Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting (D)DoS'd/booter


  • Please log in to reply
17 replies to this topic

#1 Kram B

Kram B

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 17 November 2012 - 06:32 PM

Well there are these kids that think they are über l33t hackers because they can use booters to take my network out.

They obtain my IP through Skype, God knows why they haven't fixed that.

Basically I need help protecting myself. My ISP (AT&T) will not do anything about it.

Please, does anyone have tips for me?

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 17 November 2012 - 07:02 PM

Hi -
Can we please have a bit of a quick look at the system set up -
Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt).
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Thank You -



#3 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 17 November 2012 - 07:35 PM

Hi -
Can we please have a bit of a quick look at the system set up -
Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt).
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Thank You -



Here you go. Though I do not use either IE or FF, I use Chrome.

I usMiniToolBox by Farbar  Version: 10-11-2012 02
Ran by Mark Bolick (administrator) on 17-11-2012 at 19:33:55
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel(R) Centrino(R) Wireless-N 1030 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 3 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 5 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : MarkBolick-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-60-6B-25-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #4
   Physical Address. . . . . . . . . : BC-77-37-64-B9-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
   Physical Address. . . . . . . . . : BC-77-37-64-B9-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : BC-77-37-64-B9-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a145:51b:f92a:cc3b%18(Preferred) 
   IPv4 Address. . . . . . . . . . . : 172.16.1.35(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Saturday, November 17, 2012 6:38:48 PM
   Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 6:38:48 PM
   Default Gateway . . . . . . . . . : 172.16.0.1
   DHCP Server . . . . . . . . . . . : 172.16.0.1
   DHCPv6 IAID . . . . . . . . . . . : 297563959
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E6-71-18-14-FE-B5-AD-77-5C
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 14-FE-B5-AD-77-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : BC-77-37-64-B9-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{300DD561-5AAA-4079-995B-5EFC217988E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com.2wire.net
Address:  67.215.65.132


Pinging google.com [74.125.228.102] with 32 bytes of data:
Reply from 74.125.228.102: bytes=32 time=35ms TTL=51
Reply from 74.125.228.102: bytes=32 time=34ms TTL=51

Ping statistics for 74.125.228.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 35ms, Average = 34ms
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com.2wire.net
Address:  67.215.65.132


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=77ms TTL=43
Reply from 98.138.253.109: bytes=32 time=108ms TTL=43

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 108ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 23...00 ff 60 6b 25 af ......TAP-Win32 Adapter V9
 20...bc 77 37 64 b9 9c ......Microsoft Virtual WiFi Miniport Adapter #4
 19...bc 77 37 64 b9 9c ......Microsoft Virtual WiFi Miniport Adapter #3
 18...bc 77 37 64 b9 9b ......Intel(R) Centrino(R) Wireless-N 1030
 14...14 fe b5 ad 77 5c ......Realtek PCIe GBE Family Controller
 11...bc 77 37 64 b9 9f ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.0.1      172.16.1.35     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       172.16.0.0      255.255.0.0         On-link       172.16.1.35    281
      172.16.1.35  255.255.255.255         On-link       172.16.1.35    281
   172.16.255.255  255.255.255.255         On-link       172.16.1.35    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       172.16.1.35    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       172.16.1.35    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    281 fe80::/64                On-link
 18    281 fe80::a145:51b:f92a:cc3b/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2012 07:31:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 07:28:54 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = E:\setup.exe ; Description = Installed Microsoft Office Professional Plus 2010; Error = 0x80042302).

Error: (11/17/2012 07:28:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (11/17/2012 07:28:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Error: (11/17/2012 06:40:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 11:21:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2012 07:37:45 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).

Error: (11/16/2012 07:37:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (11/16/2012 07:37:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Error: (11/16/2012 03:27:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (11/09/2012 04:33:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:28:23 PM on ?11/?9/?2012 was unexpected.

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================
Error: (11/17/2012 07:31:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 07:28:54 PM) (Source: System Restore)(User: )
Description: E:\setup.exe Installed Microsoft Office Professional Plus 20100x80042302

Error: (11/17/2012 07:28:54 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/17/2012 07:28:54 PM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/17/2012 06:40:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 11:21:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2012 07:37:45 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302

Error: (11/16/2012 07:37:45 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/16/2012 07:37:45 PM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/16/2012 03:27:04 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Instantiating VSS server


CodeIntegrity Errors:
===================================
  Date: 2012-11-17 18:38:19.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 18:38:19.295
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 11:19:39.434
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 11:19:39.418
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-16 14:50:14.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-16 14:50:14.635
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-15 15:05:08.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-15 15:05:08.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-14 15:51:58.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-14 15:51:58.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

AccelerometerP11 (Version: 2.00.11.22)
Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advanced SystemCare 6 (Version: 6.0)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ArmA 2 Free Uninstall
ARMA 2: Operation Arrowhead
Bandisoft MPEG-1 Decoder
Battlefield Play4Free
BattlEye for OA Uninstall
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.50.854.0)
Camtasia Studio 8 (Version: 8.0.2.918)
CCleaner (Version: 3.24)
D3DX10 (Version: 15.4.2368.0902)
DayZ Commander (Version: 0.9.91)
Defraggler (Version: 2.11)
Deluge 1.3.5
erLT (Version: 1.20.138.34)
FileZilla Client 3.5.3 (Version: 3.5.3)
Garry's Mod
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 23.0.1271.64)
Google Update Helper (Version: 1.3.21.123)
Grand Theft Auto IV
Hawken
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
iFunbox (v2.0.2150.728), iFunbox DevTeam (Version: v2.0.2150.728)
ImgBurn (Version: 2.5.7.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 9.17.10.2875)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.1.0608)
Intel(R) Rapid Storage Technology (Version: 10.1.2.1004)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel(R) WiDi (Version: 3.5.40.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.02.0000.1258)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70)
K-Lite Codec Pack 9.2.0 (Full) (Version: 9.2.0)
LibreOffice 3.6 (Version: 3.6.1.2)
Logitech Webcam Software (Version: 2.31)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.50.854.0)
LWS Help_main (Version: 13.50.862.0)
LWS Launcher (Version: 13.50.859.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.50.861.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Mabinogi
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Halo
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Maintenance Service (Version: 19.0a1)
MP3 Rocket
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nexon Game Manager
Nexus Mod Manager (Version: 0.20.0)
Nightly 19.0a1 (x86 en-US) (Version: 19.0a1)
Notepad++ (Version: 6.1.7)
NVIDIA Control Panel 307.21 (Version: 307.21)
NVIDIA Graphics Driver 307.21 (Version: 307.21)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Pando Media Booster (Version: 2.6.0.8)
Path of Exile (Version: 0.9.12.19688)
Photo Gallery (Version: 16.4.3505.0912)
PowerISO (Version: 5.4)
PrivitizeVPN (Version: 1.0.0)
proXPN 2.5.1 (Version: 2.5.1)
PunkBuster Services (Version: 0.990)
Quickset64 (Version: 11.0.10)
Realm of the Mad God
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.27.0)
ShareX 6.5.0.248 (Version: 6.5.0.248)
Skype™ 5.10 (Version: 5.10.116)
Source SDK Base 2006
Speccy (Version: 1.18)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.2.6.0)
System Requirements Lab for Intel (Version: 4.5.11.0)
System Requirements Lab Test (Version: 5.0.6.0)
Team Fortress 2
TeamViewer 7 (Version: 7.0.14563)
Tribes: Ascend
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
UxStyle Core Beta (Version: 0.2.1.1)
Vindictus
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireshark 1.8.3 (32-bit) (Version: 1.8.3)
WModem Driver Installer (Version: 2.0.6.7)
World of Warcraft (Version: 5.0.5.16135)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8086.17 MB
Available physical RAM: 5713.24 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13679 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.94 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:361.73 GB) (Free:208.98 GB) NTFS
3 Drive e: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\MARKBOLICK-PC

Administrator            Guest                    Mark Bolick              
UpdatusUser              

========================= Minidump Files ==================================

No minidump file found


**** End of log ****



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 18 November 2012 - 06:23 AM

Hi -
First few ideas are as follows - Advanced SystemCare 6 (Version: 6.0) can conflict with Microsoft Security Essentials and Malwarebytes Anti-Malware -
Claims include "Detects More Hidden Problems of PC Security and Performance - Detects and analyzes Windows security. Scans and removes spyware, adware and hijackers with our up-to-date database. New Web Surfing Protection creates a safer online environment by detecting risky websites and other e-threats that may harm your PC." -
It obviously is not a decent working program, also includes Antivirus and an uneccessary Registry Cleaner / Modifier
Please delete it -

Hosts file content: seems to be empty - This may be one of your other main problems -
http://go.microsoft.com/?linkid=9668866 < Run this M/soft Fixit Program - Click Run and follow any onscreen directions - This will now reset your Hosts File for you -
You can also run this next program to be sure that the Hosts file is fully restored -
>> Download Rogue killer
Right click on it and select run as administrator
Now,click on HOSTS FIX option on right side
A log should get generated after the fix ,post the log here

I am finding it is very odd that this is showing as a problem >> Fanio.sys is usually the the Dell Fan I/O driver.
If it wasn't loaded, it may be overheating, or corrupted - It also spreads from 2012-11-14 to 2012-11-17 in Code Integrety Errors.
Normal file Location: C:\WINDOWS\system32\drivers\fanio.sys -

Please download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

Also post a snapshot with Speccy, as this may give us a bit more to look at -
How To Publish a Snapshot using Speccy <<Follow These Directions

Thank You -

#5 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 18 November 2012 - 02:46 PM

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mark Bolick [Admin rights]
Mode : HOSTSFix -- Date : 11/18/2012 14:39:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Resetted HOSTS: ¤¤¤


Finished : << RKreport[4]_H_11182012_02d1439.txt >>
RKreport[1]_H_11182012_02d1436.txt ; RKreport[2]_H_11182012_02d1437.txt ; RKreport[3]_H_11182012_02d1438.txt ; RKreport[4]_H_11182012_02d1439.txt




Results of screen317's Security Check version 0.99.54  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Malwarebytes Anti-Malware version 1.65.1.1000  
 Java 7 Update 7  
 [color=red][b]Java version out of Date![/b][/color] 
 Adobe Flash Player 11.5.502.110  
 Adobe Reader X (10.1.4) 
 Google Chrome 22.0.1229.96  
 Google Chrome 23.0.1271.64  
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C:  
[b][u]````````````````````End of Log``````````````````````[/b][/u] 

Speccy Snapshot

I would like to add that I just finished playing some WoW, so that is why the temps are a little high. They usually stay in the 50's, but they can get up to 80's when I play games.

Also, are you sure Advanced Systemcare 6 is bad? I have used it for such a long time. I do not run the anti-virus/malware stuff alongside MSE.

Also, is my fan driver fixed with the programs I ran?

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 18 November 2012 - 04:23 PM

Also, are you sure Advanced Systemcare 6 is bad? I have used it for such a long time. I do not run the anti-virus/malware stuff alongside MSE.

Microsoft Security Essentials is all that you need to be running, along with Windows Firewall - Why do you want the extra IObit programs ??
You also have Malwarebytes Anti-Malware available if you wish for a malware scanner, and that is enough for now.
If these 3 programs are updated and used correctly, the only use for IObit is a Registry Cleaner, which is not recomended -

I used IObits programs for a short time and found they were generally useless when used with other good programs. They only caused problems.
The program is only popular (in numbers) as China limits the options available to their online users -

I found a similar problem with avast! Internet Security and Advanced SystemCare 5 with IObit Malware Fighter combined.
This caused "cpu load reached 100%" problems and overheating, until it was removed -

They usually stay in the 50's, but they can get up to 80's when I play games.

They should not generally pass 50 to 60°C, 80°C is too high - This shows that you may still have some cooling problems -

Please re-run MiniToolBox
Only checkmark these following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List last 10 Event Viewer log
List devices >>(Problem only)<< (Still checking the Fan I/O .sys file)

Click Go and copy / paste the result (Result.txt).
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Update and run a Quick Scan only with your Malwarebytes Anti-Malware and post the log back here

Thank You -

#7 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 18 November 2012 - 05:05 PM

Well if you insist..

I would like to add that I am using a laptop. The bottom is always elevated and has free airflow.

MiniToolBox by Farbar  Version: 10-11-2012 02
Ran by Mark Bolick (administrator) on 18-11-2012 at 17:03:42
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

#       ::1             localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2012 02:57:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2012 02:48:24 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).

Error: (11/18/2012 02:48:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (11/18/2012 02:48:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Error: (11/18/2012 02:35:17 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Microsoft Fix it 50267; Error = 0x80042302).

Error: (11/18/2012 02:35:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (11/18/2012 02:35:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Error: (11/18/2012 02:35:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Microsoft Fix it 50267; Error = 0x80042302).

Error: (11/18/2012 02:35:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Error: (11/18/2012 02:35:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


System errors:
=============
Error: (11/09/2012 04:33:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:28:23 PM on ?11/?9/?2012 was unexpected.

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (11/06/2012 09:18:05 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================
Error: (11/18/2012 02:57:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2012 02:48:24 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302

Error: (11/18/2012 02:48:24 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2012 02:48:24 PM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2012 02:35:17 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Microsoft Fix it 502670x80042302

Error: (11/18/2012 02:35:17 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2012 02:35:17 PM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2012 02:35:13 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Microsoft Fix it 502670x80042302

Error: (11/18/2012 02:35:13 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/18/2012 02:35:13 PM) (Source: VSS)(User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity Errors:
===================================
  Date: 2012-11-18 14:55:35.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-18 14:55:34.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-18 14:30:14.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-18 14:30:14.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 18:38:19.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 18:38:19.295
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 11:19:39.434
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-17 11:19:39.418
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-16 14:50:14.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-16 14:50:14.635
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Devices: ================================


**** End of log ****


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 19 November 2012 - 06:40 AM

Well if you insist..
I would like to add that I am using a laptop. The bottom is always elevated and has free airflow.

I figured it was a laptop from Speccy, and running it elevated should keep it cooler than it is -

It seems that fanio.sys on your system may have been either disabled, or corrupted so your fan speeds may not work correctly.
Please use SpeedFan to monitor your temperatures, and fans for a while, as the Temps are a bit varied, and high -

Update and run a Quick Scan only with your Malwarebytes Anti-Malware, and post the log back here

From the last post - This is to check for any seen infections -
NEXT -
Run a sfc /scannow (System File Check) on the computer -
Go > Start Programs > Accessories > Find Command Prompt > Right click on the program listing and select Run as Administrator > Type sfc /scannow > Press Enter -
Note the Space between c and / .This can take from about 15 up to 30 minutes to scan and please make a note of any items displayed -

Thank You -

#9 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 19 November 2012 - 05:16 PM

Speedfan indicates that my idling temps are the mid 50s and when I play a video game I got to the 80s.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark Bolick :: MARKBOLICK-PC [administrator]

11/19/2012 4:46:34 PM
mbam-log-2012-11-19 (16-46-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224669
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There were errors found with sfc /scannow, and they were repaired. I was going to post the log, but it was very long.

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 19 November 2012 - 09:09 PM

There were errors found with sfc /scannow, and they were repaired. I was going to post the log, but it was very long.

This is why I asked to note the errors, as we still are having this error, and I hoped there may be a notation towards why this continues >
"Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys"

Unless you or someone has replaced the drivers\fanio.sys file with another one, like Not Verified; Christian Diefer; fanio.sys
The end, or some part of above line (with the highlighted items), was what I hoped for from SystemFileCheck -
This shows a changed / unregistered / unverified file that controls your cooling (fans) system, and may not let them work correctly -

#11 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 19 November 2012 - 09:16 PM

There were errors found with sfc /scannow, and they were repaired. I was going to post the log, but it was very long.

This is why I asked to note the errors, as we still are having this error, and I hoped there may be a notation towards why this continues >
"Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\fanio.sys"

Unless you or someone has replaced the drivers\fanio.sys file with another one, like Not Verified; Christian Diefer; fanio.sys
The end, or some part of above line (with the highlighted items), was what I hoped for from SystemFileCheck -
This shows a changed / unregistered / unverified file that controls your cooling (fans) system, and may not let them work correctly -



Okay, I am terribly sorry.

I did try to install 18kguifan, but it would not work. I later came to realize that my laptop was not supported.

This is what I tried to install: http://www.diefer.de/i8kfan/

So there is no confusion. Once again, I am sorry for not paying attention. I thought that I could just supply you with the log, and I did not know that it would be so big.

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 19 November 2012 - 10:20 PM

No problem, as that is what I was looking for -

You can always Right click on a Report.txt and Send to a Zip file to upload if it is too long.
Just make sure you use the Add Reply option if you do this, and an option is there to upload a file etc -

The Diefer option is often used but it is not a registered or verified file, so it keeps throwing the error back each time.
This was what I expected if you did not have Genuine Dell Disks to do a Repair Install with.

Just watch the Temps on SpeedFan and hope there are not too many extremes at unusual times -

Regards -


#13 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 20 November 2012 - 06:14 AM

Okay, thank you.

I am not using 18kfangui, so where would I obtain a clean fanio.sys file? I've tried googling it, but to no avail.

Or is fanio.sys a file by diefer and I should just delete it?

Also, all of this really never answered my question..how can I protect myself? I know that all of this can attribute to it, and I am grateful that you are taking your time to do this, but is there anything specific I could do?

Edited by Kram B, 20 November 2012 - 03:11 PM.


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:14 AM

Posted 20 November 2012 - 04:02 PM

I am not using 18kfangui, so where would I obtain a clean fanio.sys file? I've tried googling it, but to no avail.

Hi -
The Diefer file seems to be used as a Replacement for 18kfangui when the Genuine Dell version is not available -
There is a way to Register / Verify it but it is a bit involved from what I read, so most users just leave it as is -

Do you have the Genuine Dell Disks to do any repair install with ?? Not full reinstall, but Repair Install ??

Has there been any change since we reset the Hosts file earlier ?? This was one reason why you were left open to attacks -

#15 Kram B

Kram B
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 PM

Posted 20 November 2012 - 04:27 PM

I am not using 18kfangui, so where would I obtain a clean fanio.sys file? I've tried googling it, but to no avail.

Hi -
The Diefer file seems to be used as a Replacement for 18kfangui when the Genuine Dell version is not available -
There is a way to Register / Verify it but it is a bit involved from what I read, so most users just leave it as is -

Do you have the Genuine Dell Disks to do any repair install with ?? Not full reinstall, but Repair Install ??

Has there been any change since we reset the Hosts file earlier ?? This was one reason why you were left open to attacks -


I actually deleted the fanio.sys because I figured it was from 18kfangui. So was I wrong in doing so? I do not. For whatever reason my laptop did not come with one, or perhaps I misplaced it, but I doubt it. I do a drivers and utilites disc, but I did not see anything relating to fans in it. Or perhaps I was looking for the wrong thing?

Thank you for the Hosts fix, I greatly appreciate it. I hate to beat a dead horse, but you wouldn't know anything else that could help, would you? I read something about changing the connection IP in Skype and such so mine cannot be obtained. I followed the directions, though I am not sure it actually works.

Edit: No, I have not messed with the Host files.

Thanks.

Edited by Kram B, 20 November 2012 - 04:28 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users