Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network Problem


  • Please log in to reply
24 replies to this topic

#1 Adams369

Adams369

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 05:59 AM

Hello This is my first time posting and my last resort.  I'm having an issue with connectivity on my vista ultimate desktop. My wifi works fine but my desktop computer keeps losing connection at different times.

 

 I have tried the following Changed the modem

                                          Changed the router

                                          Changed all the cables

                                           Reset the Winsock

                                           Flushed DNS Cache

                                           Renew Refresh

                                           Changed the Sleep settings in the network properties

                                          Turned off autotuning

                                           Changed the Flow Control

 

When i go to the little icon in the notification area and diagnose it constantly says found a problem that cannot be repaired automatically but when i diagnose the lan in the network folder it says no problem found Try and reset the network. I have done so and this does not work.

I've taken it to a computer guy they can't seem to see anything wrong.They gave me an old network adapter and I could not get the drivers to load. Is this possible it was an old card for an older system

Pro 200 WL. Took the card back out may need to try again with a newer card. Someone had told me that it's possible vista has a fail safe when the download is to much it shuts down called flooding or something. i don't know if thats true.

 

Any assistance on this matter would be appriciated before i go and buy a new network card. Thank you.



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:02:26 AM

Posted 30 April 2014 - 06:37 AM

Hi :welcome: to BC,
 
We can start with some basic checks...
 
» Minitoolbox log
Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

Click on Go.

Post the resulting log in your next reply.


» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

» Check Windows System files integrity

  • open the Command Prompt as Administrator (Tutorial)
  • type the following command and press Enter:
    sfc /scannow
    
    
    Note: This may take some time to finish.

    if it doesn't say "No integrity violations found" them do this:
  • In the command prompt window, type or Copy & Paste the following:
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"
  • Close the command prompt.
  • Attach to your post the sfcdetails.txt file that was just placed on your Desktop
  • You can safely delete the sfcdetails.txt file afterwards if you like

 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 09:15 AM

Here is the first diagnostics report

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mike (administrator) on 30-04-2014 at 10:06:47
Running from "C:\Users\Mike\Desktop"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mike-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2
   Physical Address. . . . . . . . . : 00-1F-D0-CD-55-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9891:58:a086:8a6f%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.11.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 29, 2014 9:32:00 PM
   Lease Expires . . . . . . . . . . : Friday, May 02, 2014 6:07:15 AM
   Default Gateway . . . . . . . . . : 192.168.11.1
   DHCP Server . . . . . . . . . . . : 192.168.11.1
   DHCPv6 IAID . . . . . . . . . . . : 234889168
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-EF-EC-C2-00-1F-D0-CD-55-72
   DNS Servers . . . . . . . . . . . : 192.168.11.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.11.1

Name:    google.com
Addresses:  2607:f8b0:4006:806::1002
   74.125.226.14
   74.125.226.0
   74.125.226.1
   74.125.226.2
   74.125.226.3
   74.125.226.4
   74.125.226.5
   74.125.226.6
   74.125.226.7
   74.125.226.8
   74.125.226.9

 

Pinging google.com [74.125.226.0] with 32 bytes of data:

Reply from 74.125.226.0: bytes=32 time=38ms TTL=51

Reply from 74.125.226.0: bytes=32 time=37ms TTL=51

 

Ping statistics for 74.125.226.0:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 38ms, Average = 37ms

Server:  UnKnown
Address:  192.168.11.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=96ms TTL=46

Reply from 206.190.36.45: bytes=32 time=96ms TTL=46

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 96ms, Maximum = 96ms, Average = 96ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 14 ...00 1f d0 cd 55 72 ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2
  1 ........................... Software Loopback Interface 1
  8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.11.1     192.168.11.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.11.0    255.255.255.0         On-link      192.168.11.2    276
     192.168.11.2  255.255.255.255         On-link      192.168.11.2    276
   192.168.11.255  255.255.255.255         On-link      192.168.11.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.11.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.11.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    276 fe80::/64                On-link
 14    276 fe80::9891:58:a086:8a6f/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/28/2014 07:13:25 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 3354
Start Time: 01cf6335acc67ee0
Termination Time: 148

Error: (04/27/2014 00:05:07 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module atiumdva.dll, version 8.14.10.381, time stamp 0x50d2191d, exception code 0xc0000005, fault offset 0x000c59fc,
process id 0x33a0, application start time 0xiexplore.exe0.

Error: (04/23/2014 09:33:34 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fe8
Start Time: 01cf5f5197ca6840
Termination Time: 135

Error: (04/23/2014 08:10:22 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Flash32_13_0_0_182.ocx, version 13.0.0.182, time stamp 0x533390a3, exception code 0xc0000005, fault offset 0x005beca1,
process id 0x1a10, application start time 0xiexplore.exe0.

Error: (04/19/2014 08:11:14 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cec
Start Time: 01cf5c2cbd68bca0
Termination Time: 26

Error: (04/19/2014 00:40:39 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (04/19/2014 00:40:39 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (04/18/2014 05:45:40 AM) (Source: Application Error) (User: )
Description: Faulting application stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, faulting module stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, exception code 0xc0000005, fault offset 0x000ffd49,
process id 0x418c, application start time 0xstcd.exe0.

Error: (04/18/2014 05:45:09 AM) (Source: Application Error) (User: )
Description: Faulting application stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, faulting module stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, exception code 0xc0000005, fault offset 0x000ffd49,
process id 0xc724, application start time 0xstcd.exe0.

Error: (04/18/2014 05:44:50 AM) (Source: Application Error) (User: )
Description: Faulting application stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, faulting module stcd.exe, version 5.1.616.0, time stamp 0x49c023f5, exception code 0xc0000005, fault offset 0x000ffd49,
process id 0xcf6c, application start time 0xstcd.exe0.

System errors:
=============
Error: (04/30/2014 06:07:56 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/30/2014 06:07:53 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/29/2014 09:39:42 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RYANS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B96C2341-622F-4546-988E-0EDCBBDC1728}.
The master browser is stopping or an election is being forced.

Error: (04/29/2014 09:27:39 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RYANS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B96C2341-622F-4546-988E-0EDCBBDC1728}.
The master browser is stopping or an election is being forced.

Error: (04/29/2014 09:19:22 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (04/29/2014 09:19:22 PM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3

Error: (04/29/2014 09:15:30 PM) (Source: Service Control Manager) (User: )
Description: 30000VSSERV

Error: (04/29/2014 08:39:43 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RYANS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B96C2341-622F-4546-988E-0EDCBBDC1728}.
The master browser is stopping or an election is being forced.

Error: (04/29/2014 07:17:29 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.11.2.
The computer with the IP address 192.168.11.8 did not allow the name to be claimed by
this computer.

Error: (04/29/2014 03:54:06 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RYANS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B96C2341-622F-4546-988E-0EDCBBDC1728}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (12/05/2013 10:24:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 205 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (12/05/2013 09:02:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9452 seconds with 3180 seconds of active time.  This session ended with a crash.

Error: (04/03/2013 09:32:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 224 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/03/2013 09:16:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 123 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/10/2013 02:00:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6052 seconds with 2400 seconds of active time.  This session ended with a crash.

Error: (12/21/2012 06:19:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1741 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (12/21/2012 05:13:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1487 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (12/21/2012 00:06:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2000 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (11/09/2012 01:04:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/02/2012 07:53:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-04-29 06:58:38.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:38.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:38.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:37.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:35.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:35.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:34.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 06:58:34.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 12:09:52.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-28 12:09:52.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

========================= Devices: ================================

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 4093.58 MB
Available physical RAM: 1855.43 MB
Total Pagefile: 10142.85 MB
Available Pagefile: 7667.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3988.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:688.83 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKE-PC

Administrator            ASPNET                   Guest                   
Mike                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

24-03-2014 09:08:06 Installed Microsoft Fix it 50357
25-03-2014 10:17:34 Scheduled Checkpoint
26-03-2014 09:57:08 Scheduled Checkpoint
27-03-2014 13:06:07 Scheduled Checkpoint
28-03-2014 13:18:17 Scheduled Checkpoint
29-03-2014 09:33:03 Scheduled Checkpoint
30-03-2014 11:58:53 Scheduled Checkpoint
31-03-2014 11:52:35 Scheduled Checkpoint
01-04-2014 13:17:33 Scheduled Checkpoint
02-04-2014 14:28:18 Scheduled Checkpoint
03-04-2014 08:54:15 Scheduled Checkpoint
04-04-2014 10:17:20 Scheduled Checkpoint
05-04-2014 21:02:46 Scheduled Checkpoint
06-04-2014 11:28:05 Scheduled Checkpoint
07-04-2014 12:34:16 Scheduled Checkpoint
08-04-2014 10:35:53 Scheduled Checkpoint
09-04-2014 04:00:07 Scheduled Checkpoint
09-04-2014 11:54:59 Windows Update
10-04-2014 11:04:38 Scheduled Checkpoint
11-04-2014 04:00:07 Scheduled Checkpoint
12-04-2014 09:33:19 Scheduled Checkpoint
13-04-2014 10:08:46 Scheduled Checkpoint
14-04-2014 11:01:59 Scheduled Checkpoint
15-04-2014 04:42:58 Scheduled Checkpoint
16-04-2014 07:45:14 Scheduled Checkpoint
16-04-2014 11:04:01 Removed NWZ-E380 WALKMAN Guide.
17-04-2014 07:39:21 Scheduled Checkpoint
17-04-2014 10:11:30 Installed Java 7 Update 55
18-04-2014 04:05:58 Scheduled Checkpoint
19-04-2014 18:58:13 Scheduled Checkpoint
23-04-2014 01:53:15 Scheduled Checkpoint
24-04-2014 09:27:15 Scheduled Checkpoint
25-04-2014 10:35:05 Scheduled Checkpoint
26-04-2014 05:40:02 Scheduled Checkpoint
27-04-2014 04:41:56 Scheduled Checkpoint
28-04-2014 03:16:16 Scheduled Checkpoint
29-04-2014 12:07:52 Scheduled Checkpoint
30-04-2014 02:37:17 Scheduled Checkpoint

**** End of log ****



#4 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 09:22 AM

here is the next set

Farbar Service Scanner Version: 25-02-2014
Ran by Mike (administrator) on 30-04-2014 at 10:19:08
Running from "C:\Users\Mike\Desktop"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 07:14] - [2013-09-03 22:31] - 0404992 ____A (Microsoft Corporation) 2BA159E1F9FD75F6A496742B20F1D9CF

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-14 06:58] - [2013-07-05 00:45] - 1423808 ____A (Microsoft Corporation) C2CB949645C299E23FBFD26CAD3FC96E

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#5 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 09:44 AM

here is your last request

 

Hope this helps

Attached File  sfcdetails.txt   43.03KB   3 downloads



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:02:26 AM

Posted 30 April 2014 - 11:01 AM

Hi,

 

here is your last request

 

Hope this helps

attachicon.gifsfcdetails.txt

 

Please run the sfc scan again to see if this time you get "No integrity violations found"

 

One of the log's show errors on the Hard Disk:
 

Error: (04/30/2014 06:07:56 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/30/2014 06:07:53 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Please make a copy of your critical documents to some other place before executing the following check/repair to avoid any loss when the system tries to correct the errors.

  • open the Command Prompt as Administrator (Tutorial)
  • type the command:
    chkdsk /r /x C:
    Note: When it ask if you want to checked the volume next time the system restarts answer Yes
  • restart the computer and let the scan run it will take some time...

Next,

  • download ListChkdskResult
  • execute the file and accept all the windows prompts to authorize the program to run
  • Notepad will open with a report showing the chkdsk result
  • copy & paste the log to your reply

Edited by SleepyDude, 30 April 2014 - 11:02 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 01:12 PM

Followed your instructions, went to command prompt typed in chkdsk command as requested. typed Y for scan when restarted and restarted the computer but no scan started just restarted like normally right to the login screen. also re ran sfc scannow and still said repaired some corupt files. cannot get a no integrity violations found.

 

I can attempt to run  error checking in the computer properties if that helps. What do you suggest my next step be.

 



#8 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 04:24 PM

Disregard last post. I am in process of chkdsk i will post results as soon as it is done. thanks again



#9 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 30 April 2014 - 06:21 PM

Here is your results, got an error message when trying to run the file list chkdsk.exe

as shown

Attached File  Capture.JPG   38.22KB   0 downloads if you cant read this not sure how to post the snipping photo i took. with error message



#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:02:26 AM

Posted 01 May 2014 - 06:07 AM

Hi,

 

Here is your results, got an error message when trying to run the file list chkdsk.exe

as shown

attachicon.gifCapture.JPG if you cant read this not sure how to post the snipping photo i took. with error message

 

For some strange reason my script couldn't get the information from the Windows Event Viewer!

 

Please follow the guide on this page to find the chkdsk result.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 01 May 2014 - 06:35 AM

Tried both options stated that it could not find.  i am very sure i ran chkdsk not sure where to go from here. But i really appriciate all the help and support. thank you what next

 



#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:02:26 AM

Posted 01 May 2014 - 11:15 AM

Tried both options stated that it could not find.  i am very sure i ran chkdsk not sure where to go from here. But i really appriciate all the help and support. thank you what next

 

 

  • Download and install GSmartControl (click the link and wait for the download to start)
  • Run the installed GSmartControl

gsmartcontrol-16.jpg

  • right click your Hard Disk and select View details
  • click on the Save As button, and save the report to the Desktop
  • attach the report to your post

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 01 May 2014 - 11:33 AM

test complete results

Attached File  WDC_WD10EADS-00L5B1_WD-WCAU47574386_2014-05-01.txt   4.46KB   2 downloads

 



#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:02:26 AM

Posted 01 May 2014 - 11:57 AM

 

Thanks. It looks good.

 

In your screenshot I notice Combofix on the Desktop, did you use it for any particular reason?

 

WARNING: ComboFix its a very powerful and dangerous tool and should not be run on your own. CF should be used only when requested by a trained Anti-Malware helper.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 Adams369

Adams369
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 01 May 2014 - 12:13 PM

Funny you should ask.  I've never accually used it i had my computer at a pc repair shop. and the guys there installed and used it. never uninstalled it. I noticed it when i got it back so i looked it up. figured no harm in it being there.

 

if everything with the drive looks good have we possibly solved issue or shall we check other solutions






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users