Jump to content

Change Mode

HJT Log


AAQueen
 Share

Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

No problem at all, Juliet!! I appreciate all of your help with this computer. Here is the scan that you requested and I will check tomorrow for further instructions. Thanks again for everything!!

 

Farbar Service Scanner Version: 25-02-2014

Ran by Brenda (administrator) on 13-03-2014 at 21:32:38

Running from "C:\Users\Brenda\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

Other Services:

==============

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

**** End of log ****

Link to comment
Share on other sites

Also, still can't turn on any of the anti-virus or anti-malware programs either.

Please boot into safe mode and see if this is an issue here as well.

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options

Using the arrow keys, select the Safe Mode option you want. (Safe Mode with networking)

Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.

 

Now try to turn on and update your antivirus.

 

~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download the Event Viewer Tool by Vino Rosso

http://images.malwareremoval.com/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

I want you to try and take a screen shot of that error message.

Bring up the error, look at your keyboard and press the Print Scr key,

Next, go to the Windows search window located by the Microsoft Orb, type in Paint

Click on the Paint tool

In Paint, go up to Edit > Paste

* Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.

* Then click Add Reply in this topic.

* Click the Browse button.

* Locate the file you just saved, click on it, then click Open.

* Click Add This Attachment.

Link to comment
Share on other sites

Hi Juliet,

 

Ok, I rebooted in Safe Mode and tried to enable Avast and MalwareBytes but neither one will open. I tried both double clicking on the desktop icons as well as right clicking and trying "Run As Administrator" but no luck. I am in the process of moving on to the next set of instructions right now.

Link to comment
Share on other sites

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 17/03/2014 6:57:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 17/03/2014 10:00:22 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/03/2014 9:54:48 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 14/03/2014 1:29:10 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/03/2014 12:43:28 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

Log: 'System' Date/Time: 14/03/2014 12:37:44 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 17/03/2014 10:52:54 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:52:54 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:52:54 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:50:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:50:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:50:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:45:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:45:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:45:46 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:43:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:43:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:43:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:38:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:38:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:38:38 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:36:32 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:36:32 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:36:32 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

Log: 'System' Date/Time: 17/03/2014 10:31:32 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 17/03/2014 10:31:32 PM

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/03/2014 7:58:09 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2014 7:57:58 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/03/2014 1:27:08 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 14/03/2014 1:22:02 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 14/03/2014 12:38:36 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_3.21#000016151170DA51&0#.

 

Log: 'System' Date/Time: 14/03/2014 12:20:24 AM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_3.21#000016151170DA51&0#.

Log: 'System' Date/Time: 14/03/2014 12:09:04 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 14/03/2014 12:03:55 AM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/03/2014 12:03:52 AM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 14/03/2014 12:03:01 AM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/03/2014 5:48:33 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 13/03/2014 5:38:32 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/03/2014 5:24:23 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 13/03/2014 5:23:55 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/03/2014 5:23:52 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 13/03/2014 5:22:30 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/03/2014 5:22:14 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 12/03/2014 1:03:11 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/03/2014 6:05:02 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

 

Log: 'System' Date/Time: 11/03/2014 6:05:00 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Link to comment
Share on other sites

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 17/03/2014 7:00:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 17/03/2014 10:04:49 PM

Type: Error Category: 0

Event: 3011 Source: Microsoft-Windows-LoadPerf

Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Log: 'Application' Date/Time: 17/03/2014 10:04:49 PM

Type: Error Category: 0

Event: 3012 Source: Microsoft-Windows-LoadPerf

The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 17/03/2014 10:02:55 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0x7f8 Faulting application start time: 0x01cf422c9d4750a0 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: e3f670ea-ae1f-11e3-a164-60eb69382610

 

Log: 'Application' Date/Time: 17/03/2014 10:02:44 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0x4f0 Faulting application start time: 0x01cf422c9671bd37 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: dd931f8e-ae1f-11e3-a164-60eb69382610

Log: 'Application' Date/Time: 17/03/2014 9:55:37 PM

Type: Error Category: 0

Event: 100 Source: AdvisorDock

The event description cannot be found.

 

Log: 'Application' Date/Time: 17/03/2014 9:55:35 PM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0xb34 Faulting application start time: 0x01cf422b9db50589 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: dd8f7cc7-ae1e-11e3-afe0-60eb69382610

Log: 'Application' Date/Time: 14/03/2014 1:30:02 AM

Type: Error Category: 0

Event: 100 Source: AdvisorDock

The event description cannot be found.

 

Log: 'Application' Date/Time: 14/03/2014 1:29:54 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0x464 Faulting application start time: 0x01cf3f24e31538f5 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 24ff3752-ab18-11e3-afc9-60eb69382610

Log: 'Application' Date/Time: 14/03/2014 1:23:22 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0xc14 Faulting application start time: 0x01cf3f23f644c616 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 3b0c3a6e-ab17-11e3-a5f0-60eb69382610

 

Log: 'Application' Date/Time: 14/03/2014 1:23:21 AM

Type: Error Category: 0

Event: 100 Source: AdvisorDock

The event description cannot be found.

Log: 'Application' Date/Time: 14/03/2014 1:16:59 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: Instup.exe, version: 9.0.2013.292, time stamp: 0x52dea95b Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0x678 Faulting application start time: 0x01cf3f23171f892a Faulting application path: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 56ca1e0b-ab16-11e3-9644-60eb69382610

 

Log: 'Application' Date/Time: 14/03/2014 1:16:30 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: Instup.exe, version: 9.0.2013.292, time stamp: 0x52dea95b Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0xda0 Faulting application start time: 0x01cf3f2302981bb6 Faulting application path: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 459d0bb8-ab16-11e3-9644-60eb69382610

Log: 'Application' Date/Time: 14/03/2014 12:44:34 AM

Type: Error Category: 0

Event: 8210 Source: System Restore

An unspecified error occurred during System Restore: (PC Pitstop Restore Point). Additional information: 0x8000ffff.

 

Log: 'Application' Date/Time: 14/03/2014 12:44:27 AM

Type: Error Category: 0

Event: 100 Source: AdvisorDock

The event description cannot be found.

Log: 'Application' Date/Time: 14/03/2014 12:44:24 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0xf38 Faulting application start time: 0x01cf3f1e8a93cf88 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: c96e8aa5-ab11-11e3-9644-60eb69382610

 

Log: 'Application' Date/Time: 14/03/2014 12:38:21 AM

Type: Error Category: 0

Event: 4005 Source: Microsoft-Windows-Winlogon

The Windows logon process has unexpectedly terminated.

Log: 'Application' Date/Time: 14/03/2014 12:10:49 AM

Type: Error Category: 0

Event: 100 Source: AdvisorDock

The event description cannot be found.

 

Log: 'Application' Date/Time: 14/03/2014 12:10:38 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: AvastUI.exe, version: 9.0.2013.292, time stamp: 0x52deab96 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116 Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting process id: 0xabc Faulting application start time: 0x01cf3f19c720f9c5 Faulting application path: C:\Program Files\AVAST Software\Avast\AvastUI.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 1237aad7-ab0d-11e3-91d0-60eb69382610

Log: 'Application' Date/Time: 13/03/2014 6:18:00 PM

Type: Error Category: 0

Event: 80 Source: SideBySide

Activation context generation failed for "c:\Users\Brenda\Desktop\cleanup utilities\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Log: 'Application' Date/Time: 13/03/2014 6:17:17 PM

Type: Error Category: 0

Event: 63 Source: SideBySide

Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 17/03/2014 10:01:00 PM

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/03/2014 1:17:48 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Config.Msi\1f70e3.rbf' (pid 4744) cannot be restarted - Application SID does not match Conductor SID..

 

Log: 'Application' Date/Time: 14/03/2014 1:17:40 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.1.5354.0\AdAwareUpdater.exe' (pid 4744) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 10/03/2014 9:01:13 PM

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 10/03/2014 9:00:32 PM

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/03/2014 8:54:10 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:54:09 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:43 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:43 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:40 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:40 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:37 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:37 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:37 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:37 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:35 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:35 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:35 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Log: 'Application' Date/Time: 10/03/2014 8:53:35 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 10/03/2014 8:53:35 PM

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Link to comment
Share on other sites

Ok, I tried to follow your instructions to screen shot the errors and nothing is working there. So, I wrote down each of the errors and when they appear so hopefully this will help.

 

When booting/re-starting the computer- the following errors appear: Appears 3 times

 

Windows Logon: LogonUI.exe- Bad Image (Appears 3 times)

 

Windows is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

 

Winlogon.exe- Bad Image (Appears 2 times)

 

Windows is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

 

Once password is entered and goes to the home screen, the following errors occur:

 

dwm.exe- Bad Image (Appears 2 times)

C:\Windows\system32\WindowsCodecs.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

HPAdvisorDock.exe- Bad Image (Appears 2 times)

C:\Windows\system32\WindowsCodecs.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

Link to comment
Share on other sites

Let me throw some options out there in hopes they might have a reflection and make these errors go away.

 

Try a repair (Control Panel > Program and Features (Add Remove Programs) > select avast! > scroll down select repair.

Wait for the repair to finish and then reboot your system.

 

Is Windows Repair (all in one)still on the desktop?

Open Windows Repair (all in one)

Select Repairs tab => Click the Start

The repairs window will open, Check the box #25 Restore Important Windows Services, then select Start

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

~~~~~~~~~~~~~~~~~~~~~

 

go to start ,all programs, accessories and right click on command prompt select "run as administrator at the prompt type:-

 

SFC /Scannow (press enter) takes awhile to run.

 

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html?ltr=S

Windows 7: SFC /SCANNOW Command - System File Checker

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Insert the Windows 7 installation disc and try to initiate startup repair from Windows Recovery Console and check if it helps.

http://windows.microsoft.com/en-us/windows7/products/features/startup-repair

 

 

But the easiest thing for you may be a repair install

http://www.sevenforums.com/tutorials/3413-repair-install.html

Link to comment
Share on other sites

One more thing I thought of this morning. Since the infection that hit this machine has damaged some services and whatever else it could do, let's try to run another quick tool to see if we can get any help.

  • Please download ServicesRepair and save it to your desktop.
    • Double-click ServicesRepair.exe.
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • After restart wait a few minutes until the system settled down. Reboot and let's pray the error messages might be gone.
Link to comment
Share on other sites

Hello Juliet,

 

Just want to thank you again for all of your help. I am posting the Windows Repair Log that you requested and then I will continue with your other instructions.

 

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: BRENDA-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Brenda
Current Profile SID: S-1-5-21-1897920354-356747738-1419999941-1000
Current Profile Classes: S-1-5-21-1897920354-356747738-1419999941-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Brenda\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:06:34

Process Count: 56
Commit Total: 1.72 GB
Commit Limit: 5.86 GB
Commit Peak: 1.95 GB
Handle Count: 16492
Kernel Total: 310.90 MB
Kernel Paged: 245.00 MB
Kernel Non Paged: 65.89 MB
System Cache: 1.24 GB
Thread Count: 670
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.93 GB
Memory Used: 1.65 GB(56.4093%)
Memory Avail.: 1.28 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.93 GB
Memory Used: 1.26 GB(43.0047%)
Memory Avail.: 1.67 GB
--------------------------------------------------------------------------------

Starting Repairs...
Start (3/18/2014 2:03:20 PM)

25 - Restore Important Windows Services
Start (3/18/2014 2:03:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/18/2014 2:03:53 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (3/18/2014 2:03:53 PM)
Total Repair Time: 00:00:35


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

Link to comment
Share on other sites

Just ran the SFC /Scannow file checker and I didn't see a way to save that log nor did I see where you had asked me to, but it did say that 100% of the scan was completed and that "Windows Resource Protection found corrupt files but was unable to repair them all."

 

I am running the other scan and such right now.

Link to comment
Share on other sites

Update: I ran the other scan and let it re-boot the computer. Then, after just sitting, I restarted it and unfortunately all of those same errors are still there. :-(

I was afraid of that. We're looking at corrupted system files/drivers that we will not be able to repair by scanning or trying to use tools to help us out.

One thing I thought interesting was, I know Avast wouldn't open but later on I thought, wonder if you uninstalled it would it allow you to download and install again?

But, we don't know. Then I thought, what about a different anitvirus such as

This is of course a last ditch effort. And if you should attempt this booting into safe mode after downloading would be your best option for a successful install.

 

I think, if you should try the above and it fails, what we have to do at this point is a repair install

http://www.sevenforums.com/tutorials/3413-repair-install.html

or a startup repair from Windows Recovery Console

http://windows.microsoft.com/en-us/windows7/products/features/startup-repair

 

http://windows.microsoft.com/en-us/windows7/installing-windows-7-frequently-asked-questions

the above link is a good read for formatting.

 

If you should have questions we have a forum here, User to User which can help.

http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/

Link to comment
Share on other sites

Ok, no luck at all with the repair so he did a complete restore to factory settings. I am not too familiar with programs and such he needs now and don't want to duplicate anything that could cause a problem. I have put Microsoft Security Essentials on for his antivirus and MalwareBytes. Any suggestions and would you mind taking a look at everything to make sure there are no weird leftover files from whatever was on the computer?

Link to comment
Share on other sites

After the restore to factory settings, those windows error messages gone?

 

Which browser will you be using?

 

Make sure Windows Firewall is enabled and you have all Microsoft updates.

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop
Secure My Computer: A Layered Approach

 

I'd be happy to check.

 

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
  • Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.

    No need for that though ..... just post it as you would any other log.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...