Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot access any admin functions in Windows 7 computer


  • This topic is locked This topic is locked
36 replies to this topic

#1 ihatemicrosoft57

ihatemicrosoft57

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 15 April 2014 - 02:38 PM

I was asked by my helper to transfer this topic to this forum from the Windows 7 forum.  I cannot access any admin or control functions on my daughter's Toshiba laptop.  I cannot uninstall programs since I get the message that there are no programs installed on this computer.  I cannot delete anything or empty the Recycle bin.  When I click on the Start button, there are no programs listed.  When I attempt to access any other functions in Control Panel, I get the message that the "Class is not Registered" or Program for that function not found.

 

The other unusual issue is that I'm using almost 3 GB of RAM and I haven't opened any programs yet (intentionally).

 

I've downloaded and run these programs and posted their logs to the Windows 7 forum: Screen317 Security Check, MiniToolBox, AdwCleaner, Junkware Removal Tool, and Malwarebytes Anti-malware Free.  There does not appear to be any change in the performance of the computer after doing this.

 

I'm at a loss what to do.  Any help is appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by Liz at 7:34:19 on 2014-04-15
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{11C3E845-8C68-4B34-9E32-326F4F579DF2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{11C3E845-8C68-4B34-9E32-326F4F579DF2}\C496A772370205340277962756C6563737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{11C3E845-8C68-4B34-9E32-326F4F579DF2}\C496A7D20534D275962756C6563737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7C18E055-E343-4214-BCA4-DC72D0D3AA14} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-04-15 11:15:29 -------- d-----w- C:\Program Files\Speccy
2014-04-14 15:12:12 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-04-14 15:07:51 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-04-14 15:07:51 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-04-14 15:07:51 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-04-14 15:07:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-14 15:07:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 15:06:38 -------- d-----w- C:\Users\Liz\AppData\Local\Programs
2014-04-14 14:48:43 -------- d-----w- C:\windows\ERUNT
2014-04-14 14:25:24 -------- d-----w- C:\AdwCleaner
2014-04-13 21:28:29 -------- d-----w- C:\windows\pss
2014-04-13 15:58:14 -------- d-sh--w- C:\found.000
2014-04-08 23:17:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-08 23:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-27 00:43:55 -------- d-----w- C:\Users\Liz\AppData\Roaming\McGraw-HillLicensing
2014-03-17 22:36:01 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-03-17 22:36:00 484864 ----a-w- C:\windows\System32\wer.dll
2014-03-17 22:36:00 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-03-17 22:36:00 3156480 ----a-w- C:\windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2014-03-17 22:31:52 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-17 22:31:52 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-04 02:35:56 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
2014-01-24 02:37:55 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys
.
============= FINISH:  7:36:41.11 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 20 April 2014 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options only.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
If not please do it.

===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 April 2014 - 10:20 AM

Hi nasdaq:
 
Thanks for your resonse. 
 
Trying to follow your steps in order.  I cannot create a Restore Point.  The computer does not respond when I click on "System" in Control Panel.  
 
I cannot connect to the Internet using Internet Explorer, only thru Chrome.  In order to download file I had to copy the link and paste it in Chrome.  Once on the desktop, the computer will not extract the file.  The message is that the destination path is invalid in spite of any address I use.  If I try to run Repair Windows, I get the message that Tweaking-tabs.osx is not registered correctly.  I seem to be frustrated in attempting any action no matter what I do.
 
Do you want me to try to run Farbar Scan Recovery Tool any way?
 
I'm typing this on another computer, by the way.
 
Joe    


#4 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 April 2014 - 11:11 AM

Hi nasdaq:

 

Update.  I extracted the files to a zip drive and ran it from there.  processing now.



#5 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 April 2014 - 11:58 AM

Hi nasdaq:

I used a flash drive to run the program.

Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Liz (administrator) on LIZ-PC on 21-04-2014 12:40:12
Running from C:\Users\Liz\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\system32\consent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-792922752-1770347979-3772404051-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-09] (Google Inc.)
HKU\S-1-5-21-792922752-1770347979-3772404051-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-792922752-1770347979-3772404051-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-792922752-1770347979-3772404051-1000\...\MountPoints2: {98610d4c-e010-11df-9d97-806e6f6e6963} - D:\Start_Here.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
SearchScopes: HKLM - DefaultScope {F4AFF0B7-86EF-467D-A74B-CAA26DB1BFA8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {F4AFF0B7-86EF-467D-A74B-CAA26DB1BFA8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 - {1DBD4339-EEB1-4FBD-AC2F-86E2CE025188} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {1DBD4339-EEB1-4FBD-AC2F-86E2CE025188} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS412US412
SearchScopes: HKCU - {DA471152-8F67-4270-B97E-112B9D267485} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - {F4AFF0B7-86EF-467D-A74B-CAA26DB1BFA8} URL =
BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ []
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gears.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (McAfee Security Scan+) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 12:40 - 2014-04-21 12:40 - 00017700 _____ () C:\Users\Liz\Downloads\FRST.txt
2014-04-21 12:39 - 2014-04-21 12:40 - 00000000 ____D () C:\FRST
2014-04-21 11:48 - 2014-04-21 11:48 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LIZ-PC--(64-bit).dat
2014-04-21 11:47 - 2014-04-21 11:47 - 00000000 ____D () C:\RegBackup
2014-04-21 10:49 - 2014-04-21 10:49 - 02056704 _____ (Farbar) C:\Users\Liz\Downloads\FRST64.exe
2014-04-21 10:48 - 2014-04-21 10:48 - 01044480 _____ (Farbar) C:\Users\Liz\Downloads\FRST.exe
2014-04-21 10:09 - 2014-04-21 10:09 - 03434761 _____ () C:\Users\Liz\Downloads\tweaking.com_windows_repair_aio.zip
2014-04-21 10:07 - 2014-04-21 10:07 - 00016360 _____ () C:\Users\Liz\Desktop\download.htm
2014-04-15 07:38 - 2014-04-15 07:38 - 00006268 _____ () C:\Users\Liz\Attach.txt
2014-04-15 07:36 - 2014-04-15 07:38 - 00010792 _____ () C:\Users\Liz\Desktop\dds.txt
2014-04-15 07:36 - 2014-04-15 07:36 - 00006268 _____ () C:\Users\Liz\Desktop\attach.txt
2014-04-15 07:31 - 2014-04-15 07:31 - 00688992 ____R (Swearware) C:\Users\Liz\Downloads\dds.com
2014-04-15 07:15 - 2014-04-15 07:15 - 00000000 ____D () C:\Program Files\Speccy
2014-04-15 07:14 - 2014-04-15 07:14 - 04845384 _____ (Piriform Ltd) C:\Users\Liz\Downloads\spsetup125 (1).exe
2014-04-14 19:18 - 2014-04-15 07:15 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-14 19:17 - 2014-04-14 19:17 - 04845384 _____ (Piriform Ltd) C:\Users\Liz\Downloads\spsetup125.exe
2014-04-14 11:55 - 2014-04-14 11:56 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe
2014-04-14 11:55 - 2014-04-14 11:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-14 11:38 - 2014-04-14 11:38 - 00003550 _____ () C:\Users\Liz\Desktop\MBAM.txt
2014-04-14 11:12 - 2014-04-14 11:22 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 11:08 - 2014-04-14 11:08 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 11:07 - 2014-04-14 11:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 11:07 - 2014-04-14 11:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 11:07 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-14 11:07 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-14 11:07 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-14 11:04 - 2014-04-14 11:05 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 10:55 - 2014-04-14 10:55 - 00001846 _____ () C:\Users\Liz\Desktop\JRT.txt
2014-04-14 10:48 - 2014-04-14 10:48 - 00000000 ____D () C:\windows\ERUNT
2014-04-14 10:44 - 2014-04-14 10:45 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe
2014-04-14 10:25 - 2014-04-14 13:49 - 00000000 ____D () C:\AdwCleaner
2014-04-14 10:23 - 2014-04-14 10:23 - 01426178 _____ () C:\Users\Liz\Downloads\AdwCleaner.exe
2014-04-14 10:19 - 2014-04-14 10:21 - 00012813 _____ () C:\Users\Liz\Downloads\Result.txt
2014-04-14 10:15 - 2014-04-14 10:15 - 00982016 _____ (Farbar) C:\Users\Liz\Downloads\MiniToolBox.exe
2014-04-14 09:50 - 2014-04-14 09:50 - 00987448 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-04-13 17:28 - 2014-04-21 09:52 - 00000000 ____D () C:\windows\pss
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.3.Run.exe
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.2.Run.exe
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.1.Run.exe
2014-04-13 15:28 - 2014-04-13 15:28 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinSecurity.RNP.5132084805143014.3.1.Run.exe
2014-04-13 15:24 - 2014-04-13 15:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (1).exe
2014-04-13 15:23 - 2014-04-13 15:24 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2014-04-13 13:35 - 2014-04-13 14:35 - 00018467 _____ () C:\Users\Liz\Desktop\avgrep.txt
2014-04-13 11:59 - 2014-04-13 11:59 - 00003416 _____ () C:\bootsqm.dat
2014-04-13 11:58 - 2014-04-13 11:58 - 00000000 __SHD () C:\found.000
2014-04-08 19:17 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-08 19:17 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-08 19:17 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-08 19:17 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-08 19:16 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-08 19:16 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-08 19:16 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-08 19:16 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-08 19:16 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-08 19:16 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-08 19:16 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-08 19:16 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-08 19:16 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-08 19:16 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-08 19:16 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-08 19:16 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-08 19:16 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-08 19:16 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-08 19:16 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-08 19:16 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-08 19:16 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-03-26 20:43 - 2014-03-26 20:43 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\McGraw-HillLicensing

==================== One Month Modified Files and Folders =======

2014-04-21 12:40 - 2014-04-21 12:40 - 00017700 _____ () C:\Users\Liz\Downloads\FRST.txt
2014-04-21 12:40 - 2014-04-21 12:39 - 00000000 ____D () C:\FRST
2014-04-21 12:39 - 2010-10-25 04:16 - 02011027 _____ () C:\windows\WindowsUpdate.log
2014-04-21 12:37 - 2009-07-14 01:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-21 12:35 - 2010-09-09 22:09 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 12:32 - 2014-02-04 23:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 12:32 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-21 12:32 - 2009-07-14 00:51 - 00036211 _____ () C:\windows\setupact.log
2014-04-21 12:30 - 2009-07-14 00:45 - 00015792 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 12:30 - 2009-07-14 00:45 - 00015792 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 12:26 - 2010-12-31 10:53 - 00069496 _____ () C:\Users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 12:24 - 2009-07-14 00:45 - 00373048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-21 12:23 - 2010-09-09 22:28 - 00334114 _____ () C:\windows\PFRO.log
2014-04-21 12:20 - 2009-07-13 22:34 - 00000541 _____ () C:\windows\win.ini
2014-04-21 12:06 - 2011-01-02 01:10 - 00783400 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-04-21 11:48 - 2014-04-21 11:48 - 00000207 _____ () C:\windows\tweaking.com-regbackup-LIZ-PC--(64-bit).dat
2014-04-21 11:47 - 2014-04-21 11:47 - 00000000 ____D () C:\RegBackup
2014-04-21 11:23 - 2010-09-09 22:09 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 10:49 - 2014-04-21 10:49 - 02056704 _____ (Farbar) C:\Users\Liz\Downloads\FRST64.exe
2014-04-21 10:48 - 2014-04-21 10:48 - 01044480 _____ (Farbar) C:\Users\Liz\Downloads\FRST.exe
2014-04-21 10:09 - 2014-04-21 10:09 - 03434761 _____ () C:\Users\Liz\Downloads\tweaking.com_windows_repair_aio.zip
2014-04-21 10:07 - 2014-04-21 10:07 - 00016360 _____ () C:\Users\Liz\Desktop\download.htm
2014-04-21 09:52 - 2014-04-13 17:28 - 00000000 ____D () C:\windows\pss
2014-04-21 09:02 - 2011-01-01 19:30 - 00000000 ____D () C:\windows\system32\Drivers\AVG
2014-04-21 09:00 - 2014-02-12 09:28 - 00000000 ____D () C:\Users\Liz\Documents\ODS800
2014-04-15 07:38 - 2014-04-15 07:38 - 00006268 _____ () C:\Users\Liz\Attach.txt
2014-04-15 07:38 - 2014-04-15 07:36 - 00010792 _____ () C:\Users\Liz\Desktop\dds.txt
2014-04-15 07:38 - 2010-12-31 10:50 - 00000000 ____D () C:\Users\Liz
2014-04-15 07:36 - 2014-04-15 07:36 - 00006268 _____ () C:\Users\Liz\Desktop\attach.txt
2014-04-15 07:31 - 2014-04-15 07:31 - 00688992 ____R (Swearware) C:\Users\Liz\Downloads\dds.com
2014-04-15 07:15 - 2014-04-15 07:15 - 00000000 ____D () C:\Program Files\Speccy
2014-04-15 07:15 - 2014-04-14 19:18 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-15 07:14 - 2014-04-15 07:14 - 04845384 _____ (Piriform Ltd) C:\Users\Liz\Downloads\spsetup125 (1).exe
2014-04-14 19:18 - 2010-12-31 11:10 - 00000000 ____D () C:\Users\Liz\AppData\Local\Google
2014-04-14 19:17 - 2014-04-14 19:17 - 04845384 _____ (Piriform Ltd) C:\Users\Liz\Downloads\spsetup125.exe
2014-04-14 13:49 - 2014-04-14 10:25 - 00000000 ____D () C:\AdwCleaner
2014-04-14 11:56 - 2014-04-14 11:55 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe
2014-04-14 11:55 - 2014-04-14 11:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-14 11:38 - 2014-04-14 11:38 - 00003550 _____ () C:\Users\Liz\Desktop\MBAM.txt
2014-04-14 11:22 - 2014-04-14 11:12 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 11:08 - 2014-04-14 11:08 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 11:08 - 2014-04-14 11:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 11:07 - 2014-04-14 11:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 11:05 - 2014-04-14 11:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 10:55 - 2014-04-14 10:55 - 00001846 _____ () C:\Users\Liz\Desktop\JRT.txt
2014-04-14 10:49 - 2010-10-25 04:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 10:49 - 2010-10-25 04:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 10:48 - 2014-04-14 10:48 - 00000000 ____D () C:\windows\ERUNT
2014-04-14 10:45 - 2014-04-14 10:44 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe
2014-04-14 10:23 - 2014-04-14 10:23 - 01426178 _____ () C:\Users\Liz\Downloads\AdwCleaner.exe
2014-04-14 10:21 - 2014-04-14 10:19 - 00012813 _____ () C:\Users\Liz\Downloads\Result.txt
2014-04-14 10:15 - 2014-04-14 10:15 - 00982016 _____ (Farbar) C:\Users\Liz\Downloads\MiniToolBox.exe
2014-04-14 09:50 - 2014-04-14 09:50 - 00987448 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-04-13 18:55 - 2010-12-31 11:07 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Toshiba
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.3.Run.exe
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.2.Run.exe
2014-04-13 15:31 - 2014-04-13 15:31 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinFileFolder.RNP.5132084805143014.5.1.Run.exe
2014-04-13 15:28 - 2014-04-13 15:28 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WinSecurity.RNP.5132084805143014.3.1.Run.exe
2014-04-13 15:25 - 2014-04-13 15:24 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run (1).exe
2014-04-13 15:24 - 2014-04-13 15:23 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2014-04-13 15:00 - 2011-01-02 01:11 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\SoftGrid Client
2014-04-13 14:35 - 2014-04-13 13:35 - 00018467 _____ () C:\Users\Liz\Desktop\avgrep.txt
2014-04-13 12:10 - 2009-07-13 22:34 - 00450712 _____ () C:\windows\system32\Drivers\etc\hosts_bak_846
2014-04-13 11:59 - 2014-04-13 11:59 - 00003416 _____ () C:\bootsqm.dat
2014-04-13 11:58 - 2014-04-13 11:58 - 00000000 __SHD () C:\found.000
2014-04-09 19:03 - 2011-01-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 19:02 - 2013-08-19 21:10 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 18:54 - 2011-11-25 16:45 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-05 18:16 - 2010-09-09 22:09 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 18:16 - 2010-09-09 22:09 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-14 11:07 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 11:07 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 11:07 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-30 21:16 - 2014-04-08 19:17 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-30 21:13 - 2014-04-08 19:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-30 20:13 - 2014-04-08 19:17 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-30 19:57 - 2014-04-08 19:17 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-26 20:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-26 20:43 - 2014-03-26 20:43 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\McGraw-HillLicensing
2014-03-26 19:07 - 2013-04-12 08:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-26 19:07 - 2013-04-12 08:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 18:10

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 22 April 2014 - 09:02 AM

Download this tool to a flash drive. Place the File on the Desktop of the problem computer and run is as suggested below.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 22 April 2014 - 10:50 AM

Hi nasdaq:

Here are the results:

Farbar Service Scanner Version: 25-02-2014
Ran by Liz (administrator) on 22-04-2014 at 11:48:50
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 22 April 2014 - 10:55 AM

nasdaq:

I keep getting an error message: Unknown error 0x80041002. This window keeps popping up at random times.

Thanks for all your help.
Joe

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 23 April 2014 - 06:49 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
===


I keep getting an error message: Unknown error 0x80041002. This window keeps popping up at random times.


You may be able to fix that error.
Navigate to this page.
http://support.microsoft.com/kb/2465990

You will find the hotfix download at the top of the page.

Read this article before proceeding.

Important for you to restart the computer when the fix has been run.

===

Keep me posted.

#10 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 April 2014 - 08:57 AM

After reading the article, I hesitate to install this "Hotfix."  There are several warnings about not installing it if it is not addressing the specific problem and I don't know if that is the case or not.

 

Back to my original problem (I suspect they are all related), the performance of the computer has not improved at all.  What is the next step in the journey to fix this?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 23 April 2014 - 10:13 AM

Thats the reason I asked that you create a new restore point.
If anything goes wrong you will be able to restore you system .

I found one more fix.
http://msmvps.com/blogs/lduncan/pages/20217.aspx

You can copy this text to a Notepad file, name it mywinmgmt.bat
Run the file as an administrator.
Do not forget to create a restore point.
 

net stop winmgmt
c:
cd %systemroot%\system32\wbem
rd /S /Q repository


regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll


mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
echo DONE reboot
pause



#12 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 April 2014 - 11:14 AM

I cannot create a restore point using Control Panel.  Nothing happens when I click on "System."  However, when I ran Windows Repair a few days ago, I seem to remember that it created a restore point before running.   Is that accurate?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 PM

Posted 24 April 2014 - 07:56 AM


Have a look at this Microsoft page.

System Restore
http://windows.microsoft.com/en-CA/windows7/products/features/system-restore

If unable to create a restore point look at the link Video: Fixing a problem using System Restore bottom of the page.

Keep me posted.

#14 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 24 April 2014 - 05:54 PM

My daughter had to reclaim the computer to use for school.  I'll get it back on Sunday, try your suggestions and let you know how it goes.

 

Joe



#15 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 27 April 2014 - 01:17 PM

I'm back. I tried setting a restore point manually and that doesn't work either. Nothing happens when I click "Properties" after right-clicking "Computer" from the Start button as described in the video. I do not want to lose what little functionality I have by modifying the registry since my daughter needs the computer to finish school this week.

Any other thoughts or ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users