Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Visible to the Windows API, but not on disk.


  • Please log in to reply
20 replies to this topic

#1 jferg

jferg

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 23 August 2015 - 01:39 PM

i had firefox, but it started getting getting sluggish and froze often but i could download. I switched to ie7 and soon realized that it wouldn't let me download anything. i suspected a virus so i switched to google chrome and to my surprise it was the same. i couldn't even download the extensions that come with it. i still had the firefox set up file so i installed it again and it lets me down load. but the other two still won't. I ran a bunch of anti-virus programs, spyware and adware, and got 1 or 2 "pup" that was designated as light threats. then i saw on this forum that someone posted close to the same problem and was advised to run root kit scan. so i ran root appeal and got this:

 

Path: C:\System Volume Information\_restore{2A5826B5-11EE-49E5-AAF5-0ADA4E22B5BA}\RP46\A0011023.old
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\AVAST Software\Avast\defs\15082301_stream\pkg1508230100000005.bin
Status: Visible to the Windows API, but not on disk.
 

I don't knowif i should delete them, and if they may be part of the cause of my malfunction.this is my first time on a forum so please help me figure this out.



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 23 August 2015 - 02:09 PM

Hi there,

The first file is part of a restore point, the second file is part of Avast definitions. I do not recommend deleting them as it can mess up your computer.

You mentioned being unable to download anything in IE? Is there an error message when you try to download something?

#3 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 23 August 2015 - 02:14 PM

yes. virus scan failed. it says the same exact thing on chrome also.



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 23 August 2015 - 02:25 PM

Let's see if this will catches anything.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#5 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 23 August 2015 - 02:49 PM

scan complete, heres the log:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 8/23/2015 3:39:59 PM
User account: JAMES\busta-hyman

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/23/2015 3:40:29 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SOLID PROGRAM     detected: Application.Toolbar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE -> DEBUGGER     detected: SecHijack (A)
Value: HKEY_USERS\S-1-5-21-177861450-358680531-307510605-1012\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-177861450-358680531-307510605-1012\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\FILESUBMIT     detected: Application.InstallAd (A)

Scanned    68131
Found    5

Scan end:    8/23/2015 3:46:05 PM
Scan time:    0:05:36
 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 23 August 2015 - 02:55 PM

If you use some other program to replace Task Manager (i.e. Process Explorer) then you can uncheck the SecHijack detection. Otherwise please remove all the other detections.

Kaspersky Virus Removal Tool

4n7CEPj.jpgPlease download Kaspersky Virus Removal Tool from here.
  • Right click on NfpAe5Z.jpg and select Run as Administrator.
  • Read the EULA, then select Accept.
  • Wait for Kaspersky Virus Removal Tool to initialize.
  • In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  • Click Start scan.
  • Wait for Kaspersky Virus Removal Tool to complete scanning.
  • When the scan is finished, select Neutralize all for all detected objects.
  • Close Kaspersky Virus Removal Tool when done.
Let me know if it found anything.

===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Regards,
Alex

#7 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 23 August 2015 - 07:20 PM

i don't know what's going on. my kapersky scan is over 1000500, and still going! i only have 37gb windows xp dell

#8 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 23 August 2015 - 08:02 PM

i stopped the kapersky scan at one million,one hudred and twenty thousand mark.i'm sure the program froze,because the status bar was in the same spot for last 3 hours. i don't know if i should go with the malware bytes scan or start kapersky over ?

#9 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 24 August 2015 - 01:19 AM

 
after i stopped kapersky, i went to read the log and the computer said "out of memory". I used avg tune pro 2014 to quick clean and it prompted to restart, so i did. Upon restart i got the command screen with the message "kurt cleaning sript" followed by "currently cleaning"... I went to firefox to get on line and google it but now the computer won't let me start firefox.so as of now i can go online with ie7 and chrome, but still can't download, and the only program i could download wont even open. it just keeps beeping when i try.i did get online with google and found that "kurt cleaning..." is part of wsus (whatever that is) and it is o.k. that was the first time i ever seen that so apparently the test we ran yesterday did some thing. I did run kaspersky again, but it didn't catch anything,as well as emsisoft, which also found nothing. although not instructed to, i ran rogue killer, which i happened to have on my desktop, and heres the log for it:
 
Mod Edit:  Removed unrequested RogueKiller data from post - Hamluis.
 
 i did run the malwarebytes let you instructed.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/24/2015
Scan Time: 1:10:28 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.23.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: busta-hyman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358014
Time Elapsed: 44 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by hamluis, 24 August 2015 - 03:49 AM.


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 24 August 2015 - 01:44 AM

Hi there,

RogueKiller logs are not allowed in Am I Infected. Please do not run any tools unless instructed to.

MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#11 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 24 August 2015 - 02:16 AM

   i disabled my avast security, but just as i figured, none of my browsers will let me download. i have an android so i'm using that.

here is the mtb.txt you asked for.

 

   MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by busta-hyman (administrator) on 24-08-2015 at 03:08:41
Running from "C:\Documents and Settings\busta-hyman\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: OptiPlex GX270 Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : James
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : Home
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : Home
 
        Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection
 
        Physical Address. . . . . . . . . : 00-0D-56-F9-FD-C2
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.200.127
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        IP Address. . . . . . . . . . . . : fe80::20d:56ff:fef9:fdc2%4
 
        Default Gateway . . . . . . . . . : 192.168.200.1
 
        DHCP Server . . . . . . . . . . . : 192.168.200.1
 
        DNS Servers . . . . . . . . . . . : 192.168.200.1
 
                                            fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
        Lease Obtained. . . . . . . . . . : Sunday, August 23, 2015 9:14:00 PM
 
        Lease Expires . . . . . . . . . . : Monday, August 24, 2015 9:14:00 PM
 
 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
 
        Default Gateway . . . . . . . . . : 
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : Home
 
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : C0-A8-C8-7F
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.200.127%2
 
        Default Gateway . . . . . . . . . : 
 
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
Server:  home.Home
Address:  192.168.200.1
 
Name:    google.com
Addresses:  216.68.10.91, 216.68.10.106, 216.68.10.112, 216.68.10.99
 216.68.10.123, 216.68.10.95, 216.68.10.101, 216.68.10.117, 216.68.10.84
 216.68.10.110, 216.68.10.113, 216.68.10.90, 216.68.10.80, 216.68.10.88
 216.68.10.121, 216.68.10.102
 
 
 
Pinging google.com [216.68.10.91] with 32 bytes of data:
 
 
 
Reply from 216.68.10.91: bytes=32 time=2ms TTL=61
 
Reply from 216.68.10.91: bytes=32 time=2ms TTL=61
 
 
 
Ping statistics for 216.68.10.91:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 2ms, Maximum = 2ms, Average = 2ms
 
Server:  home.Home
Address:  192.168.200.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=26ms TTL=53
 
Reply from 98.138.253.109: bytes=32 time=26ms TTL=53
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0d 56 f9 fd c2 ...... Intel® PRO/1000 MT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.200.1  192.168.200.127  10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
    192.168.200.0    255.255.255.0  192.168.200.127  192.168.200.127  10
  192.168.200.127  255.255.255.255        127.0.0.1       127.0.0.1  10
  192.168.200.255  255.255.255.255  192.168.200.127  192.168.200.127  10
        224.0.0.0        240.0.0.0  192.168.200.127  192.168.200.127  10
  255.255.255.255  255.255.255.255  192.168.200.127  192.168.200.127  1
Default Gateway:     192.168.200.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/23/2015 12:44:46 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.
 
Error: (08/19/2015 03:06:50 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (08/19/2015 12:00:46 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 11:55:40 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 11:55:40 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 11:05:45 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 10:27:24 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 09:40:45 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 09:40:45 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
Error: (08/18/2015 09:29:42 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
 
System errors:
=============
Error: (08/24/2015 02:26:15 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:25:38 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:25:38 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:25:01 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:23:19 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:03:20 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:03:20 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 02:03:20 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 01:53:47 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (08/24/2015 01:52:58 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (05/20/2015 02:20:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1237 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/06/2013 12:49:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12619 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2012 12:53:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13341 seconds with 9060 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2012 06:28:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1703 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2012 05:59:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
7-Zip 15.05 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Catalyst Control Center InstallProxy (HKLM\...\{B010E2F1-1864-C233-A38B-EADA70477F3B}) (Version: 2011.0201.1538.28004 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (HKLM\...\{F1D08986-F5D5-C385-A8BB-151B950418AD}) (Version: 2011.0201.1538.28004 - ATI) Hidden
ccc-core-static (HKLM\...\{90E41CF2-8F54-00CF-781D-EC5433ECC7E7}) (Version: 2011.0201.1538.28004 - ATI) Hidden
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.3.4.21 - Roxio Inc)
File Extension Changer 3.3.1 (HKLM\...\File Extension Changer_is1) (Version:  - Abhishek)
Google Chrome (HKCU\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Heimdal (HKLM\...\Heimdal) (Version: 1.10.5.0 - CSIS Security Group)
InstallVC90Support (HKLM\...\{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}) (Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections 18.3.62.0 (HKLM\...\{FCF3ECF7-7AE0-4E26-B387-09A3A80B79CC}) (Version: 18.3.62.0 - Intel)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MFC RunTime files (HKLM\...\{70C592EC-AE9B-4734-928B-676E824FB41E}) (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}) (Version: 3.0.07.19 - O2Micro International LTD.) Hidden
Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )
Sandboxie 4.20 (32-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
TextPad 7 (HKLM\...\{D5CA0106-90CE-4842-8194-A6D4A46FAA0E}) (Version: 7.5.1 - Helios)
TuneUp Utilities 2014 (en-US) (HKLM\...\{14C8CE46-C68C-461B-BCA9-E276A85851C6}) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Hidden
VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.)
Windows Driver Package - ST Microelectronics stdcfltn DiskDrive  (08/18/2010 1.00.00.07) (HKLM\...\A1E08691DBB6E915EDA89BCAEBC7745F72ACD17F) (Version: 08/18/2010 1.00.00.07 - ST Microelectronics)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.5512 - Microsoft Corporation)
WinISO (HKLM\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 2045.98 MB
Available physical RAM: 807.59 MB
Total Virtual: 3936.36 MB
Available Virtual: 2908.54 MB
 
========================= Partitions: =====================================
 
1 Drive c: (jimmy's hard drive) (Fixed) (Total:37.25 GB) (Free:24.11 GB) NTFS
3 Drive e: (BLEEPING) (Removable) (Total:0.96 GB) (Free:0.92 GB) FAT32
4 Drive f: (ISO) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (MEMORY CARD) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
6 Drive h: () (Removable) (Total:2.1 GB) (Free:1.57 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\JAMES
 
Administrator            ASPNET                   busta-hyman              
Guest                    HelpAssistant            new user                 
SUPPORT_388945a0         yo-yo-yo                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
23-08-2015 11:16:35 Installed Windows XP KB2183461.
23-08-2015 15:43:12 Installed TextPad 7.
23-08-2015 17:14:42 JRT Pre-Junkware Removal
23-08-2015 17:50:16 Installed Google Drive
 
**** End of log ****
 
security exe.
 

   Results of screen317's Security Check version 1.008  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (en-US)  
 TuneUp Utilities 2014   
 Adobe Flash Player 18.0.0.232  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 24 August 2015 - 02:25 AM

Hi there,

Please uninstall TuneUp Utilities - Bleeping Computer DOES NOT support the use of PC optimizers.

Reset your browsers using instructions here and see if the browser allows you to download. From the MiniToolbox log looks like your Internet connection is ok.

#13 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 24 August 2015 - 02:45 AM

ie8 seems to be downloading...

still completely locked out of firefox. every time try to open, it just beeps.

google chrome still states that virus scan failed.

when should i turn avast  back on ?



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:01 PM

Posted 24 August 2015 - 02:56 AM

Please turn Avast back on right away.

Can you do a scan with Malwarebytes?

#15 jferg

jferg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:us
  • Local time:08:01 AM

Posted 24 August 2015 - 02:59 AM

 i can use use malware bytes. i did earlier and it didn't catch anything. should i run it again ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users