Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

programs removed from systray and can't be reinstalled & folders locked too


  • Please log in to reply
18 replies to this topic

#1 TMcL

TMcL

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 15 February 2016 - 10:50 PM

Howdy, Please advise on steps to take.

Malware bytes and MS Sec Essentials blocked malicious website. 

However internet connectivity is hampered. 

 

I can browse internet - chrome and internet explorer;

But no auto downloads - ie cant update microsoft Security Essentials, Carbonite can't start as it can't connect to carbonite web page - http 404;

 

Are there services that are being interfered with?  

 

Have had clean scan with Malware Bytes; Adwcleaner; malware root kit, security checker, 

 

Thanks

TMcL

Windows 7


Edited by TMcL, 16 February 2016 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 08:44 AM

Hi TMcL :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 09:20 AM

Thank you Aura. 

Log below.

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Tevia (administrator) on 16-02-2016 at 08:18:19
Running from "C:\Users\Tevia\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP ProBook 450 G1 Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TMW-HP7
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 1A-E3-47-1D-7B-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 28-E3-47-1D-7B-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-1D-48-AA-FC-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:3788:360::13(Preferred) 
   Lease Obtained. . . . . . . . . . : Tuesday, February 16, 2016 7:09:39 AM
   Lease Expires . . . . . . . . . . : Monday, March 14, 2016 5:07:24 PM
   IPv6 Address. . . . . . . . . . . : 2602:306:3788:360:443d:4a2:5caf:8190(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:3788:360:1499:98f3:c345:e609(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::443d:4a2:5caf:8190%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.141(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 16, 2016 7:09:38 AM
   Lease Expires . . . . . . . . . . : Wednesday, February 17, 2016 7:09:39 AM
   Default Gateway . . . . . . . . . : fe80::8e7f:3bff:fe53:ff20%10
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 396369224
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-1A-17-6D-28-E3-47-1D-7B-15
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4000:808::1005
 216.58.218.174
 
 
Pinging google.com [2607:f8b0:4000:80b::200e] with 32 bytes of data:
Reply from 2607:f8b0:4000:80b::200e: time=28ms 
Reply from 2607:f8b0:4000:80b::200e: time=28ms 
 
Ping statistics for 2607:f8b0:4000:80b::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 28ms, Average = 28ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:c:a06::2:4008: time=118ms 
 
Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 118ms, Maximum = 118ms, Average = 118ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...1a e3 47 1d 7b 15 ......Microsoft Virtual WiFi Miniport Adapter
 11...28 e3 47 1d 7b 15 ......Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter
 10...a0 1d 48 aa fc 85 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.141     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.141    266
    192.168.1.141  255.255.255.255         On-link     192.168.1.141    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.141    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.141    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.141    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    266 ::/0                     fe80::8e7f:3bff:fe53:ff20
  1    306 ::1/128                  On-link
 10     18 2602:306:3788:360::/64   On-link
 10     26 2602:306:3788:360::/64   fe80::8e7f:3bff:fe53:ff20
 10    266 2602:306:3788:360::13/128
                                    On-link
 10    266 2602:306:3788:360:1499:98f3:c345:e609/128
                                    On-link
 10    266 2602:306:3788:360:443d:4a2:5caf:8190/128
                                    On-link
 10    266 fe80::/64                On-link
 10    266 fe80::443d:4a2:5caf:8190/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/16/2016 07:16:13 AM) (Source: MsiInstaller) (User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0}
 
Error: (02/16/2016 07:11:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 07:07:25 AM) (Source: MsiInstaller) (User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0}
 
Error: (02/16/2016 07:05:48 AM) (Source: MsiInstaller) (User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0}
 
Error: (02/16/2016 06:58:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 01:56:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 12:57:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 12:06:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2016 11:53:17 PM) (Source: MsiInstaller) (User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0}
 
Error: (02/15/2016 11:33:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/16/2016 07:09:43 AM) (Source: Service Control Manager) (User: )
Description: The Bomgar Support Customer Client [56C27460] service failed to start due to the following error: 
%%2
 
Error: (02/16/2016 06:57:19 AM) (Source: Service Control Manager) (User: )
Description: The Bomgar Support Customer Client [56C27460] service failed to start due to the following error: 
%%2
 
Error: (02/16/2016 06:43:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %TMW-HP751
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:43:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %TMW-HP715
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:41:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %TMW-HP751
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:41:27 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %TMW-HP715
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:39:57 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %TMW-HP751
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:39:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %TMW-HP715
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:37:45 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 0.0.0.0
 
Update Source: %TMW-HP751
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
Error: (02/16/2016 06:37:40 AM) (Source: Microsoft Antimalware) (User: )
Description: %TMW-HP760 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %TMW-HP715
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %TMW-HP7602
 
Update Type: %TMW-HP7604
 
User: TMW-HP7\Tevia
 
Current Engine Version: %TMW-HP7605
 
Previous Engine Version: %TMW-HP7606
 
Error code: %TMW-HP7607
 
Error description: %TMW-HP7608
 
 
Microsoft Office Sessions:
=========================
Error: (02/16/2016 07:16:13 AM) (Source: MsiInstaller)(User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0} (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/16/2016 07:11:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 07:07:25 AM) (Source: MsiInstaller)(User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0} (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/16/2016 07:05:48 AM) (Source: MsiInstaller)(User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0} (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/16/2016 06:58:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 01:56:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 12:57:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2016 12:06:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2016 11:53:17 PM) (Source: MsiInstaller)(User: TMW-HP7)
Description: Product: Java 8 Update 73 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Program Files (x86)\Java\jre1.8.0_73\installer.exe, command: /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_73\\" REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F83218073F0} (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/15/2016 11:33:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-16 06:52:54.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-16 06:37:45.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-16 06:24:01.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-16 06:12:48.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-16 01:53:10.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Add or Remove Adobe Creative Suite 3 Design Standard (HKLM-x32\...\Adobe_0e772471f6aed60c960ed52600a76bd) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
AMD Catalyst Install Manager (HKLM\...\{818912C6-BD97-B888-53F1-1C64148A754F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009804771.48.56.33819882 - Audible, Inc.)
Beyond Compare 4.1.3 (HKLM\...\BeyondCompare4_is1) (Version: 4.1.3.20814 - Scooter Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{01991D36-E966-4893-85E1-D97D01E5F6AC}) (Version: 5.8.4 build 5625 (Jan-12-2016) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.5 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.35.3 - Dropbox, Inc.) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP HD Webcam (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
iTunes Library Toolkit (HKLM-x32\...\{9BEBE339-F5BC-487C-BECA-E1CA7C463E51}) (Version: 1.1.0300 - klarita.net)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media SOS (HKLM-x32\...\{115C0350-3E75-4131-931B-AEE3424C5A61}) (Version: 1.0.1.18 - Mediafour Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.10.4 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TouchCopy 12 (x64) (HKLM\...\{7FF35D9A-75AB-46A0-9D14-646D6A05A004}) (Version: 12.86 - Wide Angle Software)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
 
========================= Devices: ================================
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_8086&DEV_8C31&SUBSYS_1942103C&REV_04\3&21436425&0&A0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_10EC&DEV_5227&SUBSYS_1942103C&REV_01\00000001004CE00000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: ACPI\HPQ6007\3&21436425&0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 7881.11 MB
Available physical RAM: 5772.71 MB
Total Virtual: 15760.43 MB
Available Virtual: 13345.34 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:683.66 GB) (Free:490.91 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.97 GB) (Free:1.31 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\TMW-HP7
 
Administrator            Chris                    Guest                    
Tevia                    
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 09:27 AM

Please uninstall the following programs.
  • Adobe Flash Player 9 ActiveX - Outdated and vulnerable;
  • Adobe Flash Player 9 Plugin - Outdated and vulnerable;
  • Java 8 Update 71 - Outdated and vulnerable;
Are you using the paid or free version of Emsisoft Anti-Malware?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 09:33 AM

Am using the free - downloaded it yesterday to see if it could catch anything that malware bytes could not. 

Will uninstall other flash/java now. 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 09:35 AM

In that case, I suggest you to either uninstall Microsoft Security Essentials during the free 30 trial of Emsisoft Anti-Malware, or shift it in freeware mode (without the trial). This is because if you are currently running Microsoft Security Essentials and Emsisoft Anti-Malware, you have two Antivirus software running at the time on a system, and this can it to be instable and also crash.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 09:37 AM

I just went into emsisoft and license says Freeware license. 



#8 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 09:39 AM

Programs uninstalled. Do I need to reboot? thanks.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 09:42 AM

So the real-time protection is disabled? Alright, good then.

Also, download and install the following drivers. After each installation, please restart your computer.

Intel Management Engine: http://h20564.www2.hp.com/hpsc/swd/public/detail?sp4ts.oid=5405166&swItemId=ob_146774_1&swEnvOid=4059
Realtek USB and PCIe Media Card Reader: http://h20564.www2.hp.com/hpsc/swd/public/detail?sp4ts.oid=5405166&swItemId=ob_134503_1&swEnvOid=4059
HP 3D DriveGuard 6: http://h20564.www2.hp.com/hpsc/swd/public/detail?sp4ts.oid=5405166&swItemId=ob_127112_1&swEnvOid=4059

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 09:51 AM

Yes realtime protection in emsisoft is disabled. 

I downloaded the three drivers. 

I ran them as admin

Errors on all three. 

first

sp67047.exe has stopped working 

A problem caused the program to stop working correctly. Winodws will close the program and notify you if a soluction is available. 

- when I close it, it offers the option to re-run for my system specs - I try that with same error. 

then 

other two both say Unable to create folder. 

 

As I received errors I did not reboot in between. 



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 09:55 AM

Weird. Follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 10:15 AM

I've never shared via google docs before I think this is the shareable link

https://drive.google.com/file/d/0B2whgftxyQPsMGRPZ2VmRGhiNTQ/view?usp=sharing

 

I couldn't share via dropbox as I can't of course install. 

 

Recall that at same time as this problem started many of my folders started to show a lock on them. However  I can still open them so I am not sure of permissions changes. 



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 10:18 AM

We'll reset them just in case. Follow the instructions below please.

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.
  • Boot in Safe Mode with Networking;
  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset File Permission - Make sure that the C: drive is checked under that option;
    • Remove Temp Files;
    • Repair MSI (Windows Installer);
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 TMcL

TMcL
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 16 February 2016 - 11:31 AM

Hello Aura,

 

Very interesting! 

I ran Repair_Windows.exe as admin

I did not do the power drain and instead clicked through the options until I found the Open Repairs button. 

I think I clicked it too fast as it immediately began to run. 

I did not get to:

"

  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset File Permission - Make sure that the C: drive is checked under that option;
    • Remove Temp Files;
    • Repair MSI (Windows Installer);"

It ran for a good 30 - 45 minutes 

It asked me to reboot 

Upon Rebooting, Carbonite completed its reinstall, dropbox is back and all the "locks" appear to be off of the files. 

 

Do I need to run anything else? is there a log file? or anything?

 

Thank you

TMcL



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 16 February 2016 - 11:33 AM

Can you try to install the 3 drivers in my previous post then to see if it works this time?

http://www.bleepingcomputer.com/forums/t/605570/programs-removed-from-systray-and-cant-be-reinstalled-folders-locked-too/#entry3936270

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users