[klockdoc]

03/25/2016 00:50
Scan of all local drives

File C:\Documents and Settings\Owner\Application Data\Ahead\Nero BackItUp\Info Files\20071912_090509_Owner\C\DOCUME~1\Owner\MYDOCU~1\MISSOU~1\THIELT~1\6903-1~4\6903-1~1.ZIP.nco|>20071912_090509_Owner\C\DOCUME~1\Owner\MYDOCU~1\MISSOU~1\THIELT~1\6903-1~4\6903-1~1.ZIP|>6903-1125-IN-5BOXLBL.pdf Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\Application Data\Ahead\Nero BackItUp\Info Files\20071912_090509_Owner\C\DOCUME~1\Owner\MYDOCU~1\MISSOU~1\THIELT~1\6903-1~4.ZIP.nco|>20071912_090509_Owner\C\DOCUME~1\Owner\MYDOCU~1\MISSOU~1\THIELT~1\6903-1~4.ZIP|>6903-1125-IN-5BOXLBL.pdf Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Digital Factory\FwANewBu.zip|>FwANewBu.txt Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation files\RELABELINGPRICES2007ex.zip|>labels.JPG Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\DSCN2187.zip|>DSCN2187.JPG Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\dunktank.zip|>file000.mpg Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\JG'Strip_Poker.zip|>JG'Strip_Poker.wmv Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\FwRatedX.zip|>FwRatedX.txt Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\groupcamp.zip|>groupcamp.JPG Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\FW_NewBudweiserGirl.zip|>FW_NewBudweiserGirl.eml Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Vacation2\SNC11389.zip|>SNC11390.JPG Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Stephen\AA New stuff\image031.zip|>-5-12-07.wmv Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Jaime\comics171.zip|>comic191.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Jaime\ATT66432.zip|>ATT66451.gif Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Jaime\AA New folder\joey'sjeephurricanepics010.zip|>joey'sjeephurricanepics003.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Missouri Graphics\Thiel Tool\6903-1175-R1Proof\6903-1175-R1Proof.zip|>6903-1125-IN-5BOXLBL.pdf Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\Owner\My Documents\Missouri Graphics\Thiel Tool\6903-1175-R1Proof.zip|>6903-1125-IN-5BOXLBL.pdf Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 12258
Number of tested files: 1039100
Number of infected files: 0

[Advertisements]

It just found some zip files that probably won't unzip but no malware.  How is it running now?

[RKinner]

It just found some zip files that probably won't unzip but no malware.  How is it running now?

[klockdoc]

It is running a lot better now.

 

When I first ran the procexp file, it showed the CPU usage at 100%. Now it is down to around 4%. It has also brought the temperature of one of the sections of the motherboard down to 70C from 99C. While this may still seem high, I think it has improved. I think it always ran somewhat hot. I may return to Philpower now to discuss.

 

I think that removing all the Java files helped tremendously. That brought the CPU usage down. 

 

Now I'm thinking about adding another 1G of RAM to speed things up. Worth a shot for $11!

 

Those zip files are old files from back around 2009 or earlier. I will go in and delete them

 

Still have some traces of McAfee and Malwarebytes programs that I need to clean up. I think I will look for a remover for Malwarebytes program. The McAfee wouldn't erase because I still had traces of AVG on the computer. I got rid of those and will need to retry McAfee uninstaller.

 

Lost a couple of drivers but I can resource those myself.

 

Other than that, I think I am okay. Thank you very much for all the help

Mike

[RKinner]

OK.  Deleting corrupt zips is best.

 

70 is still too hot.  What usually happens is dust gets trapped between the fan and the heatsink.  Assuming the fan is still running OK then you need to open it up and pull the fan (but not the heatsink unless you want to also change the thermal paste).  Then with a small brush and a vacuum cleaner hose (or compressed air) you can get rid of the dust.  Usually if you Google the PC's make and model number you will find a youtube video showing how to get to the fan.  A lot depends on the make and model.  Some Dells are simple.  They have a panel over the fan that you can remove which makes it easy to get to.  With HP it's  major surgery.  It usually just needs a small Phillips screwdriver (and sometimes an old credit card to split apart the plastic and a magnifying glass if your eyes aren't that good) but it's not all that difficult.  Just have to go slow and make sure you know where each screw and cable came from so you can put it back together.  A digital camera is very helpful..  I like to put the different size screws in one of those Monday thru Sunday pillboxes or you can use an egg carton to keep them separate.  I have a friend who uses masking tape.  He lays it out sticky side up then put the screw on the tap and marks on the tape where it came from.   If it's major surgery I would probably change out the thermal paste while I'm at it.  I use Arctic Silver 5.  Amazon carries a kit of the paste and cleaner for about $12.  Instructions for use are on the Arctic Silver website..

 

If you don't feel up to it. You can sometimes get lucky with a vacuum cleaner hose if you put it at the air intake near the fan.  (You may have to break up and fish out the dust through the vent with a needle or pin.  I have heard that this can be danerous to the fan that it might over rev but I've never had it happen.

 

I use Speedfan to check the temps before and after:

 

.Get it from:

 

http://www.filehippo...nload_speedfan/

 

Don't get it from the speedfan site as it comes with a lot of adware.

 

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

 

It will tell you your temps in real time.  (Sometimes it helps to click on Automatic Fan Speed.)

 

Time to clean up:

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.

 

Download Delfix from http://general-chang...xplode/9-delfix

Ensure Remove disinfection tools is ticked

Also tick:

Create registry backup

Purge system restore

 

Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

 

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 

 

 

If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)

 

If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.

http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

 

Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

 

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

 

CryptoPrevent

 

http://www.foolishIT.../cryptoprevent/

 

Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.

 

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

 

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:

http://www.java.com/...lugin_cache.xml

Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

 

 

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm

(The name means something like "clean place" in one of the local native-American dialects)

 

Ron

[klockdoc]

# DelFix v1.012 - Logfile created 26/03/2016 at 01:33:21
# Updated 04/03/2015 by Xplode
# Username : Owner - WORK-7DCFB3F226
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\Program Files\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\rapport.txt
Deleted : C:\Documents and Settings\Owner\Desktop\aswmbr.exe
Deleted : C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu(1).exe
Deleted : C:\Documents and Settings\Owner\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner\Desktop\TFC.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #3470 [System Checkpoint | 02/07/2016 20:39:56]
Deleted : RP #3471 [Removed AVG 2014 | 02/12/2016 08:25:41]
Deleted : RP #3472 [Removed AVG 2014 | 02/12/2016 08:33:06]
Deleted : RP #3473 [System Checkpoint | 02/14/2016 23:28:09]
Deleted : RP #3474 [System Checkpoint | 02/20/2016 08:16:49]
Deleted : RP #3475 [Unsigned driver install | 02/21/2016 06:43:21]
Deleted : RP #3476 [Unsigned driver install | 02/24/2016 05:45:51]
Deleted : RP #3477 [System Checkpoint | 02/28/2016 11:14:31]
Deleted : RP #3478 [Software Distribution Service 3.0 | 03/03/2016 17:28:34]
Deleted : RP #3479 [System Checkpoint | 03/05/2016 02:58:59]
Deleted : RP #3480 [System Checkpoint | 03/10/2016 08:58:04]
Deleted : RP #3481 [Installed Windows XP Wdf01009. | 03/11/2016 08:17:23]
Deleted : RP #3482 [Installed Windows XP Wdf01009. | 03/11/2016 08:27:39]
Deleted : RP #3483 [Update to an unsigned driver | 03/12/2016 17:27:40]
Deleted : RP #3484 [Unsigned driver install | 03/16/2016 17:10:33]
Deleted : RP #3485 [System Checkpoint | 03/19/2016 07:51:03]
Deleted : RP #3486 [System Checkpoint | 03/20/2016 09:09:16]
Deleted : RP #3487 [Removed J2SE Runtime Environment 5.0 Update 10 | 03/21/2016 05:15:33]
Deleted : RP #3488 [Removed J2SE Runtime Environment 5.0 Update 11 | 03/21/2016 05:16:15]
Deleted : RP #3489 [Removed J2SE Runtime Environment 5.0 Update 2 | 03/21/2016 05:16:54]
Deleted : RP #3490 [Removed J2SE Runtime Environment 5.0 Update 5 | 03/21/2016 05:17:41]
Deleted : RP #3491 [Removed J2SE Runtime Environment 5.0 Update 6 | 03/21/2016 05:18:32]
Deleted : RP #3492 [Removed J2SE Runtime Environment 5.0 Update 9 | 03/21/2016 05:19:10]
Deleted : RP #3493 [Removed Java™ 6 Update 2 | 03/21/2016 05:20:16]
Deleted : RP #3494 [Removed Java™ 6 Update 3 | 03/21/2016 05:20:56]
Deleted : RP #3495 [Removed Java™ 6 Update 5 | 03/21/2016 05:23:34]
Deleted : RP #3496 [Removed Java™ 6 Update 7 | 03/21/2016 05:24:17]
Deleted : RP #3497 [Removed Java™ SE Runtime Environment 6 Update 1 | 03/21/2016 05:24:56]
Deleted : RP #3498 [System Checkpoint | 03/22/2016 20:39:12]
Deleted : RP #3499 [System Checkpoint | 03/23/2016 21:28:10]
Deleted : RP #3500 [System Checkpoint | 03/24/2016 22:31:03]
Deleted : RP #3501 [System Checkpoint | 03/25/2016 22:40:19]

New restore point created !

########## - EOF - ##########

I downloaded the cryptoprevent

here is a screen shot of speed fan before and after cleanup

CPU usage is way down, temp is still up but down from originally. zstill have to clean the fans

Somehow in the cleanup, I lost the drivers for my Intel Audio version 1.5.0.73. I tried but could not locate them.Do I need this?

Attached Thumbnails

• 
• 

Edited by klockdoc, 27 March 2016 - 05:32 PM.

[RKinner]

Did you lose the sound or are you getting an error message?

[klockdoc]

Error message when the system boots. Driver not found

Sound is there but seems weaker than before

Edited by klockdoc, 27 March 2016 - 08:55 PM.

[RKinner]

Not sure what happened to it as we didn't touch it.  Let's look at the error message:

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

[klockdoc]

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/03/2016 12:11:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/03/2016 12:13:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/03/2016 12:07:38 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 28/03/2016 12:07:38 PM
Type: error Category: 0
Event: 5 Source: crypt32
Failed auto update retrieval of third-party root certificate from: <http://www.download....8E2D93C311.crt>with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 28/03/2016 12:07:35 PM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 27/03/2016 10:32:15 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.

Log: 'Application' Date/Time: 27/03/2016 9:49:28 PM
Type: error Category: 0
Event: 5 Source: crypt32
Failed auto update retrieval of third-party root certificate from: <http://www.download....8E2D93C311.crt>with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 27/03/2016 9:48:54 PM
Type: error Category: 0
Event: 5 Source: crypt32
Failed auto update retrieval of third-party root certificate from: <http://www.download....8E2D93C311.crt>with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 26/03/2016 4:02:48 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.

Log: 'Application' Date/Time: 24/03/2016 10:43:09 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 8017156

Log: 'Application' Date/Time: 24/03/2016 10:43:09 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 8017156

Log: 'Application' Date/Time: 24/03/2016 10:43:09 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 24/03/2016 8:29:47 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 15671

Log: 'Application' Date/Time: 24/03/2016 8:29:47 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 15671

Log: 'Application' Date/Time: 24/03/2016 8:29:47 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 24/03/2016 8:29:45 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 13718

Log: 'Application' Date/Time: 24/03/2016 8:29:45 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 13718

Log: 'Application' Date/Time: 24/03/2016 8:29:45 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 24/03/2016 8:29:43 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 11765

Log: 'Application' Date/Time: 24/03/2016 8:29:43 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 11765

Log: 'Application' Date/Time: 24/03/2016 8:29:43 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 24/03/2016 8:29:41 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 9812

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/03/2016 4:09:16 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user WORK-7DCFB3F226\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 26/03/2016 3:49:17 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Documents and Settings\Owner\Application Data\CryptoPrevent_Test_Module.exe has been restricted by your Administrator by location with policy rule {e6763d1d-ccfa-4e03-8fc5-12fdcc6af4fb} placed on path C:\Documents and Settings\Owner\Application Data\*.exe

[RKinner]

Make sure your clock has the correct time and date.

 

Uninstall Bonjour

 

It's not working anyway.  It's an Apple program to detect Apple products on your network.  You will get a new version if you install or update any Apple program.

 

 

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:

    http://www.microsoft...70-42470E2F3582

    You will be prompted to validate your copy of Windows.

    As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.

    In the User Profile Hive Cleanup Service installation wizard, click Next.

    In the License Agreement page, read the license agreement, select I Agree, and then click Next.

    In the Select Installation Folder page, click Next.

    In the Confirm Installation page, click Next.

    When UPHClean is installed, click Close.

 

    Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.

    To confirm that UPHClean is installed and running, click Start, and then click Run.

    In Open box, type the following text, and then click OK:

 

    services.msc

    In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.

 

I don't see any mention of  Intel Audio version 1.5.0.73. in the logs.  Did it work before you installed CryptoPrevent?  Perhaps CryptoPrevent stopped it from working.  You can uninstall CryptoPrevent, reboot and see if it works now.

[klockdoc]

UPHclean link is bad. I went directly to Microsoft and did a search, still gave4 a bad link.

Maybe they quit using it because of of XP support.

I found it at Major Geeks location, but wanted to verify the site with you first.

I uninstalled crytoprevent and it didn't make any difference in the intel audio

Oh clock and date is correct.

Edited by klockdoc, 29 March 2016 - 12:30 AM.

[RKinner]

Sorry.  Guess MS is really trying to get rid of all of their XP stuff.

 

Major Geeks site is OK.

[klockdoc]

UPHClean is installed

Weird. When I go to device manager, it doesn't show as a driver missing in any of the sound devices for the intel audio. Although when I restart, it says driver missing

Edited by klockdoc, 29 March 2016 - 11:51 AM.

[RKinner]

Start, Run ipconfig, Enter

 

Under Startup, find

 

IntelAudioStudio

Intel Audio Studio

or

IntelAudioStudio.exe 

 

 

and uncheck it.  Then OK and reboot.  Tell msconfig not to bother you any more.  This should stop the error.  Does it?

 

Near as I can tell the Intel Audio Studio is used for adding sound effects like playing in a stadium or a bathroom and shouldn't be needed for the regular sound.

 

 

Event: 1517 Source: Userenv

Windows saved user WORK-7DCFB3F226\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Above error is why we installed uphclean.  It's a common problem with XP.

 

 

[klockdoc]

when I run ipconfig, it just blinks on then off. So I do not have a screen to view