Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem with Avira and network


  • This topic is locked This topic is locked
12 replies to this topic

#1 Knat

Knat

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 25 October 2017 - 04:01 AM

My FRST logs are showing a lot more recently modified files (some modified earlier, that didn't show on previous logs? I changed to show hidden files when looking for something: don't know if this is the cause or not). One was marked as an error the other day, but not now. Still shown as missing but I think it's the shell of a windows update helper that might be finished with its job.

 

A random poster on MS forums said this is a rootkit. Not sure about the random answer. 

https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/what-is-kanji1uce/4d33f36f-3d05-4cd3-aea3-c804c11c11f7?auth=1 

 

My network is still acting oddly, like it's trying to be (or trying not to be) managed remotely or corporately (it should absolutely not be managed remotely or by any other machine), whether just set wrong for innocent causes or from some active malicious reason I can't tell. 

 

XBOX (I am not using this but a MS network check includes it) says there is something wrong with my Teredo configuration (I thought teredo was for network sharing? sharing I have turned off, but the adaptor has at some point acquired a connection to a device with a blank MAC (nearly all zeros) and an IPv6 address (my network uses IPv4). 

 

Avira's summary page says everything went fine but the report says not able to access the boot sector or some various files. 

 

After reading the 10/21 log, I read the internet, then unticked the box to talk to the desktop on printing service. In the past I have read the internet and turned off DCOM as I don't seem to need it, but I am getting DCOM errors again. 

 

From today's logs (attached), I did not seem to have an unexpected shutdown (OS crash?) on 10/22.

 

 

from 10/21

 

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-07-12 20:55 - 2016-07-12 20:55 - 001299952 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
2017-09-29 06:42 - 2017-09-29 07:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 06:42 - 2017-09-29 07:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-11 20:54 - 2016-12-29 06:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-10-20 04:34 - 2017-10-20 04:34 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-02-11 18:47 - 2016-02-11 18:47 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-02-23 12:09 - 2016-06-14 13:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

 

 

 

==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2017 05:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avguard.exe, version: 15.0.32.11, time stamp: 0x59d645f3
Faulting module name: avlode.dll, version: 15.0.32.11, time stamp: 0x59d642e8
Exception code: 0xc0000005
Fault offset: 0x0006fcc3
Faulting process id: 0x688
Faulting application start time: 0x01d34997a6ffda62
Faulting application path: C:\Program Files (x86)\Avira\Antivirus\avguard.exe
Faulting module path: c:\program files (x86)\avira\antivirus\avlode.dll
Report Id: 00499e06-142b-4416-a301-5c5fd000d36f
Faulting package full name:
Faulting package-relative application ID:
Error: (10/20/2017 04:39:42 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[31e2f110-d923-4e04-bea4-8320cbb07ca9]\Users\">.
Error: (10/20/2017 04:39:42 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[31e2f110-d923-4e04-bea4-8320cbb07ca9]\ProgramData\Microsoft\Windows\Start Menu\">.
Error: (10/20/2017 04:37:59 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider AVWMIEVTProv attempted to register query "select * from Event_Notification" whose target class "Event_Notification" in //./ROOT/CIMV2/Applications/Avira_AntiVir namespace does not exist. The query will be ignored.
Error: (10/20/2017 04:37:59 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from Event_Notification" whose target class "Event_Notification" in //./ROOT/CIMV2/Applications/Avira_AntiVir namespace does not exist. The query will be ignored.
Error: (10/20/2017 04:37:53 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (10/20/2017 04:37:02 AM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4236,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (10/20/2017 04:36:33 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (10/20/2017 04:36:33 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (10/20/2017 04:36:33 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (10/21/2017 05:28:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (10/21/2017 03:11:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/20/2017 05:40:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/20/2017 05:25:12 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-U6LCDHCN)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (10/20/2017 05:25:12 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-U6LCDHCN)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (10/20/2017 05:12:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/20/2017 04:38:55 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (10/20/2017 04:37:56 AM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.
Error: (10/20/2017 04:33:29 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Error: (10/20/2017 04:33:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error:
The device is not ready.

==================== Memory info ===========================
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8060.22 MB
Available physical RAM: 5730.88 MB
Total Virtual: 9980.22 MB
Available Virtual: 7541.11 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:237.17 GB) (Free:155.17 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:854.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

Attached Files


Edited by Knat, 25 October 2017 - 04:05 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 30 October 2017 - 04:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/661039 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 31 October 2017 - 06:57 PM

Hi, yes  please I do still need help. 

 

 

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

     

    My computer/network are acting subtly weird, and I get weird (to me; I'm not a tech, just read about stuff as I can: am bright but at the same time am limited in how much I can learn) error messages that don't seem to match the environment I am operating in, and indicate that various files cannot be found. 

Since last message I unticked the box to show hidden files, hoping this would make the FRST log a more manageable length. It seems to have done so.

 

I uninstalled BitRaider, as FRST didn't seem to like it. There is some internet advice about how to play SWTOR without it, and while I can follow the steps I don't really understand what they do. I like to understand what I am doing (or at least have a vague notion), before I make changes.

 

I configured Steam and not sure if it was that I didn't have my firewall set up properly or something else, but I had to identify my laptop three different times and it never did appear as a named machine in the Steam browser).

 

Avira still can't find stuff. MTB says it cannot reach any address. 

 

Just as a note in case you didn't see my thread where it appeared, I don't know what the Windows 7 or 8 partition is doing, or where it came from. I don't use it. When I bought this device it was already running windows 10. 

 

Also, I installed Chrome but the pre-existing crx extension (apparently Avira password manager) did not appear in it. I am not using Avira password manager.

 

I run AdwCleaner from time to time. 

 

​I found a guide for how to fix my Teredo issue, but other than disabling Teredo I haven't made my way through it. 

 

​I removed an unrepairable Intel program (file could not be found to repair it). I am not sure it was something I need in my environment (home user, no remoting or networking except to router: maybe wifi printing in future, but none at present).

 

Avira is telling me a C+ program is out of date and I haven't been able to fix that yet. 

  •  
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.

     

    ​Attached.
  •  
  • Please tell us if you have your original Windows CD/DVD available.

     

    No, this wasn't provided at purchase. 

Attached Files


Edited by Knat, 31 October 2017 - 07:12 PM.


#4 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 31 October 2017 - 08:08 PM

AdwCleaner finally was able to remove the Pokki bloatware/PUP/malware that Acer bestowed. I still have the Acer folders. I have not noticed settings changing since latest Windows upgrades and installing another controller for firewall. However, a Windows sync program request firewall permissions, and I am not syncing to anything. I double-checked that sync is turned off in Windows settings so I can find no logical reason for this to be running.

https://www.bleepingcomputer.com/forums/t/658594/extra-profiles-and-settings-changing-away-from-default/ 

 

Other error messages:

https://www.bleepingcomputer.com/forums/t/658843/weird-error-messages-one-of-which-goes-with-windows-12-server/ 


Edited by Knat, 31 October 2017 - 08:10 PM.


#5 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 31 October 2017 - 08:50 PM

Oh, I did not actually paste my logs. I used the More Reply Options to attach them. They are .txt files which a tech friend has told me in the past are safe to open, and also I thought I'd read instruction to do that, but when I re-read them, it said to paste. Let me know if it's an issue but I feel more comfortable with attach. 


Edited by Knat, 31 October 2017 - 08:50 PM.


#6 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 02 November 2017 - 05:34 PM

So I was trying to delete a file and I got a permissions error, gave my Admin password, and continued to get an error message. Oddly it said it wanted permission from my standard account, which I was logged in with. (For some reason it didnt occur to me to try that password.)

So I began to try Windows Repair tool that I can get here on this form.

It cannot back up the registry, even after I have depleted the battery (at some pains because it is beyond my expertise to readily remove) and started Windows in Safe Mode (I didnt hit F12 good enough because I did launch a normal start then rebooted into Safe) it says

ntuser.dat
UsrClass.dat

Are in use from my standard profile and cannot be copied.

Please advise. Thanks.

#7 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 02 November 2017 - 06:28 PM

I used that tool to reset file permissions then the backup succeeded. I ran it with all the options. Will post its logs and another FRST log after my meeting.

#8 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 02 November 2017 - 08:22 PM

Ok, new FRST logs. These look more useful, tbh.

One moment and I'll add the windows fix logs.

 

PS, Mozilla says it's blocking insecure content on this site. (At least that's better than the old days when it told me there was insecure content some place or other, but Mozilla wasn't blocking it.)

Attached Files



#9 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 02 November 2017 - 08:28 PM

Windows Repair logs first run with just a few tasks

 

Starting Repairs...
   Started at (11/2/2017 3:54:36 PM)

03 - Reset Service Permissions
   Start (11/2/2017 3:54:37 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/2/2017 3:54:48 PM)

04 - Register System Files
   Start (11/2/2017 3:54:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/2/2017 3:55:17 PM)

09 - Repair Hosts File
   Start (11/2/2017 3:55:17 PM)
   Running Repair Under System Account
   Done (11/2/2017 3:55:19 PM)

25 - Restore Important Windows Services
   Skipping Repair.
   This repair is currently being updated to support the Windows 10 Fall Update

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11/2/2017 3:55:19 PM)
   Total Repair Time: 00:00:44


...YOU MUST RESTART YOUR SYSTEM...

 

Path not found - C:\WINDOWS\System32\drivers\etc

 

 

Attached Files



#10 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 02 November 2017 - 08:46 PM

Running with all options selected:

 

ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid.
ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid.

 

 

Remove temp files:

The process cannot access the file because it is being used by another process.

 

(2x total)

 

 

Add-AppxPackage : Cannot find path 'C:\WINDOWS\WinStore\AppxManifest.XML' because it does not exist.
At line:1 char:1
+ Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\Win ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\WINDOWS\WinStore\AppxManifest.XML:String) [Add-AppxPackage], ItemNot
   FoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand
 
Add-AppxPackage : Cannot find path 'C:\WINDOWS\camera\AppxManifest.xml' because it does not exist.
At line:1 char:1
+ Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\cam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\WINDOWS\camera\AppxManifest.xml:String) [Add-AppxPackage], ItemNotFo
   undException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand
 
Add-AppxPackage : Cannot find path 'C:\WINDOWS\FileManager\AppxManifest.xml' because it does not exist.
At line:1 char:1
+ Add-AppxPackage -DisableDevelopmentMode -Register $Env:SystemRoot\Fil ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\WINDOWS\FileManager\AppxManifest.xml:String) [Add-AppxPackage], Item
   NotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand
 
 

pretty sure the prompt said this was because newer files available

 

 

Deployment Image Servicing and Management tool
Version: 10.0.16299.15

Image Version: 10.0.16299.19

......................

The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.16299.15

Image Version: 10.0.16299.19

.............................................

The restore operation completed successfully.
The operation completed successfully.
 

 

 

Path not found - C:\WINDOWS\System32\drivers\etc

 

 

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


The following command was not found: int isatap reset all.


Reset of all TCP parameters OK!
Ok.

The following command was not found: int teredo reset all.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.

 

 

Error: Unable to rebuild performance counter setting from system backup store, error code is 2

 

 

The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

The Volume Shadow Copy service is stopping.
The Volume Shadow Copy service was stopped successfully.

The Microsoft Software Shadow Copy Provider service is stopping.
The Microsoft Software Shadow Copy Provider service was stopped successfully.

 

 

 

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:

Access is denied.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The Application Identity service is not started.

More help is available by typing NET HELPMSG 3521.

The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Modules Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Deleted file - C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.jfm

.......

Deleted file - C:\WINDOWS\system32\config\txr\{47a6a0d0-a514-11e7-a94e-ec0d9a05c860}.TxR.2.regtrans-ms
Deleted file - C:\WINDOWS\system32\config\txr\{47a6a0d0-a514-11e7-a94e-ec0d9a05c860}.TxR.blf
C:\WINDOWS\system32\config\txr\{47a6a0d1-a514-11e7-a94e-ec0d9a05c860}.TM.blf
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{47a6a0d1-a514-11e7-a94e-ec0d9a05c860}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\config\txr\{47a6a0d1-a514-11e7-a94e-ec0d9a05c860}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{47a6a184-a514-11e7-a94e-ec0d9a05c860}.TM.blf
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{47a6a184-a514-11e7-a94e-ec0d9a05c860}.TMContainer00000000000000000001.regtrans-ms
Deleted file - C:\WINDOWS\system32\SMI\Store\Machine\SCHEMA.DAT{47a6a184-a514-11e7-a94e-ec0d9a05c860}.TMContainer00000000000000000002.regtrans-ms
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.blf
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Path not found - C:\WINDOWS\SysWoW64\catroot2
The system cannot find the file specified.
The system cannot find the file specified.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:

Access is denied.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:

Access is denied.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The Application Identity service is not started.

More help is available by typing NET HELPMSG 3521.

The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Modules Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Could Not Find C:\ProgramData\Microsoft\Network\Downloader\qmgr*.dat
Path not found - C:\WINDOWS\SoftwareDistribution
The system cannot find the file specified.
The system cannot find the file specified.
Path not found - C:\WINDOWS\system32\catroot2
The system cannot find the file specified.
The system cannot find the file specified.
File not found - C:\WINDOWS\system32\config\txr\*.*
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.TM*
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.blf
File not found - C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.TM*
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.blf
Could Not Find C:\WINDOWS\system32\SMI\Store\Machine\*.regtrans-ms
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Path not found - C:\WINDOWS\SysWoW64\catroot2
The system cannot find the file specified.
The system cannot find the file specified.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig FAILED 5:

Access is denied.

 

 

...................

WARNING: File c:\windows\syswow64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\dscresources\msft_windowsoptionalfeature\msft_windowsoptionalfeature.schema.mof does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
Microsoft ® MOF Compiler Version 10.0.16299.15
Copyright © Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: c:\windows\syswow64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\dscresources\msft_windowsoptionalfeature\en-us\msft_windowsoptionalfeature.schema.mfl
MOF file has been successfully parsed
Storing data in the repository...
WARNING: File c:\windows\syswow64\windowspowershell\v1.0\modules\psdesiredstateconfiguration\dscresources\msft_windowsoptionalfeature\en-us\msft_windowsoptionalfeature.schema.mfl does not contain #PRAGMA AUTORECOVER.
If the WMI repository is rebuilt in the future, the contents of this MOF file will not be included in the new WMI repository.
To include this MOF file when the WMI Repository is automatically reconstructed, place the #PRAGMA AUTORECOVER statement on the first line of the MOF file.
Done!
 

 

Attached Files



#11 Knat

Knat
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 03 November 2017 - 05:45 AM

So I was trying to delete a file and I got a permissions error, gave my Admin password, and continued to get an error message. Oddly it said it wanted permission from my standard account, which I was logged in with. (For some reason it didnt occur to me to try that password.)

 

Have since realized that this is not my standard account on my C: drive (which My Computer has named Acer).

It is an account named the same from the D: (new) drive (the account asking for password appeared to be in a folder/drive with a long name with a lot of letters which is the same as my device name in Settings:  the D: drive appears named in My Computer as New Volume but has a folder with an idk what kind of icon, backup drive maybe, named the same as my device name in Settings).

 

It's possible I reused an account name at some point from before I reset this device to factory settings.



#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 27 November 2017 - 01:54 PM

Greetings knat,

 

 

This is Pranav over here. It has been an extremely long time since anyone has responded to this thread. Do you still require help? If yes, please do respond to this thread and we can work out from there.


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 AM

Posted 30 November 2017 - 07:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users