[feetishes]

MiniToolBox by Farbar Version:08-01-2013
Ran by bonnie (administrator) on 10-01-2013 at 13:22:58
Running from "C:\Users\bonnie\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : bonnie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1E-33-69-C8-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.il.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C12D3495-9B83-4917-A534-5FCF1ED20B86}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 1753,

===========================================================================
Interface List
10 ...00 1e 33 69 c8 d3 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.hsd1.il.comcast.net.
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{C12D3495-9B83-4917-A534-5FCF1ED20B86}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2013 10:46:14 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19393, time stamp 0x509cad88, faulting module dealcabby_20121029030001.dll, version 0.0.0.0, time stamp 0x508ed243, exception code 0xc0000005, fault offset 0x00001b73,
process id 0x1a54, application start time 0xiexplore.exe0.

Error: (01/07/2013 10:25:28 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19393, time stamp 0x509cad88, faulting module dealcabby_20121029030001.dll, version 0.0.0.0, time stamp 0x508ed243, exception code 0xc0000005, fault offset 0x00001b73,
process id 0x1894, application start time 0xiexplore.exe0.

Error: (01/07/2013 10:15:14 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19393, time stamp 0x509cad88, faulting module dealcabby_20121029030001.dll, version 0.0.0.0, time stamp 0x508ed243, exception code 0xc0000005, fault offset 0x00001b73,
process id 0x1698, application start time 0xiexplore.exe0.

Error: (01/03/2013 09:59:48 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422.


Operation:
Instantiating VSS server

Error: (01/03/2013 09:59:48 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The Volume Shadow Copy service (VSS) is disabled. Please
enable the service and try again.


Operation:
Instantiating VSS server

Error: (01/03/2013 01:11:00 PM) (Source: Application Error) (User: )
Description: Faulting application BabylonToolbarsrv.exe, version 1.8.3.0, time stamp 0x507b0bf9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x53455300,
process id 0x17bc, application start time 0xBabylonToolbarsrv.exe0.

Error: (01/03/2013 01:09:58 PM) (Source: Application Error) (User: )
Description: Faulting application BabylonToolbarsrv.exe, version 1.8.3.0, time stamp 0x507b0bf9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x53455300,
process id 0x1a50, application start time 0xBabylonToolbarsrv.exe0.

Error: (01/03/2013 01:09:13 PM) (Source: Application Error) (User: )
Description: Faulting application BabylonToolbarsrv.exe, version 1.8.3.0, time stamp 0x507b0bf9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x53455300,
process id 0xc2c, application start time 0xBabylonToolbarsrv.exe0.

Error: (01/03/2013 01:09:02 PM) (Source: Application Error) (User: )
Description: Faulting application BabylonToolbarsrv.exe, version 1.8.3.0, time stamp 0x507b0bf9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x53455300,
process id 0xab4, application start time 0xBabylonToolbarsrv.exe0.

Error: (01/03/2013 01:08:52 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19393, time stamp 0x509cad88, faulting module dealcabby_20121029030001.dll, version 0.0.0.0, time stamp 0x508ed243, exception code 0xc0000005, fault offset 0x00001b73,
process id 0x1424, application start time 0xiexplore.exe0.


System errors:
=============
Error: (01/07/2013 11:00:50 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (01/03/2013 11:42:52 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:42:52 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:42:52 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:40:10 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:40:10 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:40:10 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/03/2013 11:30:48 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (01/03/2013 11:30:48 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (01/03/2013 11:28:00 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-01-09 21:23:00.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:23:00.095
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:59.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:59.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:58.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:58.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:58.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:57.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:57.303
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-09 21:22:56.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 6.0.0.59)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
Bonjour (Version: 3.0.0.10)
Google Chrome (Version: 23.0.1271.97)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Move Media Player
Synaptics Pointing Device Driver (Version: 10.1.8.0)
TOSHIBA Application Disc Creator (Version: 2.0.0.2 for x64)
TOSHIBA Disc Creator (Version: 2.0.1.3 for x64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.2.64)
TOSHIBA Software Modem (Version: 2.1.87 (SM2187ALS04))
TOSHIBA Value Added Package (Version: 1.1.24.64)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (Version: 11/19/2006 1.0.0.3)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 3963.07 MB
Available physical RAM: 3098.82 MB
Total Pagefile: 8155.41 MB
Available Pagefile: 7234.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.35 MB

========================= Partitions: =====================================

1 Drive c: (SQ004817V03) (Fixed) (Total:296.62 GB) (Free:199.1 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator bonnie Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

[Advertisements]

Hi,
You have lots of services disabled, any idea on how that could have happened?
The automated tool I asked to run back in post number 10 should fix that, so lets go ahead and run it now.

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished **In addition to the checked boxes in the picture, please also check the following box:
Repair Volume Shadow Copy Service




Let me know if you have internet on this machine after running this fix

[Crowbar]

Hi,
You have lots of services disabled, any idea on how that could have happened?
The automated tool I asked to run back in post number 10 should fix that, so lets go ahead and run it now.

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished **In addition to the checked boxes in the picture, please also check the following box:
Repair Volume Shadow Copy Service




Let me know if you have internet on this machine after running this fix

[feetishes]

My friend allowed her grandchild to use her laptop, downloading and installing different games from over the internet. After he used it, my friend told me that it hasn't been able to access the internet. I will keep you posted of the progress after I complete the steps you indicated above.

Regards

[Crowbar]

No problem, I am off to run errands now, I will be back in about 6 hours, after the dinner guests leave, unless they bring a computer for me to fix
That seems to happen to me a lot!

[feetishes]

I appreciate the help! I will keep you posted on the progress.

[feetishes]

Ok, after the reboot, I am now able to access the internet!!

Let me know if there are any other steps I need to perform.

I really appreciate the big help you've been!

Regards!
John

[Crowbar]

Great news about the internet working now!
Stick with me a little bit longer, there are a few more things to tidy up before you go away...

Your Internet Explorer is a version behind. IE9 is more secure and will help to keep you a little bit safer,
Please go here to upgrade your browser. Even if you don't use IE for your web browsing, it's still a good idea to upgrade to IE9

I would like to make sure all your services are up and running properly, so I feel that one more scan with the Farbar's tool would be a good idea,
Step 1
Please run Farbar's Service Scanner that you have already downloaded.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

and a fresh Security Check also, just to make sure those issues were cured by the tweaking.com program...

Step 2

• .
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:

• FSS.txt from Farbar's
• checkup.txt from Security Check
• If all looks good here, I will then remove my tools and send you off on your way.

[feetishes]

Farbar Service Scanner Version: 05-01-2013
Ran by bonnie (administrator) on 11-01-2013 at 07:42:58
Running from "C:\Users\bonnie\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-19 19:54] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 17:15] - [2012-01-03 08:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 07:02] - [2012-03-30 06:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-16 10:14] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-19 19:54] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-19 19:53] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-19 19:55] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-19 19:53] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-19 19:54] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-19 19:55] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-19 19:54] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-11-06 10:14] - [2012-06-01 18:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-19 19:55] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

[feetishes]

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.5.13) Firefox out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[Crowbar]

Ok,
Still a little bit to do -
Your Windows Firewall is not running - can you tell me if you have the AVG firewall running? If not, I will provide instructions to get the Windows firewall up and running. You need one of them running.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrade Java : (64 bits)

• Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 4 .
• Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
• Check the box that says: "Accept License Agreement.".
• Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

Your Adobe reader is out of date,
Please uninstall Adobe Reader 9 and go here to download the newest version
** Important ** Make sure to UNCHECK the box to install McAfee Security Scan Plus before clickin the Download Now button.
There may be another program that is being offered other than McAfee, so please uncheck the box no matter what other program is offered.

Your Firefox is outdated -
Do you use Firefox? if so then please go here to download the newest version

Otherwise,
Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go Start > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[feetishes]

The AVG firewall is running.

[Crowbar]

The AVG firewall is running.

I will leave this open for a little while longer, so if you have any other issues with it, please let me know.

[feetishes]

Everything has been running very well so far!

I'll keep you posted if anything changes!

Thanks so much!
John

[Crowbar]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.