Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected with something


  • Please log in to reply
15 replies to this topic

#1 Shawnee2

Shawnee2

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 25 November 2013 - 03:06 PM

My daughter give me her old laptop and I noticed the anti-virus software had not been updated in a few years.  I am trying to make sure it is not infected before I start using it.  I ran a search awhile back with adwcleaner or malwarebytes (I think, can't remember what program for sure) and the program found a few items that needed to be removed and did so.  My concern is whether there are other things on there that might be infected.  This is a Windows 7 system.

 

Thanks for you assistance.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 28 November 2013 - 01:37 AM

Hi -

We may as well have a look at what "daughter" has not been looking after :rolleyes:  

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop and run it.
Checkmark following boxes:
* Report IE Proxy Settings
* Report FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and post the result. (result.txt)

 

If you have an old version of AdwCleaner installed, open it and click on Uninstall.

This will remove the old version and any items it had quarantined. Note, this may reboot your computer, and is quite normal-

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At worst the tool will run for about 2 minutes

Important: Do not reboot your computer until you complete the next step.

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

 

Thank You -



#3 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 03 December 2013 - 01:26 PM

Sorry for the delayed response.  I took an extended vacation.  Thanks for your help.. Attached are the logs:

 

 Results of screen317's Security Check version 0.99.77 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 windows defender MpCmdRun.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by ldotson3 (administrator) on 03-12-2013 at 11:46:45
Running from "C:\Users\ldotson3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BV9X0V3N"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dotson-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : carolina.rr.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : carolina.rr.com
   Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
   Physical Address. . . . . . . . . : 00-26-5E-2D-02-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8d54:891f:83c4:ec72%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 03, 2013 11:07:11 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 04, 2013 11:07:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890846
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-03-B1-43-00-26-5E-2D-02-4D
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-23-5A-BA-30-25
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:8b9:85:3f57:fe7e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::8b9:85:3f57:fe7e%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : carolina.rr.com
   Description . . . . . . . . . . . : isatap.carolina.rr.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{CB0EF3D8-0A8B-4647-86EC-1EF2116A4D4E}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4002:c07::66
   74.125.196.102
   74.125.196.113
   74.125.196.138
   74.125.196.139
   74.125.196.100
   74.125.196.101

 

Pinging google.com [74.125.196.139] with 32 bytes of data:

Reply from 74.125.196.139: bytes=32 time=26ms TTL=42

Reply from 74.125.196.139: bytes=32 time=25ms TTL=42

 

Ping statistics for 74.125.196.139:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 25ms, Maximum = 26ms, Average = 25ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=81ms TTL=48

Reply from 98.138.253.109: bytes=32 time=70ms TTL=48

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 70ms, Maximum = 81ms, Average = 75ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 26 5e 2d 02 4d ...... Atheros AR5007 802.11b/g WiFi Adapter
 10 ...00 23 5a ba 30 25 ...... Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 17 ...00 00 00 00 00 00 00 e0  isatap.carolina.rr.com
 14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 16 ...00 00 00 00 00 00 00 e0  isatap.{CB0EF3D8-0A8B-4647-86EC-1EF2116A4D4E}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.129     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.129    281
    192.168.1.129  255.255.255.255         On-link     192.168.1.129    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.129    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.129    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.129    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:6abd:8b9:85:3f57:fe7e/128
                                    On-link
 11    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::8b9:85:3f57:fe7e/128
                                    On-link
 11    281 fe80::8d54:891f:83c4:ec72/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/03/2013 11:10:40 AM) (Source: Application Error) (User: )
Description: Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000135, fault offset 0x0006f52f,
process id 0xf38, application start time 0xAppleSyncNotifier.exe0.

Error: (12/03/2013 11:07:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 11:05:35 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/03/2013 10:51:04 AM) (Source: Microsoft-Windows-RestartManager) (User: dotson-PC)
Description: 0sprtsvc.exeSupportSoft Sprocket Service (ddoctorv2)03026217829760

Error: (12/03/2013 10:14:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LDOTSON3\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (12/03/2013 10:14:34 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LDOTSON3\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (12/03/2013 10:13:02 AM) (Source: Application Error) (User: )
Description: Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000135, fault offset 0x0006f52f,
process id 0x9d0, application start time 0xAppleSyncNotifier.exe0.

Error: (12/03/2013 10:11:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2013 00:53:11 PM) (Source: Application Error) (User: )
Description: Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000135, fault offset 0x0006f52f,
process id 0x784, application start time 0xAppleSyncNotifier.exe0.

Error: (11/26/2013 00:49:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/03/2013 11:11:28 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 11:11:28 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 11:11:27 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 11:11:27 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 11:07:43 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (12/03/2013 10:55:36 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (12/03/2013 10:15:46 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 10:15:46 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 10:15:46 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 10:15:45 AM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.

Microsoft Office Sessions:
=========================
Error: (12/18/2009 03:02:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:58:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:57:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:55:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:53:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:53:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 01:55:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 01:54:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2009 07:20:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2009 07:19:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-08-09 11:19:07.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:05.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:04.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:02.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:01.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:59.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:57.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:55.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:54.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:52.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Agere Systems HDA Modem
ATI Catalyst Install Manager (Version: 3.0.704.0)
ccc-utility64 (Version: 2008.1210.1623.29379)
CCleaner (Version: 4.04)
HP MediaSmart SmartMenu (Version: 2.1.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 2.6.0.35)
Move Media Player
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
Synaptics Pointing Device Driver (Version: 15.3.29.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 3836.89 MB
Available physical RAM: 1814.4 MB
Total Pagefile: 7900.29 MB
Available Pagefile: 5654.98 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.04 GB) (Free:166.96 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:2.1 GB) NTFS

========================= Users: ========================================

User accounts for \\DOTSON-PC

dotsonlaura              ldotson3                 noguestsallowed         

**** End of log ****

 

ADWCLEANER di not save a (S0) file????????

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by ldotson3 on Tue 12/03/2013 at 12:31:13.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AAD6DA22-25BC-4FCD-8B2F-49EAA35EA802}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/03/2013 at 12:53:45.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 03 December 2013 - 04:36 PM

Hello -

avast! Antivirus!  is only listed in 1 log when it should be in both ??
The same with Spybot - Search & Destroy

Agere Systems HDA Modem
ATI Catalyst Install Manager (Version: 3.0.704.0) <= avast! should be listed below this
ccc-utility64 (Version: 2008.1210.1623.29379)
CCleaner (Version: 4.04)
HP MediaSmart SmartMenu (Version: 2.1.7)
--------------------------------------------------------------------------------------------------------------
ProtectSmart Hard Drive Protection (Version: 3.10.1.7) <= now Spybot S&D is also missing ??
Synaptics Pointing Device Driver (Version: 15.3.29.0)
-----------------------------------------------------------------------------------------------------------------
Since I can not be sure what other items are not showing .........

 

Right click > Delete your version of Minitoolbox and Re-install it from below =>

Please download MiniToolBox to Desktop and run it.
Now do not use Firefox while Reset F/F Settings is being done -

Tick all boxes and press Go
Copy and Paste all results

 

Thank You -



#5 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 03 December 2013 - 09:51 PM

Thanks for the help so far.  Here is the log.  Looks like the items you mentioned are still not listed.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by ldotson3 (administrator) on 03-12-2013 at 21:43:16
Running from "C:\Users\ldotson3\Documents\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dotson-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : carolina.rr.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : carolina.rr.com
   Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
   Physical Address. . . . . . . . . : 00-26-5E-2D-02-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8d54:891f:83c4:ec72%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.129(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 03, 2013 9:34:13 PM
   Lease Expires . . . . . . . . . . : Wednesday, December 04, 2013 9:34:13 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890846
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-03-B1-43-00-26-5E-2D-02-4D
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-23-5A-BA-30-25
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2ce7:cbf:3f57:fe7e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2ce7:cbf:3f57:fe7e%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : carolina.rr.com
   Description . . . . . . . . . . . : isatap.carolina.rr.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{CB0EF3D8-0A8B-4647-86EC-1EF2116A4D4E}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4004:803::1000
   74.125.228.32
   74.125.228.33
   74.125.228.34
   74.125.228.35
   74.125.228.36
   74.125.228.37
   74.125.228.38
   74.125.228.39
   74.125.228.40
   74.125.228.41
   74.125.228.46

 

Pinging google.com [74.125.228.97] with 32 bytes of data:

Reply from 74.125.228.97: bytes=32 time=27ms TTL=54

Reply from 74.125.228.97: bytes=32 time=28ms TTL=54

 

Ping statistics for 74.125.228.97:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=52ms TTL=49

Reply from 98.139.183.24: bytes=32 time=49ms TTL=49

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 49ms, Maximum = 52ms, Average = 50ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 26 5e 2d 02 4d ...... Atheros AR5007 802.11b/g WiFi Adapter
 10 ...00 23 5a ba 30 25 ...... Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 17 ...00 00 00 00 00 00 00 e0  isatap.carolina.rr.com
 14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 16 ...00 00 00 00 00 00 00 e0  isatap.{CB0EF3D8-0A8B-4647-86EC-1EF2116A4D4E}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.129     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.129    281
    192.168.1.129  255.255.255.255         On-link     192.168.1.129    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.129    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.129    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.129    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:5ef5:79fb:2ce7:cbf:3f57:fe7e/128
                                    On-link
 11    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::2ce7:cbf:3f57:fe7e/128
                                    On-link
 11    281 fe80::8d54:891f:83c4:ec72/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/03/2013 09:35:00 PM) (Source: Application Error) (User: )
Description: Faulting application AppleSyncNotifier.exe, version 1.5.0.0, time stamp 0x4a5d2cf8, faulting module CoreFoundation.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000135, fault offset 0x0006f52f,
process id 0xe28, application start time 0xAppleSyncNotifier.exe0.

Error: (12/03/2013 09:34:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/03/2013 09:38:33 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 09:38:33 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 09:38:33 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 09:38:33 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.

Error: (12/03/2013 09:35:02 PM) (Source: Service Control Manager) (User: )
Description: Beep

Microsoft Office Sessions:
=========================
Error: (12/18/2009 03:02:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:58:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:57:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:55:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:53:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 02:53:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 01:55:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2009 01:54:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2009 07:20:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2009 07:19:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-08-09 11:19:07.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:05.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:04.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:02.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:19:01.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:59.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:57.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:55.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:54.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 11:18:52.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Agere Systems HDA Modem
ATI Catalyst Install Manager (Version: 3.0.704.0)
ccc-utility64 (Version: 2008.1210.1623.29379)
CCleaner (Version: 4.04)
HP MediaSmart SmartMenu (Version: 2.1.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 2.6.0.35)
Move Media Player
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
Synaptics Pointing Device Driver (Version: 15.3.29.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3836.89 MB
Available physical RAM: 2204.64 MB
Total Pagefile: 7898.29 MB
Available Pagefile: 5775.14 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.04 GB) (Free:165.86 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:2.1 GB) NTFS

========================= Users: ========================================

User accounts for \\DOTSON-PC

dotsonlaura              ldotson3                 noguestsallowed         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

08-08-2013 03:01:42 avast! Free Antivirus Setup
08-08-2013 15:48:31 Removed Safari
08-08-2013 15:55:10 Installed QuickTime
09-08-2013 04:00:02 Scheduled Checkpoint
14-08-2013 13:29:28 Windows Update
16-08-2013 00:34:42 Windows Update
23-08-2013 19:52:05 Windows Update
11-09-2013 15:14:45 Windows Update
11-09-2013 15:16:49 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
12-09-2013 07:00:50 Windows Update
13-09-2013 07:01:38 Windows Update
14-09-2013 07:01:34 Windows Update
25-11-2013 16:56:38 Windows Update
25-11-2013 17:22:05 Installed Java 7 Update 45
25-11-2013 17:46:44 Windows Update
25-11-2013 20:12:09 Device Driver Package Install: Apple Network adapters
03-12-2013 15:19:58 Windows Update
03-12-2013 15:20:02 Removed Bonjour
03-12-2013 15:26:56 Removed Bonjour
03-12-2013 15:28:15 Removed Apple Software Update
03-12-2013 15:30:14 Removed Apple Mobile Device Support
03-12-2013 15:32:42 Removed Apple Application Support
03-12-2013 15:44:34 Removed Comcast Desktop Software (v1.2.0.9)
03-12-2013 15:45:37 Removed Desktop Doctor
03-12-2013 15:51:18 Removed iTunes
03-12-2013 15:58:36 Removed iTunes

**** End of log ****



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 04 December 2013 - 12:36 AM

Hi -

We need to clean out a few programs that may be "phantom readings"

 

How to uninstall our software (avast! Free version) using avastclear:
1.Download avastclear.exe on your desktop
2.Start Windows in Safe Mode (please ask if you need help here)
3.Open (execute) the uninstall utility
4.If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5.Click REMOVE
6.Restart your computer <= Very important

 

Also uninstall Spybot S & D to avoid any clash of programs See here

 

For now, install Microsoft Security Essentials => http://go.microsoft.com/fwlink/?LinkID=231276
You can always change this later if you wish -

 

(ADWCLEANER di not save a (S0) file??) <= Did your computer Reboot after the Clean part of the scan ?
If you still have the AdwCleaner program on your desktop please repeat the last part of the scan

Close or save all open programs ...........

* Open the program and look for the Clean button
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of any logfile in your next reply.

 

If it fails to produce a log (or reboot) then do not bother to try again (just tell me)

 

I will go back over your second reply to see if there are serious errors.

 

Thank You -



#7 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 04 December 2013 - 10:40 AM

Here is the latest log from Adwcleaner:

 

# AdwCleaner v3.014 - Report created 04/12/2013 at 10:30:24
# Updated 01/12/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : ldotson3 - DOTSON-PC
# Running from : C:\Users\ldotson3\Documents\Desktop\MBC\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

*************************

AdwCleaner[R3].txt - [661 octets] - [03/12/2013 12:19:50]
AdwCleaner[R4].txt - [783 octets] - [04/12/2013 10:28:33]
AdwCleaner[S2].txt - [721 octets] - [03/12/2013 12:21:38]
AdwCleaner[S3].txt - [705 octets] - [04/12/2013 10:30:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [764 octets] ##########



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 04 December 2013 - 03:56 PM

Hi -
That AdwCleaner result is clear, and was the one I was looking for -
Have you made the temporary change from avast! and removed Spybot S & D.
Both are regarded as Antivirus, and a simple one like I listed is easier for now.

CodeIntegrity Errors:  Date: 2013-08-09 all seem to be from a few months ago.
Microsoft Office Sessions:Errors: (12/18/2009) are all out dated.
Application errors :and System errors: have a few "current related" errors to work on.

 

Next -

Run ESETOnlineScanner - Please use Internet Explorer as the scanner uses ActiveX

Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- 3 - 1 .Click on  esetsmartinstaller_enu to download the ESET Smart Installer. Save it to your desktop.
- 3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer.

NOTE : Please be very patient as this will take quite some time.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.(Just tell me)

 

Thank You -

If you have any problems or questions, please post back -



#9 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 05 December 2013 - 08:48 AM

Yes, I removed Avast and S&D before doing anything from you previous post.

 

Attached is the ESET scan results:

 

C:\$RECYCLE.BIN\S-1-5-21-4042299317-268897860-3266006127-1000\$ROZQ0LG\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
 

C:\Program Files (x86)\Radio_TV_2.2\tbRadi.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined

 

I did not delete these files from the quarantined location.

 

Thanks for all your help.  I know there had to be some "stuff" on here.  What next?
 



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 05 December 2013 - 03:04 PM

Hi -

By now ESET has fully deleted the results of that scan from its quarantine.

 

Run System File Check from an Elevated Command Prompt
1. Open an Elevated Command Prompt as per directions above
2. Type sfc /scannow and press Enter (note the space between c and / it must be there)
3. (On average).This should not take longer than 20 minutes to finish
4. NOTE : Do not touch the keyboard while this is running

5. Reboot the computer after this has completed, but make a quick note of any writing on the screen at the end.

 

As always, ask if you are not sure -

 

Thank you -



#11 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 05 December 2013 - 06:00 PM

Here is what it found:

 

Windows Resource Protection found corrupt files but was unable to fix some of them.

 

Details are included in the CBS.log  windir\Logs\CBS\CBS.log.  For example C:\Windows\Logs\CBS\CBS.logs



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 05 December 2013 - 09:35 PM

Hi -

That was about all that I expected. Often we will ask you to do this 3 times, but if you are not having any major problems, this may be all that you need for now. You need to make sure that you have an Antivirus installed, so check that avast! or Microsoft Security Essentials are installed now.

 

Keep Malwarebytes installed and update it every week prior to scanning.

 

The rest of the tools can be Right click / Deleted now as most are not needed. Open AdwCleaner, hit the Uninstall button, and it will be gone as you can not update it. I always leave ESET installed, since it is not active unless we call it up again, and it will take half as long to setup next time you run it.

 

If you have any other problems or questions please ask me now, or I think there is little more we can do at the moment -

 

Thank you -

 

 



#13 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 06 December 2013 - 08:39 AM

Thanks for all your help.  Seems to be working much better now with quicker response times.



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:56 AM

Posted 06 December 2013 - 03:39 PM

I will keep an eye here for the next few days, so if the problem pops up again please post here.

 

Regards -



#15 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 09 December 2013 - 08:11 AM

We installed M Security Essentials.  Should I leave this as my anti-virus or load something else?  Any suggestions as to what if I need something else?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users