16 - 2013-07-08 10:28 - 00000000 ____D C:\1a098c1885e2dadcd1f4cc2013-07-08 09:55 - 2013-07-08 09:55 - 11091432 ____A (Microsoft Corporation) C:\Users\Carol\Downloads\mseinstall.exe2013-07-03 04:48 - 2013-07-03 04:48 - 00009705 ____A C:\Users\Carol\Documents\DDS.txt2013-07-03 04:48 - 2013-07-03 04:48 - 00008809 ____A C:\Users\Carol\Documents\Attach.txt2013-06-30 22:31 - 2013-06-30 22:34 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-06-22 12:50 - 2013-06-22 12:50 - 00000000 ____D C:\Program Files\ESET2013-06-22 12:23 - 2013-06-22 12:24 - 00001311 ____A C:\AdwCleaner[s1].txt2013-06-22 12:22 - 2013-06-22 12:23 - 00001241 ____A C:\AdwCleaner[R1].txt2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\Windows\ERUNT2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\JRT2013-06-22 11:07 - 2013-06-22 11:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-06-22 11:07 - 2013-06-22 11:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)2013-06-11 21:31 - 2013-06-11 21:31 - 00000000 ____D C:\Users\Carol\AppData\Local\Citrix==================== One Month Modified Files and Folders =======2013-07-09 07:47 - 2013-07-09 07:47 - 01216596 ____A (Farbar) C:\Users\Carol\Desktop\FRST.exe2013-07-09 07:47 - 2013-07-09 07:47 - 00000000 ____D C:\FRST2013-07-09 07:14 - 2013-02-09 19:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job2013-07-09 02:13 - 2006-11-02 05:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-07-09 02:13 - 2006-11-02 05:45 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-07-08 21:07 - 2012-07-31 14:15 - 01386529 ____A C:\Windows\WindowsUpdate.log2013-07-08 14:35 - 2006-11-02 03:33 - 00799906 ____A C:\Windows\System32\PerfStringBackup.INI2013-07-08 13:38 - 2012-05-03 19:42 - 00000000 ____D C:\Users\Carol\Documents\Louise2013-07-08 10:51 - 2013-07-08 10:40 - 00000000 ____D C:\234e92475f812bcbe62977e22013-07-08 10:51 - 2011-10-16 09:06 - 00002153 ____A C:\Windows\epplauncher.mif2013-07-08 10:29 - 2008-02-22 08:19 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-07-08 10:28 - 2013-07-08 10:16 - 00000000 ____D C:\1a098c1885e2dadcd1f4cc2013-07-08 09:55 - 2013-07-08 09:55 - 11091432 ____A (Microsoft Corporation) C:\Users\Carol\Downloads\mseinstall.exe2013-07-08 08:55 - 2013-02-09 19:57 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job2013-07-08 08:45 - 2008-05-29 16:02 - 00027335 ____A C:\Users\Carol\AppData\Roaming\nvModes.0012013-07-08 08:45 - 2008-05-04 13:25 - 00000258 ____A C:\Users\Public\Documents\hpqp.ini2013-07-08 08:43 - 2006-11-02 05:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-07-07 22:55 - 2006-11-02 05:58 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-07-03 04:48 - 2013-07-03 04:48 - 00009705 ____A C:\Users\Carol\Documents\DDS.txt2013-07-03 04:48 - 2013-07-03 04:48 - 00008809 ____A C:\Users\Carol\Documents\Attach.txt2013-07-02 00:10 - 2008-05-26 12:22 - 00087456 ____A C:\Users\Carol\AppData\Local\GDIPFONTCACHEV1.DAT2013-07-02 00:05 - 2006-11-02 05:44 - 00352776 ____A C:\Windows\System32\FNTCACHE.DAT2013-06-30 22:34 - 2013-06-30 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-06-29 22:36 - 2012-08-29 13:16 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-06-27 14:30 - 2012-06-07 12:40 - 00000000 ____D C:\Users\Carol\AppData\Roaming\Mozilla2013-06-22 12:50 - 2013-06-22 12:50 - 00000000 ____D C:\Program Files\ESET2013-06-22 12:24 - 2013-06-22 12:23 - 00001311 ____A C:\AdwCleaner[s1].txt2013-06-22 12:23 - 2013-06-22 12:22 - 00001241 ____A C:\AdwCleaner[R1].txt2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\Windows\ERUNT2013-06-22 12:04 - 2013-06-22 12:04 - 00000000 ____D C:\JRT2013-06-22 11:49 - 2013-06-22 11:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-06-22 11:49 - 2013-06-22 11:07 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)2013-06-22 11:02 - 2012-07-19 23:07 - 00000000 ____D C:\Windows\erdnt2013-06-21 21:39 - 2006-11-02 03:23 - 00000215 ____A C:\Windows\system.ini2013-06-21 20:17 - 2008-02-22 09:41 - 00000000 ____D C:\Program Files\Java2013-06-20 22:30 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Registration2013-06-11 21:31 - 2013-06-11 21:31 - 00000000 ____D C:\Users\Carol\AppData\Local\Citrix==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-07-08 23:27==================== End Of Log ============================ ***************************************************End of FRST************************************************************************ Here is the contents of Addition******************************************************************************************************** Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2013Ran by Carol at 2013-07-09 07:50:42Running from C:\Users\Carol\DesktopBoot Mode: Normal========================================================== Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20Activation Assistant for the 2007 Microsoft Office suitesActivation Assistant for the 2007 Microsoft Office suites (Version: 1.0)Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)Adobe Photoshop 6.0 (Version: 6.0)Adobe Reader X (10.1.7) (Version: 10.1.7)Adobe Shockwave Player (Version: 10.2.0.023)AIM 6Atheros Driver Installation Program (Version: 7.1)Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)CCleaner (Version: 3.12)Cisco WebEx MeetingsCitrix Online Launcher (Version: 1.0.109)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)Conexant HD Audio (Version: 4.36.7.60)Defraggler (Version: 2.10)DVD Suite (Version: 5.5.0928)EPSON ScanEPSON Stylus NX400 Series Printer UninstallGoogle Talk Plugin (Version: 4.1.3.13728)GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)Hauppauge WinTV 7 (Version: v7.0.29124 (CD 2.3f))HDAUDIO Soft Data Fax Modem with SmartCPHewlett-Packard Active Check (Version: 1.1.11.0)Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)HP Active Support Library (Version: 2.3.0.2)HP Doc Viewer (Version: 1.02.0001)HP DVD Play 3.6HP Easy Setup - Frontend (Version: 5.4.0.2430)HP Help and Support (Version: 1.5.1)HP Photosmart Essential 2.5 (Version: 1.02.0000)HP Photosmart Essential 2.5 (Version: 2.5)HP Quick Launch Buttons 6.40 B2 (Version: 6.40 B2)HP Smart Web Printing (Version: 111.0.19071)HP Total Care Advisor (Version: 1.4.19.2433)HP User Guides 0091 (Version: 1.00.0000)HP Wireless Assistant (Version: 3.00 H2)HPNetworkAssistant (Version: 1.1.70)HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000)HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000)HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000)HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000)hpphotosmartdisclabelplugin (Version: 2.02.0000)HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000)HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000)HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000)HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000)HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)Icon Restore 1.0JetMP3 (Version: 1.0618.1244)Keynote Mobile Internet Testing Environment 3 (Version: 3.0.9.17)LabelPrint (Version: 2.20.2128)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Silverlight (Version: 4.1.10111.0)Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)Microsoft SQL Server Native Client (Version: 9.00.5000.00)Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)Microsoft Visual Basic 2008 Express Edition - ENUMicrosoft Visual Basic 2008 Express Edition - ENU (Version: 9.0.21022)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)Microsoft Works (Version: 9.7.0621)Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)MSDN Library for Microsoft Visual Studio 2008 Express EditionsMSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022)MSVCRT Redists (Version: 1.0)MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)NetWaiting (Version: 2.5.46)NVIDIA DriversPower2Go (Version: 5.6.3327)PowerDirector (Version: 6.5.2129)PSSWCORE (Version: 2.02.0000)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)Synaptics Pointing Device Driver (Version: 11.0.7.0)TClockExTeamViewer 7 (Version: 7.0.12142)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789) 32-Bit EditionUpdate for Microsoft Office Excel 2007 (KB2596596) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VC Runtimes MSI (Version: 9.0.21022)VideoToolkit01 (Version: 100.0.128.000)Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)Watchtower Library 2001 - English EditionWeatherBug Gadget (Version: 1.0.0.6)Windows 7 Upgrade Advisor (Version: 2.0.5000.0)Windows Movie Maker 2.6 (Version: 2.6.4037.0) ==================== Restore Points ============================================= Hosts content: ==========================2006-11-02 03:23 - 2013-06-21 18:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1B98F068-2A01-452D-8958-C00C31DBF424} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)Task: {1BCF4F69-28C3-41F6-BC89-DD281B3F26DC} - System32\Tasks\Microsoft\Windows\RestartManager\{DB73A8C6-C5CE-4788-82A5-83B6424E2B44} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)Task: {3389C687-D42C-4B00-BD3A-B5FCBA7562C7} - System32\Tasks\User_Feed_Synchronization-{9E06FBA6-5435-4F6C-ADE5-BE2D3BE2EA8F} => C:\Windows\system32\msfeedssync.exe [2011-05-19] (Microsoft Corporation)Task: {430BE4F0-1BE3-4040-88E9-1020DE2473D7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)Task: {49721CAD-0649-49AF-B7C5-2BFAB6FB2B35} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {86EDA900-42E1-41C2-86D2-699697BAB55C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {9FA1D586-7634-415C-AF4A-F5045AB1D236} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)Task: {A122570B-64C1-459E-BEF4-B91504733252} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)Task: {B461AA38-8FC0-45F1-8C6F-D9224BB2B1A0} - System32\Tasks\Microsoft\Windows\RestartManager\{307ADEEE-38A6-468f-AC24-1C5FF4BFFA59} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)Task: {D339AEA7-CE0C-414B-9D9E-BA5EF5446981} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No FileTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job => C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/08/2013 02:16:48 PM) (Source: Application Error) (User: )Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ShellvRTF.dll, version 1.1.0.8, time stamp 0x46d83e7c, exception code 0xc0000005, fault offset 0x000057ab,process id 0xb18, application start time 0xExplorer.EXE0.Error: (07/08/2013 10:26:46 AM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.This is often caused by incorrect security settings in either the writer or requestor process.Operation: Gathering Writer DataContext: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3c2fcd83-e8ab-451d-af4f-7a21e3bb697e}Error: (07/08/2013 08:44:06 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/07/2013 07:15:10 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized.Context: Windows ApplicationDetails: The content index metadata cannot be read. (0xc0041801)Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index metadata cannot be read. (0xc0041801)Error: (07/06/2013 10:18:02 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: Element not found. (0x80070490)Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.JetPropStore> cannot be initialized.Context: Windows Application, SystemIndex CatalogDetails: The content index metadata cannot be read. (0xc0041801)Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )Description: The Windows Search Service cannot load the property store information.Context: Windows Application, SystemIndex CatalogDetails: 0x%08x (0xc0041800 - The content index cannot be read. )Error: (07/06/2013 10:18:00 PM) (Source: Windows Search Service) (User: )Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.Details: The content index metadata cannot be read. (0xc0041801)System errors:=============Error: (07/09/2013 07:44:37 AM) (Source: Service Control Manager) (User: )Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058Error: (07/08/2013 04:21:02 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (07/08/2013 01:36:23 PM) (Source: Service Control Manager) (User: )Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058Error: (07/08/2013 01:36:23 PM) (Source: DCOM) (User: )Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}Error: (07/08/2013 08:44:06 AM) (Source: Service Control Manager) (User: )Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058Error: (07/08/2013 08:44:06 AM) (Source: Service Control Manager) (User: )Description: Parallel port driver%%1058Error: (07/07/2013 10:54:37 PM) (Source: Service Control Manager) (User: )Description: Windows UpdateError: (07/07/2013 10:53:52 PM) (Source: DCOM) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (07/07/2013 10:53:04 PM) (Source: Service Control Manager) (User: )Description: Adobe Acrobat Update Service1Error: (07/07/2013 07:15:10 AM) (Source: Service Control Manager) (User: )Description: Windows Image Acquisition (WIA)Shell Hardware Detection%%1058Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2013-06-21 02:47:23.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:23.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:22.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:22.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:21.837 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:21.353 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:20.714 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:20.090 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:19.590 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-21 02:47:19.091 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 61%Total physical RAM: 3261.99 MBAvailable physical RAM: 1253.54 MBTotal Pagefile: 6771.88 MBAvailable Pagefile: 4423.11 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1911.01 MB==================== Drives ================================Drive c: () (Fixed) (Total:100.63 GB) (Free:24.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (PRESARIO_RP) (Fixed) (Total:11.15 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 112 GB) (Disk ID: 89488948)Partition 1: (Active) - (Size=101 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
longbeachlouise Posted July 9, 2013 Author ID:700709 Share Posted July 9, 2013 Now, after canceling the Word alert, I was able to install Security Essentials, and I am running it. Edited to Attach the Result of the Automatic Quick Scan. The Quick Scan took over an hour - maybe an hour and a half. Now, I am performing the full scan, re your directive, above. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700867 Share Posted July 10, 2013 Wow - it really should not take that long. Based on the slowness you've continued to express I'd have to think that the hard drive is probably at fault here but aside from replacing it probably not too much you can do about it. Please see the following links to check for a possible fix for your MS Office error. When you try to start a Microsoft Office 2003 program for the first time, you receive the "Installation Error: File not Found" error messageWhat to try when Office update can't find SKU111.CAB Please download attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemRun FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool completes its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.Note: If the tool warned you about the outdated version please download and run the updated version.fixlist.txt Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:700903 Share Posted July 10, 2013 Right now, I am running Microsoft Security Essentials full scan. After 8 1/2 hours, it doesn't appear 1/10th done, but maybe it will speed up later . . . Did you see anything from the Farbar Recovery Scan Tool reports? Would you teach me how to delete it? Thanx! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700907 Share Posted July 10, 2013 I would go ahead and cancel the scan. Then run the fixlist I provided in the other report.For now let's not worry so much about deleting reports as they are not causing any harm by being there but the fix provided will actually remove some of them for you. I am concerned that it takes that long to run things which as I said could be sign that your hard drive is failing. You should make sure that you have good back ups of all your data to an external hard drive in case this drive does die. You may want to consider purchasing a new drive and reinstalling Windows and then restore your data back. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:700964 Share Posted July 10, 2013 Okay, I canceled the scan. After 11 hours, it was still only about 10-15% finished. See screenshot, attached, before I canceled it. I have a theory. Will you bear with me? The Fabar Recovery Scan Tool backed up the whole registry, which data was duplicated in entirty in the WER reports. This is why Vista never caught on. The constant backups gum up the scans and make the laptop run slow. But I delete the WER reports regularly, and my computer is usable. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700974 Share Posted July 10, 2013 Well it's up to you and I suppose your tolerance of the computer but a Quick Scan from MSE normally runs in well under 10 minutes on almost all computers. On some it can run in under 5 minutes. A typical FULL scan certainly is no more than a couple of hours for most modern computers. At this time I believe we have removed the infections and the computer should no longer be experiencing any malware related issues. I don't know your budget or your computer skill set and only speaking for myself if possible I'd look into buying an OEM Windows 7 DVD and possibly an SSD drive for the laptop and installing Windows 7 from scratch and then restore my data back. You would be amazed I'm sure at how much faster everything runs and is so much smoother than on Vista. But if you don't have the budget I can understand that too. So at this point is there anything else I can assist you with or are there still any specific malware related issues with the computer still? Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:700980 Share Posted July 10, 2013 So at this point is there anything else I can assist you with or are there still any specific malware related issues with the computer still? Hi, How does one uninstall the Farbar Recovery Scan Tool? Should I rename it uninstall, then uninstall it? Stand by. I want to uninstall it, delete the crash reports, then reboot, then run the full scan overnight. Edited to say: Oh, you said run fixlist. I'll download and run it. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:700986 Share Posted July 10, 2013 I would go ahead and cancel the scan. Then run the fixlist I provided in the other report.For now let's not worry so much about deleting reports as they are not causing any harm by being there but the fix provided will actually remove some of them for you. Hi, Okay, I ran the FRST the way you said. First, I downloaded the Fixlog.txt file and placed it in the desktop where FRST is. Then I ran FRST, but it wanted to update. So, I updated it and saved it over the first one. Then I clicked, "Fix." Here is the report, which opened at the end: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-07-2013 01Ran by Carol at 2013-07-09 23:25:21 Run:1Running from C:\Users\Carol\DesktopBoot Mode: Normal==============================================C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable) => Moved successfully."C:\ProgramData\Malwarebytes' Anti-Malware (portable)" => File/Directory not found.C:\JRT => Moved successfully.C:\AdwCleaner[R1].txt => Moved successfully."C:\AdwCleaner[R1].txt" => File/Directory not found.C:\AdwCleaner[s1].txt => Moved successfully."C:\AdwCleaner[s1].txt" => File/Directory not found.C:\Users\Carol\Documents\Attach.txt => Moved successfully.C:\Users\Carol\Documents\DDS.txt => Moved successfully.C:\1a098c1885e2dadcd1f4cc => Moved successfully."C:\1a098c1885e2dadcd1f4cc" => File/Directory not found.C:\234e92475f812bcbe62977e2 => Moved successfully."C:\234e92475f812bcbe62977e2" => File/Directory not found.Could not move "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" => Scheduled to move on reboot.Could not move "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" => Scheduled to move on reboot.cpuz134 => Service deleted successfully.=========== Result of Scheduled Files to move ==========="C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0" => File could not move."C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0" => File could not move.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:700987 Share Posted July 10, 2013 Would you tell me how to uninstall the FRST.exe program on the desktop? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700988 Share Posted July 10, 2013 Just delete it, it's not installed like a normal program. Okay that should have remove much of the files we've been using already. Any other programs of files can also be deleted from your desktop. Link to post Share on other sites More sharing options...
longbeachlouise Posted July 10, 2013 Author ID:701019 Share Posted July 10, 2013 HI Ron Lewis, This is how it is. I deleted the FRST, then deleted the crash files, 2 archived, and the rest current. Then I emptied the recycle bin, and ran CCleaner, view attached. Then I ran TFCCleaner, which still managed to delete 44 MB. So, you see, when I run CCleaner after deleting things and emptying the recylce bin, the monolithic records of my activities on the laptop amount to the tens of thousands of MG, not just 50MB, or 100MB, or 200MB. And, it's usually at least 50,000 MB, or 60, or even up to 70,000 MB that I clean out. That is how I learned to use Vista for Home on the HP Compaq laptop, and it works for me! That's why I got this laptop as a hand-me-down, becuase it was slow and gummed up for the previous user. Someone here at Malwarebytes helped me troubleshoot it, until we discovered where the huge amount of files was stored. So, now I will delete and empty the recylce bin and run the cleaners once again, and reboot. Then I will run the Microsoft Security Essentials full scan, re your original directive. If it comes out clean, I am uninstalling Security Essentials, and install Malwarebytes, except if you think I should have both installed . . . I have to disable one or the other to run one or the other? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:701021 Share Posted July 10, 2013 No, you need to have an antivirus. Malwarebytes is not an antivirus. We help an antivirus. Link to post Share on other sites More sharing options...
Recommended Posts