Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Low disk space message, unable to delete programs...


  • Please log in to reply
8 replies to this topic

#1 mist3005

mist3005

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 25 February 2016 - 11:46 AM

I keep getting a message stating Low disk space on my Toshiba windows 7 Laptop. I've deleted everything my laptop will allow me. I've performed the disk clean up several times, but nothing changes. I've deleted everything I could possibly think of individually--web history, bookmarks, etc. I'm unable to download Malware removal. I know the hard drive is not full...

Any advice is greatly appreciated! 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:08 PM

Posted 27 February 2016 - 10:16 AM

hi,

 

If you still need help see this link about posting a FRST log. We will use the logs as a starting/reference point and go from there. Usually Iam only on line here once or twice per day so you may not get a reply back from me until the following day.

 

you can start at step 6: Downloading and generating/posting a FRST log.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


How Can I Reduce My Risk to Malware?


#3 mist3005

mist3005
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 27 February 2016 - 03:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Misty (administrator) on MISTY-PC (27-02-2016 15:36:52)
Running from E:\
Loaded Profiles: Misty (Available Profiles: Misty)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{871A3A37-D6B3-4EF4-8701-C08A66A8BDC1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{90BE4F28-1F3D-4AD2-8F23-7947D4EF869A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2990564305-3461962304-1455986322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2990564305-3461962304-1455986322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {8B6DF305-3E7A-4CF8-AAB7-B42129EF8C55} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {8B6DF305-3E7A-4CF8-AAB7-B42129EF8C55} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {34687A94-8AAF-4AD2-A2F2-09251B9284AB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {34687A94-8AAF-4AD2-A2F2-09251B9284AB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2990564305-3461962304-1455986322-1000 -> DefaultScope {0011D300-80EA-431F-AA57-AA9D1738E25B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2990564305-3461962304-1455986322-1000 -> {0011D300-80EA-431F-AA57-AA9D1738E25B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2990564305-3461962304-1455986322-1000 -> {8B6DF305-3E7A-4CF8-AAB7-B42129EF8C55} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20141221164335.dll [2014-12-21] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-28] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2010-10-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20141221164335.dll [2014-12-21] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-10-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-28] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-28] (Google Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-10-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-30] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ghostery) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Profile: C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-25]
CHR Extension: (Gmail) - C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-12-21] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185280 2014-12-21] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-12-21] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-12-21] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-12-21] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-12-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-12-21] (McAfee, Inc.)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 15:28 - 2016-02-27 15:36 - 00000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 15:37 - 2010-10-28 23:08 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-27 15:31 - 2009-07-13 23:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-27 15:31 - 2009-07-13 23:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-27 14:55 - 2010-10-28 23:08 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-27 14:24 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-25 11:13 - 2016-01-20 13:53 - 00000000 ____D C:\Users\Misty\Desktop\Bio Psyc
2016-02-25 10:33 - 2015-04-01 14:04 - 01004654 _____ C:\windows\ntbtlog.txt
2016-02-25 09:55 - 2014-10-28 14:02 - 00000000 ____D C:\Users\Misty\AppData\Local\Toshiba
2016-02-25 09:15 - 2015-07-24 12:11 - 00000000 ____D C:\Users\Misty\Documents\Cognitive Psychology 420 B
2016-02-23 17:10 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2016-02-22 13:45 - 2014-11-15 14:07 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 13:44 - 2014-11-15 14:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-19 19:58 - 2010-10-28 23:08 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 11:45 - 2015-12-08 14:44 - 00000000 ____D C:\Users\Misty\AppData\Local\ElevatedDiagnostics
2016-02-17 19:57 - 2015-12-05 19:38 - 00000000 ____D C:\windows\Minidump
2016-02-16 17:47 - 2015-07-24 14:14 - 00000000 ____D C:\Users\Misty\Documents\Applied Psychology 260 A
2016-02-16 11:35 - 2015-07-07 12:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-07 21:02 - 2015-10-26 11:42 - 00000000 ____D C:\Users\Misty\Desktop\NEURO LATE FALL
2016-02-07 20:34 - 2015-03-18 10:16 - 00000000 ____D C:\Users\Misty\AppData\Local\CrashDumps
2016-02-02 14:50 - 2010-10-28 23:08 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 14:50 - 2010-10-28 23:08 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-12-29 18:10 - 2015-12-29 18:10 - 0000000 ____H () C:\Users\Misty\AppData\Local\BIT23C5.tmp
2015-12-22 11:46 - 2015-12-22 11:46 - 0000000 _____ () C:\Users\Misty\AppData\Local\{26A89150-D48F-4A37-837C-6B03F357383B}
2015-12-29 18:10 - 2015-12-29 18:10 - 0000000 _____ () C:\Users\Misty\AppData\Local\{BD8ADF5B-446A-47A2-BC6C-A504F30BA962}
2015-04-28 19:01 - 2015-04-28 19:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-27 20:32
 
==================== End of FRST.txt ============================


#4 mist3005

mist3005
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 27 February 2016 - 03:44 PM

I wasn't sure if you needed the Addition, however just in case...here it is. Thank you! 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Misty (2016-02-27 15:37:33)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-28 18:59:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2990564305-3461962304-1455986322-500 - Administrator - Disabled)
Guest (S-1-5-21-2990564305-3461962304-1455986322-501 - Limited - Disabled)
Misty (S-1-5-21-2990564305-3461962304-1455986322-1000 - Administrator - Enabled) => C:\Users\Misty
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Disabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2990564305-3461962304-1455986322-1000\...\Amazon Kindle) (Version:  - Amazon)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KateVoice (HKLM-x32\...\{3ACA2514-480B-4774-B986-AE4546B00381}) (Version: 1.00.0000 - naturalsoft)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LG VZW United Drivers (HKLM-x32\...\{4527ADB5-01C3-45D3-A650-F3654FA62AFE}) (Version: 2.18.0 - LG Electronics)
McAfee Agent (HKLM-x32\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
PaulVoice (HKLM-x32\...\{12F88D4F-B525-4F01-BD5E-522D81F049AF}) (Version: 1.00.0000 - naturalsoft)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22618D58-A679-4D10-A809-E3211568552C} - System32\Tasks\HP AR Program Upload - 3512b8e2da304b3c97d7858f4ad2f71505b5361e729842a6b9504965a955196c => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {52947E4A-732D-48D8-9585-0D056624FA64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {7417D935-57F8-49A7-B255-25C6F3033BA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {8B96BED7-6FC3-40FE-80A7-17AB9F40D860} - System32\Tasks\HP AR Program Upload - 9610bbf969774555a893e5297f942fee80d8a9156a5f4a4d88fe0e604aaf5fbd => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {9ECB17C7-891C-4E11-8B62-EA91D1166D72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {BF0FC433-36E1-4D68-980C-15B2E93ECDC7} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {C0FD65D6-27A6-410F-8E71-2CE44F324367} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D6378F13-50AB-4E58-A383-F6DE8C97AC5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DC6F6201-E6CB-48CE-8338-DFA64A897712} - System32\Tasks\HP AR Program Upload - ca87e69ff54d419680668df444daec93a661ad9152ba4c6ca1ab05e0515e2e68 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-12-19 15:41 - 00000832 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2990564305-3461962304-1455986322-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Misty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{036A2F94-E1CE-41B4-9044-132582253A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{95958B28-0306-4B52-AEA3-8A9FE2163BE8}] => (Allow) LPort=2869
FirewallRules: [{373DAED4-330F-4CA2-8E31-8ECD465C9653}] => (Allow) LPort=1900
FirewallRules: [{D5F9DE79-62B6-4A4C-BC7E-CA18367B1022}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3466E698-89BA-4D4C-91ED-39709D968696}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{820A3F8D-C771-41D9-8A36-DF1307682529}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{065D1512-A12D-4256-BA8E-DE517227D630}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{7E91D419-8BFB-425A-86B1-64E31EBCC3DF}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{B8653430-DD14-4347-B104-EA12D798CD84}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{FAA26C43-037F-4E67-AAA0-D5A15A1070DB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{29BB9B52-10B1-4E7B-AA79-742A3D50E416}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{BFE8D31B-1A37-456D-A753-BB8C7419292B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{900BB002-C5BD-4AF5-B20C-FF2A38BC868B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{34CBDF44-B19C-4C69-9C24-1047412990E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{857095D9-5AB9-42C5-AF6A-B33F00C874B4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{0438C2C3-F174-42D6-89BC-5235C766B142}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{73FA824F-B525-4175-B2AD-BD1F7EC0B8B6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{5699D406-004C-411B-9DA3-90112C1CCA9C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{E25A26EF-9D78-4CC2-8E8C-3623C2923DEB}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{98AB9E4B-3EB6-498B-B1A9-43F954D70BCB}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{E57CFA7C-A31C-4440-A5F1-A75B89390E83}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{8B06B867-47BF-4494-BD3D-9965F7CB13E1}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{47547318-D608-4975-8895-0E8C5B4745FA}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{5E1DCCEC-2661-436C-8573-C80306CA3854}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{64C0052A-B442-49CD-82E1-0520F4F866C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{715C087C-36D5-4B27-8463-040AD61E314C}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{D2CC6CD1-E81D-4866-B806-0666DEF8A399}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{92AD8F64-8FA0-469A-8490-2E44D529BA45}C:\requirements\pythonw.exe] => (Allow) C:\requirements\pythonw.exe
FirewallRules: [UDP Query User{044C7829-2362-4EE7-A210-DEEEBA44EB70}C:\requirements\pythonw.exe] => (Allow) C:\requirements\pythonw.exe
FirewallRules: [{53B4EBF5-8228-4484-84C5-3457D118EF37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2385E8B7-62FA-4248-BEC2-058414213841}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6B4F3FF3-5DCA-4CDF-831D-E0092933AE2D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{128C3624-9605-4750-8104-2C7E89DD467C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C2C7A09E-33F3-40F5-AC76-FF64F3B9B998}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2016 03:31:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (02/27/2016 03:25:50 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (02/27/2016 03:25:43 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (02/27/2016 03:25:43 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (508) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 4587520 (0x0000000000460000) for 32768 (0x00008000) bytes failed after Windows0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (02/27/2016 03:05:55 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80040d8b, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (02/27/2016 03:04:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (02/27/2016 03:04:08 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80040d8b, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (02/27/2016 03:04:03 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80040d8b, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (02/27/2016 03:03:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80040d8b, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (02/27/2016 03:03:47 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80040d8b, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
 
System errors:
=============
Error: (02/27/2016 03:37:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:36:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:36:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:35:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:35:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:33:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:33:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:32:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:32:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
Error: (02/27/2016 03:31:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%126
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 43%
Total physical RAM: 3890.67 MB
Available physical RAM: 2204.16 MB
Total Virtual: 4292.9 MB
Available Virtual: 2293.13 MB
 
==================== Drives ================================
 
Drive c: (TI106045W0C) (Fixed) (Total:918.02 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:0.94 GB) (Free:0.69 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: ABF0907B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 962 MB) (Disk ID: 00098A90)
Partition 1: (Active) - (Size=962 MB) - (Type=06)
 
==================== End of Addition.txt ============================


#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:08 PM

Posted 27 February 2016 - 08:55 PM

ok thanks for the info. the low disk space, is that referring to your C; drive? If you right click on the start orb and select open windows explorer, then under the Computer heading right click on Local Disk C; and select properties you will see a pie chart of used and free space. What does it say there about space?

 

Also your McAfee Av appears to be outdated and not running? Do you see the icon down by the clock, can you manually update it? Dont see any malware in the logs.

 

So what happens when you try to download something?  Try downloading,installing and running the free version of Malwarebytes as an example:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#6 mist3005

mist3005
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 27 February 2016 - 10:37 PM

Picture 1: drive with the properties.

The McAfee virus protector went all crazy on me last week. It was working just fine until it went crazy.

Picture 2: McAfee & other programs won't run.

Explorer or chrome takes forever to load now and won't go to other websites. I'm using a friends laptop at the moment, so I downloaded the program on a thumb drive and opened it on my laptop. Then I get the error message unable to create a temporary file. setup aborted. Error 112: There is not enough space on the disk. Earlier I had to download the FRST on a thumb drive on another laptop and open it on my laptop.  

 

Should I reset my computer? Will it let me reset it with it saying it has 0 space?

 

 

 

Attached Files



#7 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:08 PM

Posted 28 February 2016 - 08:42 AM

Ok. Well according to the pie chart you are pretty much out of space. Explains all the odd behavior your having. Wanted to make sure it was your physical C drive and not a partition on the drive that was full. You've run disk clean up, uninstalled software etc.

 

Why not try running: TOSHIBA PC Health Monitor and see what it says, if its possible.  Not even sure it would give any information related to the problem, worth a try.

 

You could also try running disk defragmenter. Start>All Programs>Accessories>System Tools>Disk defragmenter. It may already be on and running on a schedule, in which case, dont even bother running it. Just two things to try.

 

Reset computer. Have you done this before? Not sure what it means Toshibas use of the word Reset Computer might be different then Acers, Dell or HP. Whats the make and model number of your laptop?


How Can I Reduce My Risk to Malware?


#8 mist3005

mist3005
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 PM

Posted 28 February 2016 - 02:06 PM

I ran disk clean up again and this is what was included:

Downloaded Program Files   0 bytes

Temporary Internet Files   4.78 KB

Recycle Bin    0  bytes

Temporary Files   0 bytes

Thumbnails  3.29 KB

Total amount of disk space you gain: 8.08 KB

 

However, every time after performing disk clean up......nothing is cleaned up. If I was to perform disk clean up again, the same information will be there--Temp. Internet files 4.78 KB, etc.

 

I've tried to uninstall software, however I get the error message due to not enough space.

I ran the Toshiba PC Health Monitor and Hard Disk Drive Status was good and Hard Disk Drive 3D Sensor was active.

 

I probably used the wrong term, when I asked about resetting the computer. What I meant was should I use the recovery CDs and reset it back to manufactory status?

 

Here is the Computer Information (right clicked computer, properties):

Toshiba Satellite A665

Intel ®  Core ™ i3 CPU M 380 @ 2.53 GHz   2.53 GHz

64-bit operating system

RAM: 4.00 GB (3.80 GB usable)

Windows 7 Home Premium

Service Pack 1

 

Thank you!



#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:08 PM

Posted 28 February 2016 - 05:58 PM

One more thing to check. click on Start then over on the right, right click on Computer and select properties, in the next window on the left click on System Protection, then the configure button (under system protection tab). Under Disk Space usage what does it say?  Thats the most amount of space system restore points will use See what it says even though I am pretty sure disk cleanup would delete some of the older restore points. Worth a look. See screenshot image.

 

 

You could do a factory restore, that would set it back to just like when you got it. That means any data you created would get wiped so you would want to pull off any pictures, videos, documents etc: anything you wanted keep, otherwise it will be gone after a factory reset. Also any license keys if you purchased any software and added it to the laptop after you purchased it.

I would also visit the Toshiba support site for directions on how to reset back to factory defaults, just to avoid any potential problems.

 

Attached Files


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users