Computer Playing Random Ads

[NewComerMan]

So , Since this morning my computer has been playing random ads from out of no where , i haven't downloaded anything lately so it can't be from anything off the web. I thought i could handle it but it's to annoying , Need a little help on getting rid of it am not a computer geek or anything so i wouldn't know what to do.

[kevinf80]

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

•   Please close all open programs and internet browsers.
  
•   Double click on Adwcleaner.exe to run the tool.
  
•   Click on Delete.
  
•   Confirm each time with OK.
  
•   Your computer will be rebooted automatically. A text file will open after the restart.
  
•   Please post the content of that logfile in your reply.
  
•   You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.
  

 

Next,

 

download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  
• If the tool does not run from any of the links provided, please let me know.
  

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Post the logs from the above scans in next reply,

 

Kevin...

[NewComerMan]

Thanks for the fast reply i will go try that now.

[NewComerMan]

# AdwCleaner v2.305 - Logfile created 07/13/2013 at 17:25:34

# Updated 11/07/2013 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : Family - SOPHIA

# Boot Mode : Normal

# Running from : C:\Users\Family\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : BasicScan Service

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files\BasicScan

File Deleted : C:\Users\Family\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\OApps

Folder Deleted : C:\ProgramData\BasicScan

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Family\AppData\Local\APN

Folder Deleted : C:\Users\Family\AppData\Roaming\OpenCandy

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\BasicScan

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16464

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[R1].txt - [10151 octets] - [13/07/2013 17:22:51]

AdwCleaner[R2].txt - [10212 octets] - [13/07/2013 17:25:17]

AdwCleaner[s1].txt - [10282 octets] - [13/07/2013 17:25:34]

 

########## EOF - C:\AdwCleaner[s1].txt - [10343 octets] ########## 

[kevinf80]

Okey dokey....

[kevinf80]

You got the other logs?

[NewComerMan]

rkill didn't work , & Farbar is scaning now

[NewComerMan]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013 01

Ran by Family (administrator) on 13-07-2013 18:15:22

Running from C:\Users\Family\Downloads

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(ooVoo LLC) C:\Program Files\oovoo\ooVoo.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(NVIDIA) C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(RockMelt Inc.) C:\Users\Family\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Microsoft Default Manager] - "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)

HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE -startup [337432 2013-01-27] (Power Software Ltd)

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKCU\...\Run: [ooVoo.exe] - C:\program files\oovoo\oovoo.exe /minimized [28467264 2013-02-03] (ooVoo LLC)

HKCU\...\Run: [RockMelt Update] - "C:\Users\Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c [136336 2013-02-28] (RockMelt Inc.)

MountPoints2: F - F:\Setup.exe

MountPoints2: G - G:\Setup.exe

MountPoints2: K - K:\Autorun.exe

MountPoints2: L - L:\Autorun.exe

MountPoints2: M - M:\Autorun.exe

MountPoints2: N - N:\Autorun.exe

MountPoints2: {cf3b2de4-5b53-11e1-8793-00188b6a711a} - F:\Autorun.exe

HKU\Default\...\Run: [ooVoo] - C\ooVoo.exe /minimized [x]

HKU\Default User\...\Run: [ooVoo] - C\ooVoo.exe /minimized [x]

BootExecute: autocheck autochk /p \??\C:autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -  No File

Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File

Toolbar: HKCU -No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 mswsock.dll File Not found ()

Winsock: Catalog9 02 mswsock.dll File Not found ()

Winsock: Catalog9 03 mswsock.dll File Not found ()

Winsock: Catalog9 04 mswsock.dll File Not found ()

Winsock: Catalog9 05 mswsock.dll File Not found ()

Winsock: Catalog9 06 mswsock.dll File Not found ()

Winsock: Catalog9 07 mswsock.dll File Not found ()

Winsock: Catalog9 08 mswsock.dll File Not found ()

Winsock: Catalog9 09 mswsock.dll File Not found ()

Winsock: Catalog9 10 mswsock.dll File Not found ()

Winsock: Catalog9 11 mswsock.dll File Not found ()

Winsock: Catalog9 12 mswsock.dll File Not found ()

Winsock: Catalog9 13 mswsock.dll File Not found ()

Winsock: Catalog9 14 mswsock.dll File Not found ()

Winsock: Catalog9 15 mswsock.dll File Not found ()

Winsock: Catalog9 16 mswsock.dll File Not found ()

Winsock: Catalog9 17 mswsock.dll File Not found ()

Winsock: Catalog9 18 mswsock.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

========================== Services (Whitelisted) =================

 

R2 UpdateCenterService; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [121376 2009-01-07] (NVIDIA)

S2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll" /prefetch:1 [x]

 

==================== Drivers (Whitelisted) ====================

 

R2 NVR0FLASHDev; C:\Windows\nvflash.sys [36896 2009-01-07] (NVIDIA Corp.)

R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S3 SNP2STD; system32\DRIVERS\snp2sxp.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-13 17:25 - 2013-07-13 17:25 - 00010413 _____ C:\AdwCleaner[s1].txt

2013-07-13 17:25 - 2013-07-13 17:25 - 00010212 _____ C:\AdwCleaner[R2].txt

2013-07-13 17:22 - 2013-07-13 17:23 - 00010151 _____ C:\AdwCleaner[R1].txt

2013-07-13 17:17 - 2013-07-13 17:17 - 01218190 _____ (Farbar) C:\Users\Family\Downloads\FRST.exe

2013-07-13 17:17 - 2013-07-13 17:17 - 00000000 ____D C:\FRST

2013-07-13 17:15 - 2013-07-13 17:15 - 00000000 ____D C:\Users\Family\Desktop\rkill

2013-07-13 17:14 - 2013-07-13 18:10 - 00001434 _____ C:\Users\Family\Desktop\Rkill.txt

2013-07-13 17:14 - 2013-07-13 17:14 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Family\Downloads\rkill.exe

2013-07-13 17:09 - 2013-07-13 17:10 - 00662345 _____ C:\Users\Family\Downloads\AdwCleaner.exe

2013-07-13 02:27 - 2013-07-13 02:27 - 00000000 _____ C:\Windows\setuperr.log

2013-07-13 02:27 - 2013-07-13 02:27 - 00000000 _____ C:\Windows\setupact.log

2013-07-13 02:14 - 2013-07-13 03:05 - 00002928 _____ C:\Windows\WindowsUpdate.log

2013-07-10 15:51 - 2013-07-10 15:51 - 00000578 _____ C:\Windows\PFRO.log

2013-07-05 07:07 - 2013-07-05 07:07 - 00000000 ____D C:\Users\Family\AppData\Roaming\Mozilla

2013-07-04 13:16 - 2013-07-04 13:16 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2013-07-04 13:16 - 2012-05-06 12:46 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia

2013-07-04 13:16 - 2006-11-02 06:23 - 00000000 ___RD C:\Users\UpdatusUser\Desktop

2013-07-04 13:15 - 2012-05-15 05:28 - 00062272 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2013-07-04 13:14 - 2012-05-15 05:28 - 03931456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2013-07-04 13:14 - 2012-05-15 05:28 - 00645440 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2013-07-04 13:14 - 2012-05-15 05:28 - 00108352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2013-07-04 13:14 - 2012-05-15 05:27 - 02759488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll

2013-07-04 13:11 - 2013-07-04 13:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-07-03 16:36 - 2013-07-03 16:45 - 00000000 ____D C:\Users\Family\Downloads\Trainz Simulator 2010 Engineers Edition [PCDVD] [www.PorTorrent.com]

 

==================== One Month Modified Files and Folders =======

 

2013-07-13 18:16 - 2012-02-04 22:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-13 18:15 - 2012-04-07 02:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-13 18:10 - 2013-07-13 17:14 - 00001434 _____ C:\Users\Family\Desktop\Rkill.txt

2013-07-13 18:03 - 2012-02-04 18:57 - 00000000 ___RD C:\Users\Family\Desktop

2013-07-13 17:49 - 2013-02-28 13:44 - 00000932 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000UA.job

2013-07-13 17:29 - 2006-11-02 08:45 - 00003648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-13 17:29 - 2006-11-02 08:45 - 00003648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-13 17:28 - 2012-02-04 22:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-13 17:28 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-13 17:27 - 2006-11-02 08:58 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-13 17:25 - 2013-07-13 17:25 - 00010413 _____ C:\AdwCleaner[s1].txt

2013-07-13 17:25 - 2013-07-13 17:25 - 00010212 _____ C:\AdwCleaner[R2].txt

2013-07-13 17:23 - 2013-07-13 17:22 - 00010151 _____ C:\AdwCleaner[R1].txt

2013-07-13 17:17 - 2013-07-13 17:17 - 01218190 _____ (Farbar) C:\Users\Family\Downloads\FRST.exe

2013-07-13 17:17 - 2013-07-13 17:17 - 00000000 ____D C:\FRST

2013-07-13 17:15 - 2013-07-13 17:15 - 00000000 ____D C:\Users\Family\Desktop\rkill

2013-07-13 17:14 - 2013-07-13 17:14 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Family\Downloads\rkill.exe

2013-07-13 17:10 - 2013-07-13 17:09 - 00662345 _____ C:\Users\Family\Downloads\AdwCleaner.exe

2013-07-13 03:05 - 2013-07-13 02:14 - 00002928 _____ C:\Windows\WindowsUpdate.log

2013-07-13 02:50 - 2012-04-08 23:15 - 00000000 ____D C:\Program Files\Auran

2013-07-13 02:48 - 2012-08-30 06:56 - 00000000 ____D C:\Program Files\oovoo

2013-07-13 02:45 - 2006-11-02 07:18 - 00000000 __RHD C:\Users\Public\Desktop

2013-07-13 02:27 - 2013-07-13 02:27 - 00000000 _____ C:\Windows\setuperr.log

2013-07-13 02:27 - 2013-07-13 02:27 - 00000000 _____ C:\Windows\setupact.log

2013-07-13 00:42 - 2012-04-07 02:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-07-13 00:42 - 2012-02-04 22:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-07-13 00:41 - 2012-05-06 12:44 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe

2013-07-12 12:49 - 2013-02-28 13:44 - 00000880 _____ C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000Core.job

2013-07-10 15:51 - 2013-07-10 15:51 - 00000578 _____ C:\Windows\PFRO.log

2013-07-10 00:26 - 2012-02-04 22:25 - 00000000 ____D C:\Program Files\Google

2013-07-09 23:53 - 2012-02-05 05:02 - 00000000 ____D C:\ProgramData\Yahoo!

2013-07-09 23:53 - 2012-02-05 04:15 - 00000000 ____D C:\Program Files\Yahoo!

2013-07-05 07:07 - 2013-07-05 07:07 - 00000000 ____D C:\Users\Family\AppData\Roaming\Mozilla

2013-07-04 13:32 - 2012-07-16 21:00 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-04 13:16 - 2013-07-04 13:16 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2013-07-04 13:16 - 2012-07-16 20:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-07-04 13:13 - 2012-03-02 12:22 - 00001356 _____ C:\Users\Family\AppData\Local\d3d9caps.dat

2013-07-04 13:11 - 2013-07-04 13:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-07-04 13:07 - 2012-02-18 23:13 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-07-04 13:05 - 2013-01-19 15:51 - 00000000 ____D C:\Users\Family\AppData\Roaming\uTorrent

2013-07-04 13:01 - 2006-11-02 06:23 - 00000461 _____ C:\Windows\win.ini

2013-07-04 13:00 - 2006-11-02 08:35 - 00000000 ____D C:\Windows\twain_32

2013-07-04 03:19 - 2012-07-14 20:51 - 00000000 ____D C:\Fraps

2013-07-04 00:52 - 2012-02-04 22:25 - 00000000 ____D C:\Users\Family\AppData\Local\Google

2013-07-03 16:45 - 2013-07-03 16:36 - 00000000 ____D C:\Users\Family\Downloads\Trainz Simulator 2010 Engineers Edition [PCDVD] [www.PorTorrent.com]

 

Files to move or delete:

====================

C:\ProgramData\ntuser.dat

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-07-13 18:04

 

==================== End Of Log ============================

[NewComerMan]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2013 01

Ran by Family at 2013-07-13 18:16:34

Running from C:\Users\Family\Downloads

Boot Mode: Normal

==========================================================

 

Adobe AIR (Version: 3.5.0.600)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

Adobe Shockwave Player 11.6 (Version: 11.6.4.634)

Bing Bar Platform (Version: 5.0.1449.0)

CCleaner (Version: 4.00)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

Google Update Helper (Version: 1.3.21.153)

Java 7 Update 17 (Version: 7.0.170)

Java Auto Updater (Version: 2.1.9.0)

JavaFX 2.1.1 (Version: 2.1.1)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Default Manager (Version: 2.1.55.0)

Microsoft Search Enhancement Pack (Version: 2.0.271.0)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

MyProduct

NVIDIA Control Panel 301.42 (Version: 301.42)

NVIDIA Graphics Driver 301.42 (Version: 301.42)

NVIDIA Install Application (Version: 2.1002.85.551)

NVIDIA System Update (Version: 1.00.0000)

NVIDIA Update 1.8.15 (Version: 1.8.15)

NVIDIA Update Components (Version: 1.8.15)

ooVoo (Version: 3.5.6045)

OpenAL

PowerISO (Version: 5.5)

RockMelt (HKCU Version: 0.16.91.483)

swMSM (Version: 12.0.0.1)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

WinRAR 4.10 (32-bit) (Version: 4.10.0)

Yahoo! BrowserPlus 2.9.8

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

 

 

==================== Restore Points  =========================

 

13-07-2013 07:02:59 return

 

==================== Hosts content: ==========================

 

2006-11-02 06:23 - 2013-02-28 18:15 - 00000781 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

127.0.0.1       localhost

 

::1             localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0DFD114F-2841-4746-B970-7DD06247B87D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)

Task: {173762E0-7FFC-4F2B-9EBC-70A3EED4F3B6} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {19EC5082-AB45-4E2B-9E1C-9C915FA02520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)

Task: {2EEF14A8-BD44-4EBE-9A52-8431F7831982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)

Task: {48B150D4-EA47-428C-AD02-64FA67250458} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)

Task: {590F0884-7657-4AE0-8E60-A53EA0FE2F31} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-02-28] (Microsoft Corporation)

Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2012-02-05] ()

Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)

Task: {633673FA-F705-4FB8-AAFE-8014BBD4CEA5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)

Task: {67101C47-EE4F-4A74-9B4D-6F7FF39F7E98} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1151678641-3989687766-3472099841-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File

Task: {68854C27-5A03-46D5-AF23-35E4E9311B96} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Family => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

Task: {81874D2B-4AAE-4ADB-A6D7-6FDFCB241022} - System32\Tasks\User_Feed_Synchronization-{0476684A-9D0C-486B-A6CD-F7CB96E9DCA0} => C:\Windows\system32\msfeedssync.exe [2013-02-28] (Microsoft Corporation)

Task: {8B0CD776-FC65-4A52-AD07-53E37D44C719} - System32\Tasks\RunAsStdUser Task => C:\Users\Family\AppData\Local\snappydeeSA\bin\1.0.2.0\SnappyDeeSA.exe No File

Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {9C369CEE-6865-48EA-8CEB-30EEA4AA506C} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000UA => C:\Users\Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2013-02-28] (RockMelt Inc.)

Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {B216AD63-8B92-4A43-B25E-95DBDC2654D3} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe No File

Task: {BA628503-5791-4D44-95A4-A740D7DB230D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)

Task: {C4FC48CF-BDE6-415A-9227-E2A5FEE3632C} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000Core => C:\Users\Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2013-02-28] (RockMelt Inc.)

Task: {E55846EE-01C4-4322-B3C4-24FAA6F475B6} - System32\Tasks\4791 => C:\Windows\System32\wscript.exe [2009-04-11] (Microsoft Corporation)

Task: {ED50D756-5C0D-4A50-84F0-7E9F131E4369} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1151678641-3989687766-3472099841-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File

Task: {F224A7C0-F928-478D-B5D9-373299A70C6C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000Core.job => C:\Users\Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1151678641-3989687766-3472099841-1000UA.job => C:\Users\Family\AppData\Local\RockMelt\Update\RockMeltUpdate.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

 

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

 

Details:

The content index cannot be read.   (0xc0041800)

 

Error: (07/13/2013 06:03:52 PM) (Source: ESENT) (User: )

Description: Windows (4088) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

 

Error: (07/13/2013 05:38:11 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

 

Error: (07/13/2013 05:38:10 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (07/13/2013 05:38:10 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

 

Details:

The content index cannot be read.   (0xc0041800)

 

Error: (07/13/2013 05:38:10 PM) (Source: ESENT) (User: )

Description: Windows (3064) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

 

Error: (07/13/2013 05:34:55 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the SystemIndex search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

 

Error: (07/13/2013 05:34:55 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

 

System errors:

=============

Error: (07/13/2013 06:16:33 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:15:50 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:15:50 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:15:50 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:15:50 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:15:50 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:12:47 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:12:46 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:12:46 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

Error: (07/13/2013 06:12:46 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume C:.

 

 

Microsoft Office Sessions:

=========================

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service)(User: )

Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

 

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (07/13/2013 06:03:52 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index cannot be read.   (0xc0041800)

 

Error: (07/13/2013 06:03:52 PM) (Source: ESENT)(User: )

Description: Windows4088Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)

 

Error: (07/13/2013 05:38:11 PM) (Source: Windows Search Service)(User: )

Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

 

Error: (07/13/2013 05:38:10 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

Error: (07/13/2013 05:38:10 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index cannot be read.   (0xc0041800)

 

Error: (07/13/2013 05:38:10 PM) (Source: ESENT)(User: )

Description: Windows3064Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)

 

Error: (07/13/2013 05:34:55 PM) (Source: Windows Search Service)(User: )

Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

 

Error: (07/13/2013 05:34:55 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index metadata cannot be read.   (0xc0041801)

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-07-16 06:10:13.864

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:10:13.738

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:10:13.611

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:10:13.487

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:09:38.927

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:09:38.801

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:09:38.608

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-07-16 06:09:38.447

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-07 17:27:39.198

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-07 17:27:39.122

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 77%

Total physical RAM: 957.76 MB

Available physical RAM: 219.43 MB

Total Pagefile: 2180.1 MB

Available Pagefile: 1349.74 MB

Total Virtual: 2047.88 MB

Available Virtual: 1919.27 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:138.97 GB) (Free:2.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.16 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: E0000000)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[kevinf80]

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[NewComerMan]

how do i delete combofix 

[kevinf80]

Only delete if you have an old version, if you don`t have an old version there is nothing to delete. Simply drag to the recycle bin, or right click on Combofix and select "Delete"

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!