Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser issue


  • This topic is locked This topic is locked
25 replies to this topic

#1 karenluvs2collect

karenluvs2collect

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 27 October 2013 - 03:57 PM

Hi,

 

I am using windows vista 64 with IE9. I downloaded AdwCleaner to my desktop and after it scanned it asks you

to uncheck any programs. The only problem is there were no programs/services to uncheck. I clicked through

all of the tabs and they were all empty. I have tried this a few times. I am hoping that someone could help me

figure this out or recommend another program to help me remove quite a few old programs/apps that I cannot

uninstall the normal way.

 

Thanks,

Karen



BC AdBot (Login to Remove)

 


#2 jiteshjmedh

jiteshjmedh

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 PM

Posted 27 October 2013 - 04:00 PM

  1. Use Revo Uninstaller to Uninstall unwanted softwares and applications

http://www.revouninstaller.com/start_freeware_download.html



#3 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 27 October 2013 - 04:04 PM

I wish it had worked.

 

Thanks though,

Karen



#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:23 PM

Posted 27 October 2013 - 04:42 PM

AdwCleaner will list adware files responsible for popups, browser and search engine hijackers, etc.

 

If you want to remove programs you have intentionally installed and are having problems doing so, then Revo is a good choice

for helping you with the troublesome uninstalls.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:23 AM

Posted 27 October 2013 - 07:26 PM

The only problem is there were no programs/services to uncheck. I clicked through all of the tabs and they were all empty.

Have you ever thought there is nothing to remove ??

 

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it.

If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this may take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Just to compare them, Thanks -



#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:23 AM

Posted 27 October 2013 - 10:33 PM

As noknojon stated it's quite possible you don't have anything to uninstall that AdwCleaner specifically targets.

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.

The types of programs that AdwCleaner targets are typically bundled with free programs that you download from the web. In many cases when you download and install a program, the install will state that these programs will be installed along with the program you downloaded.<snip>


AdwCleaner is a mission specific tool. As has been noted if you want a general uninstall tool Revo is a good choice.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#7 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 28 October 2013 - 08:12 PM

Actually the main issue is when I go to sign into my yahoo mail account on the bottom address bar is shows

up as yahoo.hsrd.yahoo. I don't know what this is. It started a few months ago and since then when I go to

sites I have been for years things are different. The page is either incomplete, not lined up etc... Just not right.

I don't feel safe selling online or using my email account. Any help would be much appreciated.

 

Thanks,

Karen



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 PM

Posted 28 October 2013 - 08:52 PM

Hello Karen

I believe you just need to change your homepage.

Open Internet Explorer on the desktop.

Go to
Tools

Internet Options

General (tab already open)

In the "Home Page" box, remove hsrd.yahoo.com and enter yahoo.com

Under "Startup", Select "Start with Homepage" button

Click Apply

Click OK

This sets your home page to Yahoo,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:23 PM

Posted 28 October 2013 - 09:29 PM

Karen, you started another topic about the yahoo issue after you posted it in this topic.

 

boopme replied in your other topic. I moved that reply here then deleted the other one.



#10 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 28 October 2013 - 09:31 PM

I have done that soooo many times. Among everything else. I have noticed that when I go to sign in to an account

like here at bleeping just as I am trying to enter my login info the page will flash and then my cursor will be at a

different part of the page.

 

Karen



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 PM

Posted 29 October 2013 - 10:37 AM

Hello, we do not know everything you have tried as you did not tell us..
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Run ESET........
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 29 October 2013 - 10:38 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 29 October 2013 - 10:23 PM

Thank you for helping. I did notice about:blank in the past few days. I also have comodo firewall and geekbuddy plus other trial security including

norton.

 

Here are the two reports:

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Drama Llama (administrator) on 29-10-2013 at 17:51:36
Running from "C:\Users\Drama Llama\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection" address=192.168.0.1

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : toshiba
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wavecable.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : wavecable.com
   Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
   Physical Address. . . . . . . . . : 00-1F-3C-8A-1D-BE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7494:7ead:edb9:63ca%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 29, 2013 5:38:28 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 30, 2013 5:38:28 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 285220668
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-52-59-8F-00-23-8B-87-43-16
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-8B-92-8B-46
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{88842A02-09E2-48F2-AF67-E83C6A8B7B55}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c68:3322:3f57:fe99(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c68:3322:3f57:fe99%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wavecable.com
   Description . . . . . . . . . . . : isatap.wavecable.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Cisco16192
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4005:802::1007
   74.125.239.134
   74.125.239.136
   74.125.239.137
   74.125.239.132
   74.125.239.129
   74.125.239.128
   74.125.239.133
   74.125.239.130
   74.125.239.142
   74.125.239.131
   74.125.239.135

 

Pinging google.com [74.125.239.135] with 32 bytes of data:

Request timed out.

Request timed out.

 

Ping statistics for 74.125.239.135:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server:  Cisco16192
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
   206.190.36.45
   98.139.183.24

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Request timed out.

Request timed out.

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 1f 3c 8a 1d be ...... Intel® PRO/Wireless 3945ABG Network Connection
 10 ...00 23 8b 92 8b 46 ...... Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{88842A02-09E2-48F2-AF67-E83C6A8B7B55}
 13 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 15 ...00 00 00 00 00 00 00 e0  isatap.wavecable.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    281
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:6ab8:3c68:3322:3f57:fe99/128
                                    On-link
 11    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::3c68:3322:3f57:fe99/128
                                    On-link
 11    281 fe80::7494:7ead:edb9:63ca/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/29/2013 05:38:36 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

Error: (10/29/2013 05:38:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {d1da8b67-7fc3-418c-8c27-abd7652a7c56}

Error: (10/29/2013 05:38:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {d1da8b67-7fc3-418c-8c27-abd7652a7c56}

Error: (10/29/2013 05:38:26 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

Error: (10/29/2013 05:38:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {782fc77a-8558-4648-afea-71fd627e53bb}

Error: (10/29/2013 05:38:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {782fc77a-8558-4648-afea-71fd627e53bb}

Error: (10/29/2013 05:38:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

Error: (10/29/2013 05:38:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
   Writer Name: IIS Config Writer
   Writer Instance ID: {2aace320-553b-4a07-b957-a2f1e34557ff}

Error: (10/29/2013 05:38:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
   Writer Name: IIS Config Writer
   Writer Instance ID: {2aace320-553b-4a07-b957-a2f1e34557ff}

Error: (10/29/2013 05:38:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070422

System errors:
=============
Error: (10/29/2013 05:49:08 PM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

Error: (10/29/2013 05:49:08 PM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

Error: (10/29/2013 05:49:08 PM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

Error: (10/29/2013 05:49:08 PM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

Error: (10/29/2013 05:49:07 PM) (Source: DCOM) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (10/29/2013 05:40:28 PM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer ServiceCOM+ Event System%%1058

Error: (10/29/2013 05:38:37 PM) (Source: Service Control Manager) (User: )
Description: Beep
ccSet_NST
SBRE

Error: (10/29/2013 05:38:37 PM) (Source: Service Control Manager) (User: )
Description: ServerSecurity Accounts Manager%%1058

Error: (10/29/2013 05:38:37 PM) (Source: Service Control Manager) (User: )
Description: 60000Windows Media Center Scheduler Service

Error: (10/29/2013 05:38:37 PM) (Source: Service Control Manager) (User: )
Description: 60000Windows Media Center Receiver Service

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-24 17:41:31.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:31.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:31.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:30.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:30.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:30.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:30.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:29.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:29.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-24 17:41:29.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

ALPS Touch Pad Driver
Bitdefender Total Security (Version: 17.16.0.729)
Bluetooth Stack for Windows by Toshiba (Version: v6.10.02(T))
Canon MX510 series MP Drivers
Conexant HD Audio (Version: 4.36.6.0)
HDAUDIO Soft Data Fax Modem with SmartCP
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
Marvell Miniport Driver (Version: 10.51.4.3)
mCore (Version: 11.02.0000)
mCPlug (Version: 11.00.0000)
mHelp (Version: 11.02.0000)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
mMHouse (Version: 11.02.0000)
mPfMgr (Version: 11.02.0000)
O2Micro Flash Memory Card Reader Driver (x64) (Version: 3.21)
TOSHIBA Disc Creator (Version: 2.0.1.1a for x64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA SD Memory Utilities (Version: 1.9.1.5)
TOSHIBA Supervisor Password (Version: 3.00.01.00)
TOSHIBA Value Added Package (Version: 1.1.14.64)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 2549.61 MB
Available physical RAM: 805.86 MB
Total Pagefile: 5333.64 MB
Available Pagefile: 3157.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.81 MB

========================= Partitions: =====================================

1 Drive c: (SQ004675V06) (Fixed) (Total:231.42 GB) (Free:92.32 GB) NTFS

========================= Users: ========================================

User accounts for \\TOSHIBA

Administrator            Drama Llama              Guest                   
Karen                   

**** End of log ****

 

 

C:\Users\Drama Llama\Downloads\BitDefenderQS_EN(1).exe Win32/Packed.Autoit.H application cleaned by deleting - quarantined
C:\Users\Drama Llama\Downloads\BitDefenderQS_EN.exe Win32/Packed.Autoit.H application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10252013_121406\C_Users\Drama Llama\Downloads\cbsidlm-cbsi134-Revo_Uninstaller-SEO-10687648 (1).exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10252013_121406\C_Users\Drama Llama\Downloads\cbsidlm-cbsi134-Revo_Uninstaller-SEO-10687648.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10252013_121406\C_Users\Drama Llama\Downloads\cbsidlm-cbsi134-Wise_Program_Uninstaller-ORG-75798277.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10252013_121406\C_Users\Drama Llama\Downloads\cbsidlm-tr1_14-WyvernWorks_Ad_Away_2004-SEO-10280349.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:23 PM

Posted 30 October 2013 - 07:14 PM

Hello are you in England? The only odd thing I find is yahoo.hsrd.yahoo, is an English server for Yahoo.
When and where did you run OTL? Was this occurring prior to that.


There are a couple errors that running SFC (System File Check ) may fix and maybe even fix this.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif

NOTE: Add these 2 checks also....
Repair Hosts File
Repair Volume Shadow Copy Service


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 30 October 2013 - 10:37 PM

Hi,

 

I am in the United States (CA). As far as running OTL, it looks like 10-24-2013. Here is the link       http://forums.techguy.org/virus-other-malware-removal/1110915-help-redirect-issue.html                if you would like to review the when and where. Yes, this

was occuring prior to that. I think I have done everything you have asked as far as the tweeking.com scan. The only thing that I noticed is that you asked

to     check repair hosts file and repair volume shadow copy service. I did not see these available to check.

 

Karen



#15 karenluvs2collect

karenluvs2collect
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 31 October 2013 - 12:07 AM

Here is the tweeking.com report:

 

 

windows repair log:

 

 

Starting Repairs...
   Start (10/30/2013 7:39:25 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (10/30/2013 7:39:25 PM)
   Running Repair Under Current User Account
   Done (10/30/2013 7:39:40 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/30/2013 7:39:40 PM)
   Running Repair Under System Account
   Done (10/30/2013 7:43:36 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (10/30/2013 7:43:36 PM)
   Running Repair Under System Account
   Done (10/30/2013 7:44:26 PM)

03 - Register System Files
   Start (10/30/2013 7:44:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:45:33 PM)

04 - Repair WMI
   Start (10/30/2013 7:45:33 PM)
   Running Repair Under Current User Account
   Done (10/30/2013 7:54:10 PM)

05 - Repair Windows Firewall
   Start (10/30/2013 7:54:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:54:45 PM)

06 - Repair Internet Explorer
   Start (10/30/2013 7:54:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:55:21 PM)

07 - Repair MDAC/MS Jet
   Start (10/30/2013 7:55:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:55:38 PM)

08 - Repair Hosts File
   Start (10/30/2013 7:55:38 PM)
   Running Repair Under System Account
   Done (10/30/2013 7:55:41 PM)

09 - Remove Policies Set By Infections
   Start (10/30/2013 7:55:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:55:45 PM)

11 - Repair Icons
   Start (10/30/2013 7:55:47 PM)
   Running Repair Under System Account
   Done (10/30/2013 7:56:00 PM)

12 - Repair Winsock & DNS Cache
   Start (10/30/2013 7:56:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:56:16 PM)

14 - Repair Proxy Settings
   Start (10/30/2013 7:56:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:56:21 PM)

16 - Repair Windows Updates
   Start (10/30/2013 7:56:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:56:53 PM)

17 - Repair CD/DVD Missing/Not Working
   Start (10/30/2013 7:56:53 PM)
   Done (10/30/2013 7:56:53 PM)

18 - Repair Volume Shadow Copy Service
   Start (10/30/2013 7:56:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:12 PM)

20 - Repair MSI (Windows Installer)
   Start (10/30/2013 7:57:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:25 PM)

22.01 - Repair bat Association
   Start (10/30/2013 7:57:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:30 PM)

22.02 - Repair cmd Association
   Start (10/30/2013 7:57:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:35 PM)

22.03 - Repair com Association
   Start (10/30/2013 7:57:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:39 PM)

22.04 - Repair Directory Association
   Start (10/30/2013 7:57:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:44 PM)

22.05 - Repair Drive Association
   Start (10/30/2013 7:57:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:49 PM)

22.06 - Repair exe Association
   Start (10/30/2013 7:57:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:54 PM)

22.07 - Repair Folder Association
   Start (10/30/2013 7:57:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:57:58 PM)

22.08 - Repair inf Association
   Start (10/30/2013 7:57:58 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:03 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (10/30/2013 7:58:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:08 PM)

22.10 - Repair msc Association
   Start (10/30/2013 7:58:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:13 PM)

22.11 - Repair reg Association
   Start (10/30/2013 7:58:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:17 PM)

22.12 - Repair scr Association
   Start (10/30/2013 7:58:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:22 PM)

23 - Repair Windows Safe Mode
   Start (10/30/2013 7:58:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:27 PM)

24 - Repair Print Spooler
   Start (10/30/2013 7:58:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:42 PM)

25 - Restore Important Windows Services
   Start (10/30/2013 7:58:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:49 PM)

26 - Set Windows Services To Default Startup
   Start (10/30/2013 7:58:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/30/2013 7:58:56 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (10/30/2013 7:58:56 PM)
   Total Repair Time: 00:19:31

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account

 

 

 

 

repair icons

 

File not found - C:\Users\Drama Llama\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Drama Llama\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Drama Llama\AppData\Local\IconCache.db
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users