Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MozBackup access violation - suspected malware


  • Please log in to reply
15 replies to this topic

#1 LAFitzou

LAFitzou

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 October 2013 - 07:27 PM

Suddenly after doing a system backup, when I attempted to backup Firefox 24 on MozBackup 1,5,1, it produced an access violation error and continues to do so even after uninstalling then reinstalling both 1,5,1 and 1.5.2 Beta 1.  I suspect an infection.  Can you suggest a fix/cure?

 

Laurie



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:39 PM

Posted 16 October 2013 - 10:25 AM

Please post the exact error you are receiving.

 

jasnapaka posted the following caveat regarding the 1.5.2 Beta version.

 

Be aware that this is a alpha version, so please use only for testing.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 16 October 2013 - 12:24 PM

This is the error I get from MozBackup 1.5.1: Access violation at address 004C2C9E in module MozBackup.exe. Read of address FFFFFFFF. 

 

Please note: I run 1.5.1 on 2 computers both running Windows 7 64bt but only get the error on one - a netbook.  In addition, since this began I have been unable to complete a full malware scan:  The system crashes when it gets into the D: partition where I store my backups.  Consequently I suspect that it may be infected.

 

Thanks in advance,

 

Laurie



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:39 PM

Posted 16 October 2013 - 12:48 PM

What scan did you run for the malware?

 

One of the best available currently is Malwarebytes AntiMalware.

 

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
If this is what you ran, try running it in Chameleon.
 

Running Malwarebytes Chameleon.
 
1. Please open Malwarebytes' Anti-Malware.
 
2. Click on More Tools, then open click on Chameleon.
 
3. An image like the one below will appear on your screen. Follow the instructions to get Malwarebytes Anti-Malware running.
 
Chameleon_zpsfd335ac6.png

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 16 October 2013 - 02:02 PM

Actually I use Emsisoft Anti-Malware and encounter the crash problem when running a Deep Scan or a Custom Scan with D: included. No such problem with a Quick Scan or when I exclude D: And in both cases the results are negative for malware.

 

In any event, I also have Malwarebytes installed and just ran both Chameleon and a Quick Scan.  Both were negative for malware.  The only 'problem' I encountered was that clicking on Chameleon did not produce the image shown in your post but opened the IE browser and invited me to download the program.  I did and then ran it in a cmd window.

 

So if I have no infections, what can I do about the access violation?

 

Laurie



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:39 PM

Posted 17 October 2013 - 01:48 PM

MozBadkup Support

 

Louis



#7 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 October 2013 - 01:59 PM

Thanks Louis.  I already checked out the support site but didn't find any reference to an access violation error (defined as "An access violation is generally an attempt to access memory that the CPU cannot physically address. It occurs when the hardware notifies an operating system about a memory access violation.")  I performed a memory diagnostic test on the problem machine but it came out clean.  I also uninstalled MozBackup, cleaned both the disk and the registry, and then reinstalled it...but no luck.  Any other suggestions?

 

Laurie



#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:39 PM

Posted 17 October 2013 - 05:01 PM

Well...those are usually bad programming or memory, IMO...let's take a look.

 

Please download MiniToolBox  , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  List last 10 Event Viewer log

  List Installed Programs

  List Users, Partitions and Memory size.

 

Click Go and paste the content into your next post.

 

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

 

Louis



#9 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 October 2013 - 06:10 PM

Here are the results of the Mini-Toolbox.  I'll send the snapsot link in my next post.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Laurie (ATTENTION: The logged in user is not administrator) on 17-10-2013 at 17:05:18
Running from "C:\Users\Laurie\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2013 04:38:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 03:57:36 PM) (Source: ESENT) (User: )
Description: taskhost (2172) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Laurie\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/17/2013 03:55:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 01:21:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Botkind Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (10/17/2013 00:31:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/16/2013 04:42:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 04:24:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 03:29:48 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80080005).

Error: (10/16/2013 03:29:48 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80080005).

Error: (10/16/2013 03:00:32 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0


System errors:
=============
Error: (10/17/2013 04:39:07 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/17/2013 04:38:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/17/2013 04:25:26 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume E: were aborted because of an IO failure on volume E:.

Error: (10/17/2013 04:25:26 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume E: were aborted during detection because a critical control file could not be opened.

Error: (10/17/2013 04:25:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2013 04:25:21 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2013 04:25:21 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2013 04:25:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2013 04:25:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2013 04:12:51 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (10/17/2013 04:38:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 03:57:36 PM) (Source: ESENT)(User: )
Description: taskhost2172WebCacheLocal: C:\Users\Laurie\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (10/17/2013 03:55:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 01:21:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Botkind Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/17/2013 00:31:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/16/2013 04:42:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 04:24:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 03:29:48 PM) (Source: System Restore)(User: )
Description: 0x80080005

Error: (10/16/2013 03:29:48 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80080005

Error: (10/16/2013 03:00:32 PM) (Source: Application Error)(User: )
Description: Host Process for Windows ServicesC00001850


CodeIntegrity Errors:
===================================
  Date: 2013-10-15 20:21:23.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Crystal Eye Webcam (Version: 1.0.1306)
Acer ePower Management (Version: 6.00.3004)
Acer eRecovery Management (Version: 5.00.3002)
Acer ScreenSaver (Version: 1.1.0413.2011)
Acer VCM (Version: 4.05.3004)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.39)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0111.1350.24756)
Catalyst Control Center InstallProxy (Version: 2011.0111.1350.24756)
Catalyst Control Center Localization All (Version: 2011.0111.1350.24756)
CCC Help Chinese Standard (Version: 2011.0111.1349.24756)
CCC Help Chinese Traditional (Version: 2011.0111.1349.24756)
CCC Help Czech (Version: 2011.0111.1349.24756)
CCC Help Danish (Version: 2011.0111.1349.24756)
CCC Help Dutch (Version: 2011.0111.1349.24756)
CCC Help English (Version: 2011.0111.1349.24756)
CCC Help Finnish (Version: 2011.0111.1349.24756)
CCC Help French (Version: 2011.0111.1349.24756)
CCC Help German (Version: 2011.0111.1349.24756)
CCC Help Greek (Version: 2011.0111.1349.24756)
CCC Help Hungarian (Version: 2011.0111.1349.24756)
CCC Help Italian (Version: 2011.0111.1349.24756)
CCC Help Japanese (Version: 2011.0111.1349.24756)
CCC Help Korean (Version: 2011.0111.1349.24756)
CCC Help Norwegian (Version: 2011.0111.1349.24756)
CCC Help Polish (Version: 2011.0111.1349.24756)
CCC Help Portuguese (Version: 2011.0111.1349.24756)
CCC Help Russian (Version: 2011.0111.1349.24756)
CCC Help Spanish (Version: 2011.0111.1349.24756)
CCC Help Swedish (Version: 2011.0111.1349.24756)
CCC Help Thai (Version: 2011.0111.1349.24756)
ccc-core-static (Version: 2011.0111.1350.24756)
ccc-utility64 (Version: 2011.0111.1350.24756)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 8.54.6.0)
CutePDF Writer 3.0 (Version:  3.0)
D3DX10 (Version: 15.4.2368.0902)
DiskCheckup v3.1 (Version: 3.1.1005)
Emsisoft Anti-Malware (Version: 7.0)
Emsisoft HiJackFree 4.5 (Version: 4.5)
ESET Online Scanner v3
Evernote v. 5.0.2 (Version: 5.0.2.1392)
Google Chrome (Version: 30.0.1599.69)
Google Talk Plugin (Version: 4.7.0.15362)
GVJackApp Release 1.083
HitmanPro 3.7 (Version: 3.7.8.207)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 16.4.3508.0205)
Launch Manager (Version: 5.1.4)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MozBackup 1.5.1
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 16.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Online Armor 6.0 (Version: 6.0)
PL-2303 USB-to-Serial (Version: 1.2.10)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
Revo Uninstaller 1.95 (Version: 1.95)
SES Driver (Version: 1.0.0)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.9 (Version: 6.9.106)
Synaptics Pointing Device Driver (Version: 15.2.9.0)
SyncToy 2.1 (x64) (Version: 2.1.0)
TeamViewer 8 (Version: 8.0.22298)
the LATEST VERSION OF THE GVJACKAPP
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wise Disk Cleaner 7.95 (Version: 7.95)
Wise Registry Cleaner 7.87 (Version: 7.87)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 1770.9 MB
Available physical RAM: 426.79 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1777.94 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.54 MB

========================= Partitions: =====================================

1 Drive c: (LAFitz) (Fixed) (Total:61.05 GB) (Free:26.52 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:158.73 GB) (Free:157.95 GB) NTFS
3 Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:246.28 GB) NTFS

========================= Users: ========================================

User accounts for \\LAFITZ

Administrator            Guest                    Laurie                   


**** End of log ****
 



#10 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 October 2013 - 06:54 PM

And here' the snapshot:  http://speccy.piriform.com/results/d32jU1rARWCHIdlZQbf3tQ0



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:39 PM

Posted 18 October 2013 - 08:26 AM

Ran by Laurie (ATTENTION: The logged in user is not administrator), from MiniToolBox data. 

 

I'm puzzled by this...if you don't have admin privileges...who does system belong to?  I see various instances of this line being reported by Farbar tools, but most of those that I looked at involved suspected/actual malware.

 

Specs

 

ATI AMD Radeon HD 6250 Graphics (Acer Incorporated [ALI]):   84 °C
Don't know if that is indicative of possible overheating or not but is markedly different from CPU/motherboard temps recorded.

 

No hotfixes before 13 Oct 2013.

 

C4 Reallocation Event Count:                  059 (059) Data 0000000471
C5 Current Pending Sector Count:          073 (073) Data 0000000343
 
MozBackup still appears on your installed apps per MiniToolBox...but Windows Backup is running (no indication of MozBackup processes per Speccy.  In any case, you may want to take a look at Uninstall MozBackup

 

Wise Disk Cleaner 7.95 (Version: 7.95)
Wise Registry Cleaner 7.87 (Version: 7.87)

 

Please uninstall these two programs, BC does not support the use of such programs on Windows.

 

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254

Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner

 

I would also uninstall Hitman Pro, based on the premise that it is unnecessary (you have a quality AV and firewall installed) and it may conflict with your basic defenses against malware.  Ten programs don't necessarily imply that a better effort is made...than the customary 2/3 programs used.

 

I also suggest removing the PassMark Disk Smart utillity...not because it isn't useful/informative...but because it basically performs the sam task as the native SMART monitoring already done by the system...and you only have 1.7GB of RAM available on your system.  No point in wasting it running a utility that you probably don't even pay attention to.  Your external drive probably has its own monitoring so that should not be a consideration, IMO.

 

Could not find definitive data re your System Restore/Backup issues...but you might take a look at Google Links on such.

 

You reflect "controller errors" on each of your hard drives.  Can be a problem with the drive...I'd run the appropriate hard drive diagnostics (not chkdsk /r, which is a file system tool) on the hard drives for peace of mind.

 

Louis


Edited by hamluis, 23 October 2013 - 01:27 PM.


#12 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 18 October 2013 - 08:33 AM

I'm off to a 3-day seminar and won't have the opportunity to look into the issues noted until this evening at the earliest.  But did want you to know that Laurie is the Administrator so I am puzzled as well.  I'll be back with more as soon as I can. 

 

Thanks mucho,

 

Laurie



#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,302 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:39 PM

Posted 18 October 2013 - 12:45 PM

:thumbup2: , enjoy your seminar :).

 

Louis



#14 LAFitzou

LAFitzou
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 23 October 2013 - 12:03 PM

Hello Louis,

 

Well...I'm back from the seminar that was so grueling that I just now recovered sufficiently to respond.  In the meantime, I was encouraged to run a disk health check on my machine and lo! and behold!  It turns out that my hard disk has a significant number of damaged blocks and needs to be replaced.  So I will limp along on it until I can afford to do so. 

 

Thank you so much for your time, patience and advice.

 

Laurie



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:39 PM

Posted 23 October 2013 - 12:13 PM

You need to back all of your important data to a removable form of media, like a flash drive, CDs, DVDs, an external hdd.  I would make this a priority as a failure could happen any time.

 

If you need a copy of Windows 7 to install on your new hdd you can download a ISO image of Windows 7 at the Window Seven Forums.  You will need to burn the ISO image to a DVD to create a bootable disc.
 
This ISO download is legal, it was hosted by Digital River who is a distrubtion partner of Microsoft.  You will need a valid product key in order to activate this copy of Windows 7.
 
To burn a ISO file to a CD or DVD please downlaod ImgBurn and install it.
 
Insert blank CD or DVD into your CD/DVD drive.
 
Open ImgBurn, and click on Write image file to disc.
 
ImgBurn1_zps715cb1c2.png
 
Click on the Browse for a file icon:
 
ImgBurn2_zpsaea72ba9.png
 
Locate the ISO file you want to burn, and click on the Open button.
 
Click on the blue arrow to start burning the bootable CD.
 
imageburn11_zpse44f577b.png

Edited by dc3, 23 October 2013 - 12:27 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users