Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC misbehaves, but it doesn't seem to be infected. Is it?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Klaorman

Klaorman

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 16 March 2014 - 09:55 PM

Hi,

 

I moved recently, and when I reconnected my ISP weird things started happening on my PC (Windows 7 Home Premium with Service Pack 1). A little background first: During the reconnection, I decided to not run a long wire from my wireless modem in the living room to my PC in the computer room and instead use a wireless USB adapter. I tried out Belkin and Netgear adapters but could not install the software from their CDs (I got errors from both installations). Actually, I made a mistake with the Belkin by eagerly inserting it into a USB port before running its CD, which (I found out immediately afterwards) they warned not to do. Right after inserting it, my PC rebooted! After returning the adapters, I had to run the long wire anyway. When I fired up Chrome, all seemed well, but then:

1. Chrome displays an Invalid Server Certificate page anytime I try to load an https page. I also can't download anything using Chrome or Firefox. Plus, I can't copy any text (after copying I can't paste) nor bookmark any sites in Firefox.

2. I can't run many programs now, with most of them displaying error messages. Some examples:
* IE opens its window, but then after a few seconds it closes.
* AVG Antivirus, Windows Media Player, and Dropbox don't show up at all (when I run them, the busy cursor shows for a few seconds and then disappears).
* iTunes displays an error: "Apple Application Support was not found. Apple Application Support is required to run iTunes. Please uninstall iTunes, then install iTunes again. Error 2 (Windows error 2)".
* Steam displays an "unknown software exception (0x40000015)".
* Microsoft Word Starter 2010 and Excel Starter both display an error box titled "Click-2-Run Virtualization Han..." (can't stretch it to see more) that just says "30015".
* Bastion (a game) and SharpDevelop 4.1 (a development editor) both display the same error: "Please set registry key HKLM\Software\Microsoft\.NETFramework\InstallRoot to point to the .NET Framework install location"

3. Some programs misbehave:
* Spotify's Discover page doesn't show album covers. Covers display fine elsewhere in the program.
* YouTube on Chrome doesn't display comments; they do display on Firefox.

Also, before reconnecting my ISP, I did use my PC a few times; I noticed that AVG wasn't running during those times, but I assumed that that was due to the PC not being connected.

 

Is my PC infected? I don't see any signs of an infection (other than the above anomalies); there are no popups, no site redirects, and my PC isn't slow. Some of the errors seem to point to a corrupted registry. I explored my System Restore, but I found out that it only keeps about a week of snapshots and I had let more than a week pass before I had even thought about restoring. I've run Windows Defender, which gives me the all clear.

 

Thanks for any help you can provide.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 17 March 2014 - 06:05 AM

Hello Klaorman -
Unknown software exception 0x40000015, <=from Windows 7 Forum.
The 0x40000015 error may be caused by windows system files damage.

You could have done some minor damage during the move.

 

 

Run a Disk Check on your C: drive in Windows 7:
•Click Start and open Computer
•Right-click on C: (or your main hard drive letter) and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started a you may lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

 

Follow this with a run of sfc /scannow.
Run System File Check from an Elevated Command Prompt
1 Open Elevated Command Prompt as per directions above
2 Type sfc /scannow and press Enter (note the space between c and / as it must be there)
3 This should not take longer than 20 minutes to finish unless you have major errors
4 NOTE : Do not touch the keyboard while this is running.
Follow other directions from the above section.

This program is best run twice just to be sure.

 

I would also follow this up with a call to your Internet Service Provider if the problem continues.



#3 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 18 March 2014 - 02:07 AM

Thanks noknojon. The Disk Check took at least 6 hours; I had to leave before it finished. The System File Check reported that "Windows Resource Protection did not find any integrity violations." Sounds good, but nothing has changed; I'm seeing all of the same behaviors that I had detailed above. Do you have any other suggestions? I suspect that either plugging in the Belkin or trying to install its and the Netgear's software somehow hosed the registry or other files. I'd call my ISP, but I'm envisioning wasting time with their support, so I want to leave that as a last resort.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 18 March 2014 - 03:44 AM

Thanks noknojon. The Disk Check took at least 6 hours; I had to leave before it finished.

That is a very long time. Anything much over 2 hours often can mean hidden problems.

my Win 7 SP1 HPrem will run a full disk check in just over 1 hour, but I add "1 to 2 hours (on average)" to cover all options.

 

This leads me to almost ask for a second run when you have time.

 

I notice that the list of programs (mainly) that will not run are Add on type programs.

1. Chrome and Firefox fail

2. AVG Antivirus, Windows Media Player, and Dropbox problems.

3. Spotify's Discover page and YouTube on Chrome.

 

You do mention minor problems with I.E., but it seems to be the most stable browser so far.

 

Please read the bottom of This topic, and reset all browser Extensions etc.

If you feel that there are problems related to the browser, you are better to Uninstall and Reinstall it.

Please remember that Firefox and Chrome are just added programs, and they may need removal or reinstalling.

 

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should soon open automatically called checkup.txt

* If the program seems to stall for a few minutes, it is just gathering information.
* Please Copy and Paste the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.



#5 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 18 March 2014 - 05:25 PM

Thanks noknojon. I found the event log for the Disk Check; its time stamp means that the check took around 8 hours. Here's the log:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Gateway.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  1707264 file records processed.                                          File verification completed.
  4224 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              44 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 5)...
  1840046 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 5)...
  1707264 file SDs/SIDs processed.                                         Cleaning up 24850 unused index entries from index $SII of file 0x9.
Cleaning up 24850 unused index entries from index $SDH of file 0x9.
Cleaning up 24850 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  66392 data files processed.                                            CHKDSK is verifying Usn Journal...
  33604144 USN bytes processed.                                             Usn Journal verification completed.

 

CHKDSK is verifying file data (stage 4 of 5)...
  1707248 files processed.                                                 File data verification completed.

 

CHKDSK is verifying free space (stage 5 of 5)...
  166533050 free clusters processed.                                         Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

1451402647 KB total disk space.
 782428476 KB in 1339548 files.
    989756 KB in 66395 indexes.
         0 KB in bad sectors.
   1852211 KB in use by the system.
     65536 KB occupied by the log file.
 666132204 KB available on disk.

      4096 bytes in each allocation unit.
 362850661 total allocation units on disk.
 166533051 allocation units available on disk.

Internal Info:
00 0d 1a 00 01 74 15 00 0e 1b 27 00 00 00 00 00  .....t....'.....
59 19 01 00 2c 00 00 00 00 00 00 00 00 00 00 00  Y...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.



The only "bad" things that I see are "Correcting errors in the Volume Bitmap" and "Windows has made corrections to the file system." My C: drive is 1.35 TB with 643 GB free; should a Disk Check still take just over 1 hour for a disk that size?

 

A new error message popped up that I haven't seen before after I booted the PC today. It was titled "avgdiagex.exe - Application Error" with this message: "The instruction at 0x722164f6 referenced memory at 0x00000000. The memory could not be read. Click on OK to terminate the program"

 

Chrome and Firefox do run; it's just that they have problems (Chrome can't access https: pages, Firefox can't copy or bookmark sites, and both can't download files). IE doesn't run; it shows its window briefly and then disappears. Windows Media Player, Word Starter, and Excel Starter come with Windows and don't run.

 

I've disabled all extensions in both browsers, but I don't see any change in their behaviors.

 

Since I can't download anything, I'll have to go to a friend's PC to download Screen 317. I can tell you right now, though, that AVG isn't running, there are no other antivirus programs running, and the Windows Firewall is on.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 19 March 2014 - 01:13 AM

Hi -

This was the only "repairs" to altering Free Space =>

CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap.
 

If you can use a USB Flash Drive, please try this program also.

This will give us a good look at many things in one post.

 

Please download MiniToolBox to desktop and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)


Edited by noknojon, 19 March 2014 - 01:18 AM.


#7 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 20 March 2014 - 12:29 AM

I can't run SecurityCheck; it displays the error "Your Internet security settings prevented one or more files from being opened. C:\Users\Klaorman\AppData\Local\T...\SecurityCheck.bat". I researched the error a bit and found that I could edit the registry, adjust security settings in Internet Properties (mine are set to the defaults for all zones), or reset IE settings. I'm tempted to do the latter, but I'm not sure if that would affect Chrome and Firefox too. Should I reset or do something else to let the batch file run?

 

Here's the MiniToolBox output:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Klaorman (administrator) on 19-03-2014 at 22:15:55
Running from "C:\Users\Klaorman\Documents"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (03/19/2014 09:10:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:10:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:09:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (03/19/2014 09:09:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.


System errors:
=============
Error: (03/19/2014 09:51:14 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (03/19/2014 09:13:19 PM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (03/19/2014 09:07:15 PM) (Source: DCOM) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (03/19/2014 09:00:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2901110).

Error: (03/19/2014 09:00:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (03/19/2014 09:00:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121).

Error: (03/19/2014 09:00:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2898855).

Error: (03/19/2014 08:57:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.

Error: (03/19/2014 08:57:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367).

Error: (03/19/2014 08:57:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).


Microsoft Office Sessions:
=========================
Error: (03/19/2014 09:10:12 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:11 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:10 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:10:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:09:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.

Error: (03/19/2014 09:09:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe keyset is not defined.


CodeIntegrity Errors:
===================================
  Date: 2011-11-03 07:14:19.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:14:19.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 07:06:17.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-03 06:25:02.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-11-02 09:25:54.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:47.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-05 10:04:46.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PROCEXP100.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1)
Amazon Kindle
Apple Mobile Device Support (Version: 7.0.0.117)
Application Verifier (x64) (Version: 4.1.1078)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Best Buy pc app (Version: 3.1.1.0)
Blender (Version: 2.65a-release)
Bonjour (Version: 3.0.0.10)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Dropbox (Version: 2.0.22)
Google Chrome (Version: 30.0.1599.101)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Solution Center 13.0 (Version: 13.0)
iTunes (Version: 11.1.2.32)
Lightspeed 8.0.1 x64 (Version: 8.0.1)
LWS VideoEffects (Version: 13.30.1379.0)
MAGIX Independence Libraries Common Files (Version: 3.1.0.0)
MAGIX Independence Pro 3.1 RTAS-Plugins (Version: 3.1.0.0)
MAGIX Independence Pro 3.1 VST-Plugins (Version: 3.1.0.0)
MAGIX Independence Pro Software Suite 3.1 (Version: 3.1.0.69)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514)
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514)
MySQL Connector C 6.0.2 (Version: 6.0.2)
MySQL Connector C++ 1.1.0 (Version: 1.1.0)
MySQL Connector/ODBC 5.1 (Version: 5.1.8)
MySQL Server 5.5 (Version: 5.5.17)
Network64 (Version: 130.0.572.000)
Paint.NET v3.5.10 (Version: 3.60.0)
Photobook Designer (Version: Photobook Designer 2.5.8)
Rdio (Version: 1.12.0.0)
REAPER (x64)
Spotify (Version: 0.9.7.16.g4b197456)
SyncToy 2.1 (x64) (Version: 2.1.0)
TWS Demo
Unity Web Player (Version: )
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Windows Driver Package - Leaf Imaging Ltd. Image  (02/11/2010 ) (Version: 02/11/2010 )
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
WinZip 16.0 (Version: 16.0.9691)

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 6056.03 MB
Available physical RAM: 2501.96 MB
Total Pagefile: 12110.24 MB
Available Pagefile: 8437.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.98 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:1384.17 GB) (Free:645.56 GB) NTFS
3 Drive e: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:788.03 GB) NTFS
9 Drive k: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:274.39 GB) NTFS

========================= Users: ========================================

User accounts for \\KLAORMAN-PC

Administrator            Guest                    Klaorman                 


**** End of log ****
Thanks.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 20 March 2014 - 05:37 AM

"I can't run SecurityCheck:" => You can but you did not follow the given directions.

Note:: If any security program requests permission to access the Internet, allow it to do so.

This is always posted, as some Antivirus programs do not like you looking inside a computer.

 

Most items are in MiniToolBox, but these are more specific.

I will recheck what you left, and get back ....



#9 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 20 March 2014 - 01:50 PM

I'm not sure what you mean. I ran SecurityCheck.exe, the UAC message saying "Do you want to allow the following program from an unknown publisher to make changes to this computer?" popped up, I clicked Yes, and then the error message saying "Your Internet security settings prevented one or more files from being opened. C:\Users\Klaorman\AppData\Local\T...\SecurityCheck.bat" popped up, with a Close button. Since there isn't a command line window because the batch file couldn't run, no security program requested permission to access the internet (and none are running anyway).

 

Thanks.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 21 March 2014 - 06:53 PM

Yes - Often security settings are too high and prevent simple programs from running.

 "Your Internet security settings prevented one or more files from being opened  C:\Users\Klaorman\AppData\Local\T...\SecurityCheck.bat"                             

How To Temporarily Disable Your Anti-virus <= This May help -

 

Next :Reset the Hosts file back to the default automatically, click the Fix it button or link, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.  http://go.microsoft.com/?linkid=9668866

 

 

The situation is very vague from those reports, so I must ask you to post to the Experts area.

 

 

Please Fully read and follow the instructions in the Preparation Guide starting at Step 6.

Note :If you cannot complete a step, then skip it and continue with the next.

NOTE  - In Step 6 there are instructions for downloading and running DDS which will create two logs. (Windows 8.1 Users will not be able run DDS and create a log)

When you have done that, post your logs in the Malware Removal Logs forum,, NOT here, for assistance by the Expert  Response Team.

 

 

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own.

 

If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them.

A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

 

If HELP BOT responds to your topic, please follow its step 1 so the team will be notified.

 

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.



#11 Klaorman

Klaorman
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 21 March 2014 - 08:50 PM

I tried to turn off Windows Firewall, but when I clicked on "Turn Windows Firewall on or off" in Control Panel, nothing happened (the main part of the Control Panel page didn't switch to the section that allows me to turn off the firewall).

 

I was surprisingly able to download the Fix It wizard, but it failed to run properly. I then examined my HOSTS file and found that it was already set to the default. I seem to now be able to download EXEs, COMs, and MSIs, but not anything else (images, PDFs, etc.).

 

Here's my new post:
http://www.bleepingcomputer.com/forums/t/528291/pc-misbehaves-but-it-doesnt-seem-to-be-infected-is-it/

 

Thanks for your help.



#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:08:02 PM

Posted 21 March 2014 - 10:05 PM

Since logs have been posted in Malware Removal Logs, this topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users