-
First two should be very quick ones.
TFC can't be disturbed.
Eset can be run while doing something else.
-
thanks, broni. maybe tomorrow i can run the first two when he's at lunch and the third overnight. *crosses fingers*
-
-
hi broni.
security check output:
Results of screen317's Security Check version 0.99.81
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Java(TM) 6 Update 5
Adobe Reader XI
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
=======================================================================
farbar service scanner output:
Farbar Service Scanner Version: 25-02-2014
Ran by Schramm (administrator) on 02-04-2014 at 13:17:58
Running from "C:\Users\Schramm\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 14:47] - [2013-09-03 21:31] - 0404992 ____A (Microsoft Corporation) 2BA159E1F9FD75F6A496742B20F1D9CF
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-14 16:07] - [2013-07-04 23:45] - 1423808 ____A (Microsoft Corporation) C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
========================================================================
i'll run temp file cleaner tonight.
-
hi broni.
i had time to do some googling using "tray/app market research install" which prompted all of this. i've come across a number of threads talking about this. one of which states:
"These types of errors happen because ... an application is trying to repair itself because a file is missing or a registry entry has been removed."
now, he has a "pc tools registry mechanic" icon on his desktop. since he never does anything wrong (according to him), whenever i ask about stull like this he denies ever installing anything. i'm wondering if he somehow "repaired" his registry by deleted some setting and/or file and so is now the cause of getting this error on startup.
i've also found a "solution" stating:
"To stop it from trying to install:
To start the system configuration utility (msconfig):
Click Start, and then type msconfig in the Start Search box.
In the Programs section, click Msconfig.exe.
On the Startup tab you will have to look for the application that keeps trying to start and uncheck the box next to it. This takes it out of the startup so it will not run each time Windows starts."
unfortunately, i don't know WHICH app is trying to do this.
thoughts?
(i still plan on running the temp file cleaner tonight)
terry
-
When done with Eset....
Uninstall PC Tools Registry Mechanic.
Registry cleaners/optimizers are not recommended for several reasons:
- Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
- Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
- Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
- Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
- The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
See if the problem is still there.
If it is....
Re-run FRST.
Make sure Addition.txt box is checkamrked so you get two logs from FRST.
-
sorry, you misunderstood, broni,
i didnt install the registry cleaner. i never would. i just found it on his machine. i assume he installed and possibly RAN it thereby deleting some software that is expecting a CD to be loaded on startup.
-
I understood what you said.
I want you to uninstall the thing.
-
-
...and...
See if the problem is still there.
If it is....
Re-run FRST.
Make sure Addition.txt box is checkamrked so you get two logs from FRST.
-
temp file cleaner done. it removed some files and asked for a restart. problem still exists.
you said that i could run ESET with him still using the maching. since i will have to disable NAV for ESET to run, is this safe? i have no idea where he might be surfing to?
thanks, broni.
terry
-
Did you uninstall PC Tools Registry Mechanic?
I suggest you run Eset overnight so he doesn't surf anywhere nor download anything.
Make sure he sleeps at that time...lol
-
not yet, broni. i'll do it when he's at lunch today. i can't stay late today so i won't be able to run ESET until monday nite.
any thoughts on my post #50? also, he used to have a hp printer (since deceased) and there are a few hp-related programs still there. i thought i'd uninstall them when i uninstall pc tools.
-
No thoughts until you uninstall Registry Mechanic and see what happens.
If still same issue I'll need new FRST logs.
-
