Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cannot run any malware program [Solved]

Started by fracm , Apr 12 2015 12:22 PM

This topic is locked

#1
fracm

Posted 12 April 2015 - 12:22 PM

Member

Member
19 posts

Hey everyone,

I am new here but I would like to kindly ask for your help since I believe my computer has been invaded with malware. Some of the issues I am having:

- i cannot download anything (email attachments, programs on the internet, etc.)

- if I try installing a program that I downloaded through a different machine and that I've passed using a USB, I am unable to

- I am unable to save things, like a new Word documment for instance

- something is wrong with my applications. For instance, dropbox has started giving me error messages saying that it is no longer able to function and I cannot load itunes (The Folder "iTunes" is on a locked disk or you do not have write permissions for this folder).

I have looked around a lot before posting but nothing I have seen works. I went through the steps here (http://www.geekstogo...t-run-tutorial/) but none of them works because none of these programs will run.

I do not know what kind of specifications you need. I have Windows 8.

I would really appreciate if you could help me as I am quite desperate with this. Thank you very much.

#2
Essexboy

Posted 12 April 2015 - 12:29 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi a few questions first.. Is this windows 8 or 8.1 ? Is it 32 or 64 bit

#3
fracm

Posted 12 April 2015 - 12:44 PM

Member

Topic Starter
Member
19 posts

Hey,

Thanks for the availability to help.

It is Windows 8 and it is 64-bit.

#4
Essexboy

Posted 12 April 2015 - 01:38 PM

GeekU Moderator

Retired Staff
69,964 posts

Download the following three programmes to your desktop :

1. Rufus

For 64bit systems
2. Windows 8 64bit RC.. The link will be sent by PM
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB

Windows 8 screen shots

When you reboot you will see this.

Select the language on this screen and keyboard on the next

select%20language8.JPG

Select the Trouble shoot option

Select%20option8.JPG

Select Advanced option

Select Command prompt

command%208.JPG

At the command prompt type the following :

The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

#5
fracm

Posted 12 April 2015 - 01:55 PM

Member

Topic Starter
Member
19 posts

Thank you so much for this.

I have a problem however on the very first step. Since I cannot download anything on my computer, I've downloaded all three programs using a second computer and I used a USB tro try to get them in my sick computer. The problem is that when I try to move the files from the USB to the desktop I am unable to. I get the following error message:

"An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.

Error 0x80070570: The file or directory is corrupted and unreadable."

Any idea how can I get around this?

#6
Essexboy

Posted 12 April 2015 - 01:58 PM

GeekU Moderator

Retired Staff
69,964 posts

OK the USB is bootable so insert the USB and then power up the sick system
You should see a prompt come up saying press any key to boot from CD press a key and the recovery console will load and we will initially run everything from there

#7
Essexboy

Posted 12 April 2015 - 02:08 PM

GeekU Moderator

Retired Staff
69,964 posts

Did you run Rufus on the healthy computer ? As the initial steps must be done there

#8
fracm

Posted 12 April 2015 - 02:09 PM

Member

Topic Starter
Member
19 posts

I am sorry but I am not sure if I understood your instructions correctly. What I did was to turn off and then turn back on the computer with the USB drive that contains all three programs inserted. No prompt has appeared to me though. Was this what I was supposed to do?

#9
fracm

Posted 12 April 2015 - 02:11 PM

Member

Topic Starter
Member
19 posts

Did you run Rufus on the healthy computer ? As the initial steps must be done there

Oh no sorry, I hadn't understood this. So I should do all steps up until the WIndows 8 Screen shots in the healthy computer? Is that it?

#10
Essexboy

Posted 12 April 2015 - 02:12 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes please, as the USB will then be self contained unit and we can run FRST from there without interference

#11
fracm

Posted 12 April 2015 - 02:30 PM

Member

Topic Starter
Member
19 posts

The healthy computer that I am using to help with this is a corporate one that is full of protections and encryption requirements, including for the USB drives that I insert in there. As such, when I run Rufus it gives me an error because of that. I will have to wait for tomorrow's morning (I am GMT) to get access to another healthy computer that doesn't require this. I will let you know as soon as I am able to do it! Thanks a lot.

#12
Essexboy

Posted 12 April 2015 - 02:48 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem I am on GMT as well and I will be back online at about 1400

#13
fracm

Posted 12 April 2015 - 02:54 PM

Member

Topic Starter
Member
19 posts

Ok great. I will hopefully have it done before that. Thanks a lot for your help once again.

#14
fracm

Posted 13 April 2015 - 03:42 AM

Member

Topic Starter
Member
19 posts

Hey again.

So I think I managed to do it. The problem is that I didnt exactly follow all of your instructions. I did the Rufus thing on a separate computer and then I passed the FRST program to the flash drive. I then inserted the flash drive on the sick computer but nothing happened, even upon rebooting. So I wasnt able to access that setup that you have illustrated to me with screen shots. However, I was still able to run FRST, so hopefully that is okay. It generated two separate file logs, one called FRST and the second called ADDITION. I will now past you the content of those. By the way, and not sure if it matters or not, but I think the situation is getting worse. Mozzila Firefox, the browser I use, is now extremely slow and keeps blocking and now all my browser hystory and bookmarks are gone{Never mind, they have now came back}.

Anyway, here it is the log. Thank you so much for all the help!

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> DefaultScope {2D6B5669-7159-40E0-8202-7703CAAEC01D} URL =
SearchScopes: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> {2D6B5669-7159-40E0-8202-7703CAAEC01D} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.15.254

FireFox:
========
FF ProfilePath: C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Corretor para Português de Portugal - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\[email protected] [2015-04-05]
FF Extension: No Name - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\[email protected] [2015-02-14]
FF Extension: No Name - C:\Users\FranciscoMartins\AppData\Roaming\Mozilla\Firefox\Profiles\ebd92hxy.default-1394058026065\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
CHR Extension: (YTBooKMark) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcnfiaadgoeoehmilnohaejmfjjlph [2014-02-02]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== Files in the root of some directories =======

2013-04-26 23:15 - 2013-04-27 01:00 - 0005120 _____ () C:\Users\FranciscoMartins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-12 14:02 - 2011-07-12 14:02 - 0232496 ____R () C:\ProgramData\DeviceManager.xml.rc4
2014-09-08 12:00 - 2014-09-08 12:10 - 0000828 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-28 22:12

==================== End Of Log ============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FranciscoMartins\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-04-2015 14:02:37 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2015-04-11 20:15 - 00000938 ____R C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\FranciscoMartins\Pictures\P130310_15.060001.jpg
DNS Servers: 192.168.15.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "MobileBroadband"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "CloudSystemBooster"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1355559273-4184100690-1832665884-1002\...\StartupApproved\Run: => "uTorrent"

==================== Accounts: =============================

Administrator (S-1-5-21-1355559273-4184100690-1832665884-500 - Administrator - Disabled)
FranciscoMartins (S-1-5-21-1355559273-4184100690-1832665884-1002 - Administrator - Enabled) => C:\Users\FranciscoMartins
Guest (S-1-5-21-1355559273-4184100690-1832665884-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1355559273-4184100690-1832665884-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 09:52:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18f8

Start Time: 01d075c61c6eaece

Termination Time: 19

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 581b9125-e1ba-11e4-bed6-b888e31ade21

Faulting package full name:

Faulting package-relative application ID:

Error: (04/13/2015 01:26:38 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\>.

Error: (04/13/2015 01:26:38 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialised.

Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 01:26:34 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\>.

Error: (04/13/2015 01:26:34 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialised.

Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:59:17 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\>.

Error: (04/13/2015 00:59:17 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialised.

Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:59:14 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\>.

Error: (04/13/2015 00:59:14 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialised.

Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:06:33 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\>.

System errors:
=============
Error: (04/13/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 16 time(s).

Error: (04/13/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%3

Error: (04/13/2015 01:26:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 15 time(s).

Error: (04/13/2015 01:26:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%3

Error: (04/13/2015 00:59:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 14 time(s).

Error: (04/13/2015 00:59:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%3

Error: (04/13/2015 00:59:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 13 time(s).

Error: (04/13/2015 00:59:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%3

Error: (04/13/2015 00:06:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 12 time(s).

Error: (04/13/2015 00:06:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%3

Microsoft Office Sessions:
=========================
Error: (04/13/2015 09:52:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.550018f801d075c61c6eaece19C:\Program Files (x86)\Mozilla Firefox\firefox.exe581b9125-e1ba-11e4-bed6-b888e31ade21

Error: (04/13/2015 01:26:38 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\

Error: (04/13/2015 01:26:38 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 01:26:34 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\

Error: (04/13/2015 01:26:34 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:59:17 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\

Error: (04/13/2015 00:59:17 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:59:14 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\

Error: (04/13/2015 00:59:14 AM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
   The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder. (HRESULT : 0x80070660) (0x80070660)

Error: (04/13/2015 00:06:33 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: C:\ProgramData\Microsoft\Search\Data\Applications\

==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8081.63 MB
Available physical RAM: 6377.32 MB
Total Pagefile: 9297.63 MB
Available Pagefile: 7428.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (TI30999600A) (Fixed) (Total:687.87 GB) (Free:70.83 GB) NTFS
Drive h: (SUTENT) (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT

==================== End Of Log ============================

Edited by fracm, 13 April 2015 - 03:44 AM.

#15
Essexboy

Posted 13 April 2015 - 07:51 AM

GeekU Moderator

Retired Staff
69,964 posts

OK this is a weird one as it is showing no files on the system

What I will do is reset the network data to default then run a chkdsk followed by a fresh FRST scan. If I still get no data I will try another older tool

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Toolbar: HKU\S-1-5-21-1355559273-4184100690-1832665884-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR Extension: (YoutubeAdblocker) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgepecogafjjeefjlphgcbpjhjioogd [2014-02-02]
CHR Extension: (Easy Surf) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-02-02]
CHR Extension: (WebsAvE) - C:\Users\FranciscoMartins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgikbljoblhjpncgaamidfancbkpdnni [2014-02-02]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN :

Run a Chkdsk, details here http://computerstepb...s_7_chkdsk.htmluse the windows option

THEN :

Please run a fresh FRST scan copying FRST to the desktop of the affected system if at all possible