Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

More problems with malware in Chrome

Started by krisinluck , Apr 07 2014 07:39 PM

  • Please log in to reply

#61
RKinner
Posted 22 April 2014 - 03:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04222014-some number.log so look there if you don't see it.
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 

  • 0

Advertisements

#62
krisinluck
Posted 22 April 2014 - 03:37 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

VEW System:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/04/2014 4:28:16 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/04/2014 9:21:41 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 22/04/2014 9:21:41 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
(I did update the driver, but it's still indicating a problem?)
 
VEW Application Log:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 22/04/2014 4:25:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:40 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:39 PM
Type: Error Category: 1
Event: 9002 Source: Microsoft-Windows-Search
The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:39 PM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
Log: 'Application' Date/Time: 20/04/2014 8:48:39 PM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.
 
Log: 'Application' Date/Time: 20/04/2014 5:35:38 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 19/04/2014 5:35:35 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 18/04/2014 4:08:55 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x138c Faulting application start time: 0x01cf5b207bccb188 Faulting application path: C:\Windows\SysWOW64\DllHost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bcfeaf74-c713-11e3-8ea3-e840f258bf53
 
Log: 'Application' Date/Time: 18/04/2014 5:35:43 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 17/04/2014 5:36:01 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 16/04/2014 10:39:17 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x174c Faulting application start time: 0x01cf59c4b31e1964 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f13b51b4-c5b7-11e3-acd9-e840f258bf53
 
Log: 'Application' Date/Time: 16/04/2014 10:37:42 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0x1698 Faulting application start time: 0x01cf59c4779ab33f Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b859a25c-c5b7-11e3-acd9-e840f258bf53
 
Log: 'Application' Date/Time: 16/04/2014 5:36:05 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 15/04/2014 5:36:06 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 14/04/2014 5:24:24 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Log: 'Application' Date/Time: 13/04/2014 5:35:58 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/04/2014 9:23:10 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=C6C}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 22/04/2014 9:22:55 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=C6C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 22/04/2014 9:21:33 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 660 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 22/04/2014 6:49:08 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=CC0}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 22/04/2014 6:49:00 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=CC0}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 22/04/2014 6:47:34 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 656 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 22/04/2014 4:41:56 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 22/04/2014 1:46:32 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=A68}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 22/04/2014 1:46:24 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=A68}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 22/04/2014 1:45:09 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 664 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 22/04/2014 10:49:19 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 22/04/2014 5:00:02 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 22/04/2014 3:22:44 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 21/04/2014 10:59:11 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-387024861-1857405023-142887614-1000}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 21/04/2014 10:59:11 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=A28}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 21/04/2014 10:59:11 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-387024861-1857405023-142887614-1000}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 21/04/2014 10:59:02 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=A28}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 21/04/2014 10:56:56 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-387024861-1857405023-142887614-1000}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 21/04/2014 10:56:48 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=A0C}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 21/04/2014 10:56:42 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=A0C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
 
(ESET still shows in this report, but it is not on my system.)

  • 0

#63
krisinluck
Posted 22 April 2014 - 03:42 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I was running the VEW when you posted above.  I'm going to the OTL fix now, and I'll be back to see if I am to run VEW again.  


  • 0

#64
RKinner
Posted 22 April 2014 - 04:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

No nothing wrong with the wifi.  That's a normal indication.  Doesn't look like you cleared the logs on the Applications but there aren't many new ones:

 

Log: 'Application' Date/Time: 22/04/2014 4:41:56 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 

 

 

This is usually a misconfigured System Restore where it is trying to backup a drive besides the C:\.  Is this the one where you couldn't find the System Protection option inside the Control Panel, System, Advanced System Settings?  If you can find it you will see a list of drives with On or Off to the right.  These should be all Off except for C:.  If one is On, click on it and then configure and turn off system restore for that drive.


  • 0

#65
krisinluck
Posted 22 April 2014 - 05:51 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

It is the same one.  I can find it with no problem - I cannot get it to open.  When I select Advanced System Settings - either as administrator or not (I've tried both), it gives me an error message, tries to solve the error, then restarts Windows Explorer.  


  • 0

#66
RKinner
Posted 22 April 2014 - 06:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Copy the next line:

 

control sysdm.cpl

 

Open a Command Prompt (right click and Run As Admin)  and right click and then Paste or Edit then Paste and the copied line should appear.  Hit Enter.  Do you get an error or does it open a little window that says System Properties at the top?


  • 0

#67
krisinluck
Posted 22 April 2014 - 07:08 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Opened System Properties. Drive C is Protected.  Drive D is not.  Those are the only things that turn up in the box.  

 

I have to meet with the surgeon tomorrow in the cities.  I'll be home late in the day, but will check in once I get home.  


Edited by krisinluck, 22 April 2014 - 07:09 PM.

  • 0

#68
RKinner
Posted 22 April 2014 - 07:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Try to copy and paste the next 2 lines as you just did for control sysdm.cpl :

 

Vssadmin list shadowstorage > \junk.txt

notepad \junk.txt

 

If notepad does not open, hit Enter.  Copy and paste the text into a reply.


  • 0

#69
krisinluck
Posted 23 April 2014 - 08:52 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Here's what came up after copy/pasting into Command Prompt:

 

 

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool

© Copyright 2001-2005 Microsoft Corp.
 
Error: The shadow copy provider had an unexpected error while trying to process
the specified command.

 

It was a long day - the hour and a half drive home took over three hours, thanks to my car having huge issues as well as my computer.  I wasn't sure it was going to make it at all.  Time to turn off my brain and my nervous system for awhile.  

  • 0

#70
RKinner
Posted 23 April 2014 - 10:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Do you use Microsoft Office Click-to-Run 2010?  There are reports that this causes the VSS problems.  If you don't use it then uninstall it.  IF you do use it I guess we have to live with it as there appears to be no fix.


  • 0

Advertisements

#71
krisinluck
Posted 24 April 2014 - 08:01 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I removed it some time ago, but the drive still shows up, and it's empty.  I checked that when you mentioned that could be the problem.  I have no idea why.


  • 0

#72
RKinner
Posted 24 April 2014 - 09:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
the drive still shows up, and it's empty.

 

 

See if the instructions here help to remove it.

 

http://www.ghacks.ne...-virtual-drive/

 

IF they do then try the

Vssadmin list shadowstorage > \junk.txt
notepad \junk.txt

again.


  • 0

#73
krisinluck
Posted 25 April 2014 - 03:06 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Same result.  It's an empty drive, and it will not allow me to do anything with it.  

 

I ran the Command Prompt again, but got the same results.  


  • 0

#74
RKinner
Posted 25 April 2014 - 03:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The page wasn't as useful as I thought it would be.  Right click on (My) Computer and select Manage.  Under Storage should be Disk Management.  Click on that.  Does it show the Q drive?  IF so right click on Q and Delete Volume.


  • 0

#75
krisinluck
Posted 29 April 2014 - 10:02 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Doesn't show up there.  It shows the following, in order they are in:

 

(E:)

HP Recovery (D:)

OS (C:)

SYSTEM

 

They all indicate that everything is hunky dory.  Yeah.  It's not.  I'm ready to toss this thing out of a window.  


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP