Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what this issue is - maybe malware etc.??


  • This topic is locked This topic is locked
38 replies to this topic

#1 judyjht

judyjht

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 12 January 2016 - 10:33 AM

I was working with John C on fixing an issue I had/have with VSS - we got it going again and then a few hours later I got the same popup saying Carbonite had to shut down.....right now that has failed again.  So Carbonite cannot do its backing up.  I asked him about the occasional Blue screen and he told me to post here.

 

The computer is slow.  I will click on something and it might take a minute to open up,  sometimes if will freeze and I eventually try to manually reboot..  I have received a couple of blue screens over the past couple of weeks but when I boot up things seem ok again so something is going on.

 

I have a custom built Desktop running XP Professional SP3.  I have done a scan on the 2 hard drives and all is OK with those.  I plan to get a new laptop to replace this somewhat soon - when I have the time but would like to get this back up to snuff, if possible. 

 

Can anyone help me check to see what is wrong?  TIA  Judy



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 13 January 2016 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 13 January 2016 - 12:18 PM

OK I'll do it now.  Thanks.

 

Never mind - it won't let me download it (32 bit)  the page opens up and then quickly switches back to the Forum pages???


Edited by judyjht, 13 January 2016 - 12:21 PM.


#4 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 13 January 2016 - 12:39 PM

I keep trying but it won't keep the page open long enough for me to download it!


Edited by judyjht, 13 January 2016 - 12:44 PM.


#5 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 13 January 2016 - 12:59 PM

I finally figured it out - it is scanning now.  It did not, however, save it to the desktop - I clicked SAVE and assumed it went to the desktop but it did not.  Not sure if that is a big deal or not?



#6 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 13 January 2016 - 01:09 PM

Here you go........finally

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 14 January 2016 - 08:16 AM


Please enable this Firewall...
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
===

Remove this tool bar via the Control panel > Add/Remove Programs applet.
Internet Explorer Toolbar 4.9 by SweetPacks (HKLM\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1547161642-725345543-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-602162358-1547161642-725345543-1008] ATTENTION => Default URLSearchHook is missing
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\JUDY\Application Data\Move Networks\plugins\npqmp071706000001.dll [No File]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Hulu Desktop) - C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\nphdplg.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\Installation Assistant\Chrome\Installation Assistant.crx <not found>
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S3 catchme; \??\C:\DOCUME~1\JUDYQU~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 StarOpen; no ImagePath
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1EE77217-9468-D082-41E2-96EF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {44F72C57-9468-D082-01BC-86B585889A47} => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\windows\system32\xp_eos.exe
Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\windows\system32\xp_eos.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Is the issue with Carbonite persisting?

#8 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 14 January 2016 - 01:35 PM

Kaspersky Anti Virus does not have a firewall (after many phone calls!)

I made sure the Windows Firewall is active and it is.

 

Regarding deleting the Internet Explorer toolbar 4.9 by Sweetpack - I found it on the list of add and remove but I get an error message saying:

 

The feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter an alternate path to a folder containing the installation package "SweetIESetup.msi" in the box below.   

 

now what??  I didn't want to go the next step without checking with you first.

 

Also, I usually use Firefox - so do I still need to reset Chrome?


Edited by judyjht, 14 January 2016 - 03:48 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 15 January 2016 - 08:48 AM



First run the fix I suggested with the Farbar tool.

===

Let see what we can find on the Sweetpack issue. It may have been removed and all we see is some remnant item in the registry.

Please run the Farbar Recovery Scan Tool. Enter Sweetpack in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Sweetpack in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

<<<>>>

If you need to reset Firefox use these instructions.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Please post the logs and let me know what problem persists.

#10 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 15 January 2016 - 01:38 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Judy Quickbooks (2016-01-15 12:08:04) Run:2
Running from C:\Documents and Settings\Judy Quickbooks\My Documents\Downloads
Loaded Profiles: Judy Quickbooks (Available Profiles: JUDY & Judy Quickbooks & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-602162358-1547161642-725345543-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-602162358-1547161642-725345543-1008] ATTENTION => Default URLSearchHook is missing
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\JUDY\Application Data\Move Networks\plugins\npqmp071706000001.dll [No File]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Hulu Desktop) - C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\nphdplg.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\Installation Assistant\Chrome\Installation Assistant.crx <not found>
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S3 catchme; \??\C:\DOCUME~1\JUDYQU~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 StarOpen; no ImagePath
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1EE77217-9468-D082-41E2-96EF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {44F72C57-9468-D082-01BC-86B585889A47} => No File
CustomCLSID: HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\windows\system32\xp_eos.exe
Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\windows\system32\xp_eos.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value not found.
"C:\windows\system32\GroupPolicy\Machine" => not found.
"C:\windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-602162358-1547161642-725345543-1007\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} => key not found.
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F} => value removed successfully.
C:\Program Files\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\47.0.2526.73\pdf.dll => not found.
C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\HuluDesktop\instances\0.9.14.1\nphdplg.dll => not found.
C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.
C:\WINDOWS\system32\npDeployJava1.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mmddbcpechilpapallpbdpcekmgibofi" => key removed successfully.
ACDaemon => service removed successfully.
GoToMyPC => service removed successfully.
catchme => service removed successfully.
IntelIde => service removed successfully.
lmimirr => service removed successfully.
NPF => service removed successfully.
PalmUSBD => service removed successfully.
PCASp50 => service removed successfully.
StarOpen => service removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}" => key removed successfully.
"HKU\S-1-5-21-602162358-1547161642-725345543-1007_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}" => key removed successfully.
C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
EmptyTemp: => 83.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:34:10 ====



#11 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 15 January 2016 - 10:02 PM

Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Judy Quickbooks (2016-01-15 15:09:44)
Running from C:\Documents and Settings\Judy Quickbooks\My Documents\Downloads
Boot Mode: Normal

================== Search Registry: "Sweetpack" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9]
"ProductName"="Internet Explorer Toolbar 4.9 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9\InstallProperties]
"DisplayName"="Internet Explorer Toolbar 4.9 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}]
"DisplayName"="Internet Explorer Toolbar 4.9 by SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"Service"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"DeviceDesc"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"Service"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"DeviceDesc"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"Service"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UPDATER_BY_SWEETPACKS\0000]
"DeviceDesc"="Updater By SweetPacks"

====== End of Search ======

 

Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Judy Quickbooks (2016-01-15 21:57:37)
Running from C:\Documents and Settings\Judy Quickbooks\My Documents\Downloads
Boot Mode: Normal

================== Search Files: "Sweetpack" =============

====== End of Search ======



#12 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 15 January 2016 - 10:25 PM

Now for the problems!

 

Kaspersky had to close (numerous times) because of a problem (don't know what) and I cannot get it to work.  I really need this to work

 

Quickbooks Pro could not load license data. May be missing or damaged files.  I went to www.quickbooks.com/support/register.html but could not figure it out

 

VSSadmin List Writers still shows 4 failed  This is for Carbonite to run properly. 

I did find this but was afraid to try it not knowing if it was safe or not::  http://repairerrors.net/vss-fix-xp.html 

I also found this:  https://social.technet.microsoft.com/Forums/windowsserver/en-US/b0c62a58-422c-4601-a4a6-2e53e6c42093/windows-2003-volume-shadow-copy-problem?forum=winserverfiles

 

IntelliType Pro 7.1 software for XP - it said to remove the program (which I did) and reinstall. Then I get this message: "Set up cannot install required componant - Windows Installer.  Read me file in Help for more info (could not find that).  Error Code 1603".  This is not as important as the Kaspersky and Quickbooks Pro. 


Edited by judyjht, 16 January 2016 - 12:06 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 16 January 2016 - 09:24 AM

Lets repair these Windows services.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.
    Keep me posted.







#14 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 16 January 2016 - 06:01 PM

Log:
Tweaking.com - Windows Repair v3.8.0
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: JHT-99
Windows Drive: C:\
Windows Path: C:\windows
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Judy Quickbooks
Current Profile SID: S-1-5-21-602162358-1547161642-725345543-1007
Current Profile Classes: S-1-5-21-602162358-1547161642-725345543-1007_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\windows\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 01:33:15

Process Count: 57
Commit Total: 1.20 GB
Commit Limit: 4.34 GB
Commit Peak: 1.22 GB
Handle Count: 18298
Kernel Total: 137.04 MB
Kernel Paged: 104.37 MB
Kernel Non Paged: 32.67 MB
System Cache: 1,013.13 MB
Thread Count: 949
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 2.00 GB
Memory Used: 1.21 GB(60.6498%)
Memory Avail.: 805.27 MB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 2.00 GB
Memory Used: 993.63 MB(48.5545%)
Memory Avail.: 1.03 GB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (1/16/2016 4:01:56 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 173
 
01 - Reset Registry Permissions 01/02
   HKEY_CURRENT_USER & Sub Keys
   Start (1/16/2016 4:02:13 PM)

   Running Repair Under Current User Account
   Done (1/16/2016 4:02:38 PM)

01 - Reset Registry Permissions 02/02
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/16/2016 4:02:38 PM)

   Running Repair Under System Account
   Done (1/16/2016 4:05:21 PM)

02 - Reset File Permissions: D:
   D: & Sub Folders
   Start (1/16/2016 4:05:21 PM)

   Running Repair Under Current User Account
   Done (1/16/2016 4:06:19 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (1/16/2016 4:06:19 PM)

   Running Repair Under Current User Account
   Done (1/16/2016 4:47:12 PM)

02 - Reset File Permissions: All Profiles
   C:\Documents and Settings & Sub Folders
   Start (1/16/2016 4:47:12 PM)

   Running Repair Under Current User Account
   Done (1/16/2016 5:04:53 PM)

02 - Reset File Permissions: Current Profile
   C:\Documents and Settings\Judy Quickbooks & Sub Folders
   Start (1/16/2016 5:04:53 PM)

   Running Repair Under Current User Account
   Done (1/16/2016 5:13:40 PM)

03 - Reset Service Permissions
   Start (1/16/2016 5:13:40 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:15:19 PM)

04 - Register System Files
   Start (1/16/2016 5:15:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:23:00 PM)

08 - Repair MDAC/MS Jet
   Start (1/16/2016 5:23:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:23:38 PM)

10 - Remove Policies Set By Infections
   Start (1/16/2016 5:23:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:23:44 PM)

26 - Restore Important Windows Services
   Start (1/16/2016 5:23:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:24:02 PM)

27 - Set Windows Services To Default Startup
   Start (1/16/2016 5:24:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/16/2016 5:24:27 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/16/2016 5:24:27 PM)
   Total Repair Time: 01:22:34


...YOU MUST RESTART YOUR SYSTEM...



#15 judyjht

judyjht
  • Topic Starter

  • Members
  • 799 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Maine
  • Local time:06:21 PM

Posted 16 January 2016 - 10:18 PM

I didn't know if you wanted the results from the pre scan and the log backup - so here they are:

 

───────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair v3.8.0 - Pre-Scan
│ Computer: JHT-99 (Microsoft Windows XP 5.1.2600 Service Pack 3) (32-bit)
│ [Started Scan - 1/16/2016 3:51:22 PM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Skipping Scan Of Windows Packages Files.
│ This Scan Is For Windows Vista, 7, 8, 8.1, 10 And Newer.
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (1/16/2016 3:51:22 PM)

│ Reparse Points are OK!.

│ Files & Folders Searched: 405,855
│ Reparse Points Found: 7

│ Done Scanning Reparse Points.(1/16/2016 3:53:59 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (1/16/2016 3:53:59 PM)

│ Missing default file extension in 'PathExt' variable: .MSC

│ Wrong 'USERNAME' variable, should be: SYSTEM (Current variable: )

│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.

│ Done Checking Environment Variables. (1/16/2016 3:53:59 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 1/16/2016 3:53:59 PM]

│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
│ [x] If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.
└─────────────────────

 

 

[1/16/2016 - 3:58:22 PM] System Variables
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------
[1/16/2016 - 3:58:22 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[1/16/2016 - 3:58:22 PM] VSS exe To Use: vss_xp.exe
[1/16/2016 - 3:58:22 PM] Windows Drive: C:
[1/16/2016 - 3:58:22 PM] Windows Folder: windows
[1/16/2016 - 3:58:22 PM] Windows Path: C:\windows
[1/16/2016 - 3:58:22 PM] Registry File Location: C:\windows\System32\Config
[1/16/2016 - 3:58:22 PM] Current Profile: C:\Documents and Settings\Judy Quickbooks
[1/16/2016 - 3:58:22 PM] Current Profile SID: S-1-5-21-602162358-1547161642-725345543-1007
[1/16/2016 - 3:58:22 PM] Current Profile Classes: S-1-5-21-602162358-1547161642-725345543-1007_Classes
[1/16/2016 - 3:58:22 PM] Profiles Location: C:\Documents and Settings
[1/16/2016 - 3:58:22 PM] Profiles Location 2: C:\windows\ServiceProfiles
[1/16/2016 - 3:58:22 PM] Local Settings AppData: Local Settings\Application Data
[1/16/2016 - 3:58:22 PM] Computer Name: JHT-99
[1/16/2016 - 3:58:22 PM] OS: Microsoft Windows XP (32-bit)
[1/16/2016 - 3:58:22 PM] OS Architecture: 32-bit
[1/16/2016 - 3:58:22 PM] OS Version: 5.1.2600
[1/16/2016 - 3:58:22 PM] OS Service Pack: Service Pack 3
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------

[1/16/2016 - 3:58:22 PM] Backup Location: C:\RegBackup\

[1/16/2016 - 3:58:22 PM] Silent command given, program will close after backup.

[1/16/2016 - 3:58:22 PM] Auto Delete Old Backups Enabled, Working...
[1/16/2016 - 3:58:22 PM] Delete backups 7 Days or older. Keep at least 5 Backups.
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------

[1/16/2016 - 3:58:22 PM] Starting Backup...

[1/16/2016 - 3:58:22 PM] Files To Backup:
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------
[1/16/2016 - 3:58:22 PM] C:\windows\System32\Config\default
[1/16/2016 - 3:58:22 PM] C:\windows\System32\Config\sam
[1/16/2016 - 3:58:22 PM] C:\windows\System32\Config\security
[1/16/2016 - 3:58:22 PM] C:\windows\System32\Config\software
[1/16/2016 - 3:58:22 PM] C:\windows\System32\Config\system
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\Administrator\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\All Users\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\Default User\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\Judy Quickbooks\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\JUDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\JUDY\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\LocalService\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\NetworkService\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\TEMP\ntuser.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:22 PM] C:\Documents and Settings\UpdatusUser\ntuser.dat
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------

[1/16/2016 - 3:58:22 PM] Backing Up Files...:
[1/16/2016 - 3:58:22 PM] --------------------------------------------------------------------------------
[1/16/2016 - 3:58:22 PM] Using Fallback Backup Method.

[1/16/2016 - 3:58:22 PM] Backing Up File: C:\windows\System32\Config\default
[1/16/2016 - 3:58:22 PM] Result: Successful (460.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\windows\System32\Config\default

[1/16/2016 - 3:58:22 PM] Backing Up File: C:\windows\System32\Config\sam
[1/16/2016 - 3:58:23 PM] Result: Successful (28.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\windows\System32\Config\sam

[1/16/2016 - 3:58:23 PM] Backing Up File: C:\windows\System32\Config\security
[1/16/2016 - 3:58:23 PM] Result: Successful (72.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\windows\System32\Config\security

[1/16/2016 - 3:58:23 PM] Backing Up File: C:\windows\System32\Config\software
[1/16/2016 - 3:58:26 PM] Result: Successful (63.08 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\windows\System32\Config\software

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\windows\System32\Config\system
[1/16/2016 - 3:58:26 PM] Result: Successful (10.63 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\windows\System32\Config\system

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:26 PM] Result: Successful (12.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\Administrator\ntuser.dat
[1/16/2016 - 3:58:26 PM] Result: Successful (1.50 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\Administrator\ntuser.dat

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\All Users\ntuser.dat
[1/16/2016 - 3:58:26 PM] Result: Successful (256.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\All Users\ntuser.dat

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\Default User\ntuser.dat
[1/16/2016 - 3:58:26 PM] Result: Successful (256.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\Default User\ntuser.dat

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:26 PM] Result: Successful (980.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\Judy Quickbooks\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[1/16/2016 - 3:58:26 PM] Backing Up File: C:\Documents and Settings\Judy Quickbooks\ntuser.dat
[1/16/2016 - 3:58:27 PM] Result: Successful (14.13 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\Judy Quickbooks\ntuser.dat

[1/16/2016 - 3:58:27 PM] Backing Up File: C:\Documents and Settings\JUDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:28 PM] Result: Successful (1.50 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\JUDY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[1/16/2016 - 3:58:28 PM] Backing Up File: C:\Documents and Settings\JUDY\ntuser.dat
[1/16/2016 - 3:58:28 PM] Result: Successful (6.50 MB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\JUDY\ntuser.dat

[1/16/2016 - 3:58:28 PM] Backing Up File: C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:28 PM] Result: Successful (8.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[1/16/2016 - 3:58:28 PM] Backing Up File: C:\Documents and Settings\LocalService\ntuser.dat
[1/16/2016 - 3:58:28 PM] Result: Successful (232.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\LocalService\ntuser.dat

[1/16/2016 - 3:58:28 PM] Backing Up File: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:29 PM] Result: Successful (8.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[1/16/2016 - 3:58:29 PM] Backing Up File: C:\Documents and Settings\NetworkService\ntuser.dat
[1/16/2016 - 3:58:29 PM] Result: Successful (228.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\NetworkService\ntuser.dat

[1/16/2016 - 3:58:29 PM] Backing Up File: C:\Documents and Settings\TEMP\ntuser.dat
[1/16/2016 - 3:58:29 PM] Result: Successful (256.00 KB) - C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\C\Documents and Settings\TEMP\ntuser.dat

[1/16/2016 - 3:58:29 PM] Backing Up File: C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[1/16/2016 - 3:58:29 PM] Result: Failed - Error: -1 (API Reg Save Failed (), Tried File Copy, File In use, Cannot copy.)

[1/16/2016 - 3:58:29 PM] Backing Up File: C:\Documents and Settings\UpdatusUser\ntuser.dat
[1/16/2016 - 3:58:29 PM] Result: Failed - Error: -1 (API Reg Save Failed (), Tried File Copy, File In use, Cannot copy.)

[1/16/2016 - 3:58:29 PM] Total Size: 100.07 MB

[1/16/2016 - 3:58:29 PM] --------------------------------------------------------------------------------

[1/16/2016 - 3:58:29 PM] Creating DOS restore bat file for use in the Windows Recovery Console:
[1/16/2016 - 3:58:29 PM] --------------------------------------------------------------------------------
[1/16/2016 - 3:58:29 PM] Done: C:\RegBackup\JHT-99\1.16.2016_3.58.22-PM\dos_restore.cmd
[1/16/2016 - 3:58:29 PM] --------------------------------------------------------------------------------
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users