Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Disabled Among Other Things


  • Please log in to reply
11 replies to this topic

#1 msrobinson037

msrobinson037

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 01 May 2016 - 09:13 PM

First, I want to let you know that this laptop is fairly old. I received it quite a while ago from a family friend. They had already used it themselves, but worked at a well-known IT company. So, when the PC was given to me, they made sure everything was actually cleaned out and as updated as possible - which included upgrading the OS to Windows 7 Professional. However, the one thing they forgot to do is give me a Recovery Disc - and I'm fairly certain the PC may need it at this point.

 

I've tried my best to keep the laptop running well and in good shape. However, I'm at a dead end with the issues I'm currently having. I may be somewhat knowledgeable with PC's and able to fix certain problems - depending on the specifics involved - but I'm definitely not a computer tech!

 

Below is a detailed explanation of my current issues, please bare with me as I've never written a post and submitted it to a PC forum before:

 

 

I started having issues with the PC less than 6 months ago. As I mentioned before, I was able to resolve some issues, but my many many many attempts to fix the major issues, which seem to have affected overall PC functionality, have been unsuccessful.

 

The first thing that notified me that there was an issue is when I saw that the Windows Firewall had been disabled - and it still is as we speak. I remember glancing briefly at the event viewer when this all started, and seeing several questionable/suspicious registry changes, but the registry is an aspect of the PC that I refuse to mess with at all. From that point on, any attempt I've made to turn the Windows Firewall back on, either through the Action Center icon in the bottom right or through the Control Panel, causes Windows Explorer to freeze and stop responding all together.

 

You should know that I have put quite a few virus programs on this PC over time, most of which were uninstalled at one point or another. I do my best to make sure that the ones I kept don't interfere with the Windows Firewall itself - as much as that's possible at least.

 

On top of that, Windows Explorer will stop responding when I'm trying to complete other tasks as well. It occurs all the time at random, but there are specific actions that I know for a fact will cause it to stop responding, while others are a hit or miss. Aside from when I try to access the Windows Firewall settings, it happens every time I try to access the Windows Update options through the Control Panel and every time I open the main Windows Explorer window. When I open the main WE, it will stop responding or act as if it's trying to locate/load the folders within it - this will either go on forever if I let it, or eventually stop responding completely at some point.

 

I have also noticed some issues with internet connectivity and web browsing - I have both Internet Explorer and Mozilla Firefox on this PC, but I use Firefox as my default. As far as internet connectivity, the issues are there some of the time and other times it seems like there aren't any. Also, with the web browsing, it closely mimics the issues I experience with Windows Explorer and it doesn't matter which browser I use. At first, it can appear as if everything is going smoothly and then the browser will stop responding out of nowhere. At that point, I have to constantly close and restart the browser, so I've basically stopped using the internet on this PC altogether.

 

It has caused some of the programs to stop responding as well - almost immediately after I open them. However, most importantly, I've noticed some differences with the security programs that I have on this PC. At times, any given virus/malware/spyware scanner will stop responding during a system scan, as well as some other changes. I don't know if this is normal, and it could be, but there have been some fairly noticeable differences in the results if I run a scanner while the PC is is "normal mode" versus running it in Safe Mode - while this doesn't happen every time, it has been often enough to cause some concern.

 

I think that's all of the main issues - that I'm aware of at least. I have tried all of the scans/repairs that I'm capable of at this point. Needless to say, this has been going on long enough and I'm about ready to throw this PC out - which you very well may end up telling me that's exactly where it belongs! Let's hope not.

 

FRST Scan Results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2016
Ran by Administrator (administrator) on HAILEY-PC (01-05-2016 21:24:38)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Hailey & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1545070334-4154318288-1073636810-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-04-20] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A92E048F-0EB9-4997-8302-303A9304CBEE}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\idyxfww2.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 lxce_device; C:\Windows\system32\lxcecoms.exe [537520 2007-03-08] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S1 epp; C:\EEK\bin32\epp.sys [102128 2015-10-23] (Emsisoft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-03] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 21:24 - 2016-05-01 21:25 - 00007070 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-05-01 21:21 - 2016-05-01 21:22 - 00027796 _____ C:\Users\Administrator\Desktop\MTB.txt
2016-05-01 21:20 - 2016-05-01 21:20 - 01728000 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2016-05-01 21:20 - 2016-05-01 21:20 - 00891392 _____ (Farbar) C:\Users\Administrator\Desktop\MiniToolBox.exe
2016-05-01 18:34 - 2016-05-01 18:34 - 00000000 ____D C:\Program Files\iPod
2016-05-01 02:29 - 2016-05-01 02:29 - 00109280 _____ C:\Users\Hailey\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-01 02:23 - 2016-05-01 02:24 - 118414152 _____ (Apple Inc.) C:\Users\Hailey\Downloads\iTunesSetup.exe
2016-05-01 02:10 - 2016-05-01 02:30 - 00000000 ____D C:\Users\Hailey\AppData\Roaming\Apple Computer
2016-05-01 02:10 - 2016-05-01 02:10 - 00000000 ____D C:\Users\Hailey\AppData\Local\Apple Computer
2016-04-27 04:48 - 2016-04-27 04:48 - 00000000 ____D C:\SUPERDelete
2016-04-27 04:43 - 2016-04-27 04:48 - 00002464 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-04-27 04:05 - 2016-04-27 04:05 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d8cd9932-263d-4182-8d6e-88c50310168f.job
2016-04-27 04:05 - 2016-04-27 04:05 - 00000526 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6f2099fa-5166-440b-a2b3-337879cb0568.job
2016-04-27 04:05 - 2016-04-27 04:05 - 00000000 ___SD C:\ComboFix
2016-04-27 04:05 - 2016-04-27 04:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2016-04-27 04:04 - 2016-04-27 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-27 04:03 - 2016-04-27 04:05 - 00000000 ____D C:\Qoobox
2016-04-27 04:03 - 2016-04-27 04:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-27 04:03 - 2016-04-27 04:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-27 04:02 - 2016-04-27 04:05 - 00000000 ___SD C:\32788R22FWJFW
2016-04-27 04:02 - 2016-04-27 04:02 - 00000000 ____D C:\Windows\erdnt
2016-04-27 03:46 - 2016-04-27 03:46 - 05660058 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2016-04-27 03:37 - 2016-04-27 03:37 - 00001349 _____ C:\Users\Administrator\Desktop\Internet Explorer.lnk
2016-04-27 03:34 - 2016-04-27 09:08 - 00000000 ____D C:\Users\Administrator\Desktop\Viruses Galore
2016-04-27 03:20 - 2016-04-27 03:20 - 19924672 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-04-27 03:11 - 2016-04-27 05:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-27 02:50 - 2016-04-27 02:50 - 00004320 _____ C:\TDSSKiller.3.1.0.9_27.04.2016_02.50.13_log.txt
2016-04-27 00:50 - 2016-04-27 00:52 - 25634584 _____ (SUPERAntiSpyware) C:\Users\Hailey\Downloads\SUPERAntiSpywarePro.exe
2016-04-27 00:40 - 2016-04-27 00:40 - 00000000 ____D C:\Users\Hailey\AppData\Roaming\SUPERAntiSpyware.com
2016-04-27 00:36 - 2016-04-27 00:37 - 00004342 _____ C:\TDSSKiller.3.1.0.9_27.04.2016_00.36.47_log.txt
2016-04-27 00:18 - 2016-05-01 21:22 - 00000000 ____D C:\FRST
2016-04-26 23:42 - 2016-04-26 23:44 - 46346456 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-V5.35.exe
2016-04-26 23:32 - 2016-04-26 23:33 - 00000000 ____D C:\Users\Hailey\AppData\Local\Mozilla
2016-04-26 23:32 - 2016-04-26 23:32 - 00000000 ____D C:\Users\Hailey\AppData\Roaming\Mozilla
2016-04-26 23:29 - 2016-04-26 23:29 - 00000000 ____D C:\Users\Hailey\AppData\Local\Apple
2016-04-26 23:24 - 2016-04-26 23:24 - 00000000 ____D C:\Users\Hailey\AppData\Local\{6CEBEBAC-09E3-484B-9EDE-5B5A06FD0F11}
2016-04-26 23:21 - 2016-04-26 23:22 - 00000000 ____D C:\Users\Hailey
2016-04-26 23:21 - 2016-04-26 23:21 - 00001377 _____ C:\Users\Hailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-26 23:21 - 2016-04-26 23:21 - 00000020 ___SH C:\Users\Hailey\ntuser.ini
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 _SHDL C:\Users\Hailey\My Documents
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 _SHDL C:\Users\Hailey\Documents\My Videos
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 _SHDL C:\Users\Hailey\Documents\My Pictures
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 _SHDL C:\Users\Hailey\Documents\My Music
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 ____D C:\Users\Hailey\AppData\Roaming\Adobe
2016-04-26 23:21 - 2016-04-26 23:21 - 00000000 ____D C:\Users\Hailey\AppData\Local\VirtualStore
2016-04-26 23:21 - 2011-10-18 04:37 - 00000000 ____D C:\Users\Hailey\AppData\Local\Microsoft Help
2016-04-26 23:21 - 2009-07-14 03:26 - 00000000 ____D C:\Users\Hailey\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 21:07 - 2011-07-29 10:48 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 21:07 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-05-01 21:06 - 2016-01-02 22:50 - 03381300 _____ C:\Windows\ntbtlog.txt
2016-05-01 21:06 - 2015-10-10 02:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 20:56 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-01 20:53 - 2011-08-17 04:56 - 00000000 ____D C:\Windows\system32\appmgmt
2016-05-01 20:30 - 2009-07-14 00:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-01 20:30 - 2009-07-14 00:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-01 20:19 - 2015-12-14 16:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-01 01:58 - 2016-02-28 08:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-27 09:32 - 2016-03-02 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-04-27 09:22 - 2015-03-10 17:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-27 04:46 - 2015-10-10 02:32 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-27 03:34 - 2016-02-01 05:03 - 00000000 ____D C:\EEK
2016-04-27 03:20 - 2015-12-14 16:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-27 03:20 - 2015-12-14 16:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-27 01:19 - 2016-01-29 21:51 - 00000000 ____D C:\AdwCleaner
2016-04-26 23:45 - 2011-07-29 11:41 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-26 23:23 - 2016-01-30 00:23 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-26 23:06 - 2016-01-05 23:02 - 00109280 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-26 23:04 - 2016-01-05 23:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Attached File  Addition.txt   21.84KB   7 downloads

 

 

THE RESULTS INCLUDED FROM FRST WERE RAN IN SAFE MODE.


Edited by msrobinson037, 01 May 2016 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 02 May 2016 - 07:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
Task: {0A6A5EE7-BDC7-4966-9802-6DD704E3CBD7} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {131E3CBC-2932-47E4-B55C-91C696498A61} - \Searchya -> No File <==== ATTENTION
Task: {2471305C-6671-40F7-AE2C-B550B5666148} - \PC-Mechanic Startup -> No File <==== ATTENTION
Task: {24DEDB44-E893-4455-B83E-D9969BE41D72} - \ShopperPro -> No File <==== ATTENTION
Task: {33297783-1ECB-45DB-9ED6-CB308B627DDE} - System32\Tasks\4785 => Wscript.exe C:\Users\Hailey\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {3A620DB2-51B9-4D3C-82D9-A4341A5A2AE9} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {4E126409-CC93-4F66-B48D-36BA8538B880} - \DNSCHILDERSBURG -> No File <==== ATTENTION
Task: {54AD199D-540D-4B4C-8ECB-AE46A7DFF445} - \SPDriver -> No File <==== ATTENTION
Task: {60706AE3-321D-4EBD-8E86-FE54AA325AD5} - \Smp -> No File <==== ATTENTION
Task: {8CF4F530-B94E-4DCA-8B74-15989F99A79B} - \DnsIo2 -> No File <==== ATTENTION
Task: {AD1C1BA7-3AED-4A9F-8098-3A0F1E5E94CD} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {AE4E0661-92DC-41FD-AB7F-761252229244} - \SMW_UpdateTask_Time_333536313133393431382d3437415a556c2a3223346c41 -> No File <==== ATTENTION
Task: {CDAD0D8A-4DCF-442D-9DAD-D59340B56CD0} - System32\Tasks\{18553900-408B-45DC-9482-034C8428C989} => pcalua.exe -a C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Task: {CFE68941-ACED-412F-9CC2-3183B6AD5569} - \Microsoft\Windows Defender\MpIdleTask -> No File <==== ATTENTION
Task: {D9819D34-3734-4D21-A389-3588CFDF4DC5} - \IBUpd -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C [182]
AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6 [112]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [115]
AlternateDataStreams: C:\ProgramData\TEMP:0915A718 [134]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0DE96CF5 [140]
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3 [123]
AlternateDataStreams: C:\ProgramData\TEMP:12BCD9DC [138]
AlternateDataStreams: C:\ProgramData\TEMP:1BD320E3 [130]
AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [151]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:3790BACD [128]
AlternateDataStreams: C:\ProgramData\TEMP:39CB2031 [183]
AlternateDataStreams: C:\ProgramData\TEMP:4112A0B6 [129]
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [121]
AlternateDataStreams: C:\ProgramData\TEMP:437B1C75 [181]
AlternateDataStreams: C:\ProgramData\TEMP:439E3411 [123]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4B7A6240 [150]
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7 [145]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [364]
AlternateDataStreams: C:\ProgramData\TEMP:554C6431 [116]
AlternateDataStreams: C:\ProgramData\TEMP:5E7551D4 [138]
AlternateDataStreams: C:\ProgramData\TEMP:5F85EE30 [128]
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58 [129]
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F [153]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:8B79B813 [306]
AlternateDataStreams: C:\ProgramData\TEMP:9758CFB3 [258]
AlternateDataStreams: C:\ProgramData\TEMP:9857FAE3 [125]
AlternateDataStreams: C:\ProgramData\TEMP:993185CB [516]
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4 [184]
AlternateDataStreams: C:\ProgramData\TEMP:A1BCD70C [152]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [120]
AlternateDataStreams: C:\ProgramData\TEMP:B722BCE5 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\TEMP:CFF6B3FF [119]
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB [430]
AlternateDataStreams: C:\ProgramData\TEMP:D2B953F4 [150]
AlternateDataStreams: C:\ProgramData\TEMP:D5D75FF0 [144]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [470]
AlternateDataStreams: C:\ProgramData\TEMP:E5DE9C8F [121]
AlternateDataStreams: C:\ProgramData\TEMP:E8F960C4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:EA701346 [238]
AlternateDataStreams: C:\ProgramData\TEMP:ECDCF846 [252]
AlternateDataStreams: C:\ProgramData\TEMP:F1F10B64 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8 [260]
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF [140]
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 [137]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)


Are you able to use the computer in normal mode?
Any remaining issues?

#3 msrobinson037

msrobinson037
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 02 May 2016 - 10:05 PM

Thank you for your reply, I really appreciate it.

 

First, I will address the easy part. I did update Java as well as removing any older versions that were on the PC.

 

I am able to run the PC in normal mode. However, I chose to run it in safe mode while writing/posting my issues because when I run it in normal mode, the browser freezes so much that I have to close it and then reopen the browser a lot. I didn't want that to happen while I was trying to write and submit my post. Also, when I run it normally I often run into issues with running programs, usually with the security software. What happened when I tried to run the FRST scan is actually a good example.

 

I tried to run it in normal mode first and it seemed like everything was running smoothly. Then, the program got stuck during the IPCONFIG/Release portion of the scan - I checked the log file and it would stop working at this point every time. I have experienced something similar with other security software on my PC where it would stop responding at one point or another. There are times when I have it in normal mode and I run a scan and everything is fine and the scan completes, other times it stops responding. However, in this case, when I tried to run the FRST scan in safe mode it got stuck at the same part.

 

I'm not sure what caused this to happen at all. I have been letting the FRST scan run all day basically, the first part of the day I tried to run it in normal mode and it was unsuccessful (I tried twice). Then, I tried it in safe mode and it also got stuck at IPCONFIG/Release.

 

Also, I forgot to mention the other major problem that I have with this PC. I have no idea why I forgot to include it in my post but this PC will not shut down at all. It logs off and then goes to the screen showing "Shutting Down" but it never actually shuts down. It will stay on that screen forever. I'd imagine that alone is causing a lot of issues since many or all of the changes I make can't really take effect. Again, I apologize that I did not include that in my first post.

 

I'm not sure if it will be of any assistance, but I have still included the logs from the FRST fix scan - from both normal mode and safe mode. Please let me know how you would like me to proceed from here.

 

Thank you!

 

FRST SCAN in Normal Mode:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:01-05-2016
Ran by Administrator (2016-05-02 18:12:50) Run:6
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Hailey & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
Task: {0A6A5EE7-BDC7-4966-9802-6DD704E3CBD7} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {131E3CBC-2932-47E4-B55C-91C696498A61} - \Searchya -> No File <==== ATTENTION
Task: {2471305C-6671-40F7-AE2C-B550B5666148} - \PC-Mechanic Startup -> No File <==== ATTENTION
Task: {24DEDB44-E893-4455-B83E-D9969BE41D72} - \ShopperPro -> No File <==== ATTENTION
Task: {33297783-1ECB-45DB-9ED6-CB308B627DDE} - System32\Tasks\4785 => Wscript.exe C:\Users\Hailey\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {3A620DB2-51B9-4D3C-82D9-A4341A5A2AE9} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {4E126409-CC93-4F66-B48D-36BA8538B880} - \DNSCHILDERSBURG -> No File <==== ATTENTION
Task: {54AD199D-540D-4B4C-8ECB-AE46A7DFF445} - \SPDriver -> No File <==== ATTENTION
Task: {60706AE3-321D-4EBD-8E86-FE54AA325AD5} - \Smp -> No File <==== ATTENTION
Task: {8CF4F530-B94E-4DCA-8B74-15989F99A79B} - \DnsIo2 -> No File <==== ATTENTION
Task: {AD1C1BA7-3AED-4A9F-8098-3A0F1E5E94CD} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {AE4E0661-92DC-41FD-AB7F-761252229244} - \SMW_UpdateTask_Time_333536313133393431382d3437415a556c2a3223346c41 -> No File <==== ATTENTION
Task: {CDAD0D8A-4DCF-442D-9DAD-D59340B56CD0} - System32\Tasks\{18553900-408B-45DC-9482-034C8428C989} => pcalua.exe -a C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Task: {CFE68941-ACED-412F-9CC2-3183B6AD5569} - \Microsoft\Windows Defender\MpIdleTask -> No File <==== ATTENTION
Task: {D9819D34-3734-4D21-A389-3588CFDF4DC5} - \IBUpd -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C [182]
AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6 [112]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [115]
AlternateDataStreams: C:\ProgramData\TEMP:0915A718 [134]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0DE96CF5 [140]
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3 [123]
AlternateDataStreams: C:\ProgramData\TEMP:12BCD9DC [138]
AlternateDataStreams: C:\ProgramData\TEMP:1BD320E3 [130]
AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [151]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:3790BACD [128]
AlternateDataStreams: C:\ProgramData\TEMP:39CB2031 [183]
AlternateDataStreams: C:\ProgramData\TEMP:4112A0B6 [129]
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [121]
AlternateDataStreams: C:\ProgramData\TEMP:437B1C75 [181]
AlternateDataStreams: C:\ProgramData\TEMP:439E3411 [123]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4B7A6240 [150]
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7 [145]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [364]
AlternateDataStreams: C:\ProgramData\TEMP:554C6431 [116]
AlternateDataStreams: C:\ProgramData\TEMP:5E7551D4 [138]
AlternateDataStreams: C:\ProgramData\TEMP:5F85EE30 [128]
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58 [129]
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F [153]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:8B79B813 [306]
AlternateDataStreams: C:\ProgramData\TEMP:9758CFB3 [258]
AlternateDataStreams: C:\ProgramData\TEMP:9857FAE3 [125]
AlternateDataStreams: C:\ProgramData\TEMP:993185CB [516]
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4 [184]
AlternateDataStreams: C:\ProgramData\TEMP:A1BCD70C [152]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [120]
AlternateDataStreams: C:\ProgramData\TEMP:B722BCE5 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\TEMP:CFF6B3FF [119]
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB [430]
AlternateDataStreams: C:\ProgramData\TEMP:D2B953F4 [150]
AlternateDataStreams: C:\ProgramData\TEMP:D5D75FF0 [144]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [470]
AlternateDataStreams: C:\ProgramData\TEMP:E5DE9C8F [121]
AlternateDataStreams: C:\ProgramData\TEMP:E8F960C4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:EA701346 [238]
AlternateDataStreams: C:\ProgramData\TEMP:ECDCF846 [252]
AlternateDataStreams: C:\ProgramData\TEMP:F1F10B64 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8 [260]
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF [140]
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 [137]

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  IPCONFIG /release =========


Windows IP Configuration

 

 

FRST Scan in Safe Mode:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:01-05-2016
Ran by Administrator (2016-05-02 22:23:43) Run:8
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Hailey & Administrator)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
Task: {0A6A5EE7-BDC7-4966-9802-6DD704E3CBD7} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {131E3CBC-2932-47E4-B55C-91C696498A61} - \Searchya -> No File <==== ATTENTION
Task: {2471305C-6671-40F7-AE2C-B550B5666148} - \PC-Mechanic Startup -> No File <==== ATTENTION
Task: {24DEDB44-E893-4455-B83E-D9969BE41D72} - \ShopperPro -> No File <==== ATTENTION
Task: {33297783-1ECB-45DB-9ED6-CB308B627DDE} - System32\Tasks\4785 => Wscript.exe C:\Users\Hailey\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {3A620DB2-51B9-4D3C-82D9-A4341A5A2AE9} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {4E126409-CC93-4F66-B48D-36BA8538B880} - \DNSCHILDERSBURG -> No File <==== ATTENTION
Task: {54AD199D-540D-4B4C-8ECB-AE46A7DFF445} - \SPDriver -> No File <==== ATTENTION
Task: {60706AE3-321D-4EBD-8E86-FE54AA325AD5} - \Smp -> No File <==== ATTENTION
Task: {8CF4F530-B94E-4DCA-8B74-15989F99A79B} - \DnsIo2 -> No File <==== ATTENTION
Task: {AD1C1BA7-3AED-4A9F-8098-3A0F1E5E94CD} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {AE4E0661-92DC-41FD-AB7F-761252229244} - \SMW_UpdateTask_Time_333536313133393431382d3437415a556c2a3223346c41 -> No File <==== ATTENTION
Task: {CDAD0D8A-4DCF-442D-9DAD-D59340B56CD0} - System32\Tasks\{18553900-408B-45DC-9482-034C8428C989} => pcalua.exe -a C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Task: {CFE68941-ACED-412F-9CC2-3183B6AD5569} - \Microsoft\Windows Defender\MpIdleTask -> No File <==== ATTENTION
Task: {D9819D34-3734-4D21-A389-3588CFDF4DC5} - \IBUpd -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C [182]
AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6 [112]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [115]
AlternateDataStreams: C:\ProgramData\TEMP:0915A718 [134]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0DE96CF5 [140]
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3 [123]
AlternateDataStreams: C:\ProgramData\TEMP:12BCD9DC [138]
AlternateDataStreams: C:\ProgramData\TEMP:1BD320E3 [130]
AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [151]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:3790BACD [128]
AlternateDataStreams: C:\ProgramData\TEMP:39CB2031 [183]
AlternateDataStreams: C:\ProgramData\TEMP:4112A0B6 [129]
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [121]
AlternateDataStreams: C:\ProgramData\TEMP:437B1C75 [181]
AlternateDataStreams: C:\ProgramData\TEMP:439E3411 [123]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4B7A6240 [150]
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7 [145]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [364]
AlternateDataStreams: C:\ProgramData\TEMP:554C6431 [116]
AlternateDataStreams: C:\ProgramData\TEMP:5E7551D4 [138]
AlternateDataStreams: C:\ProgramData\TEMP:5F85EE30 [128]
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58 [129]
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F [153]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:8B79B813 [306]
AlternateDataStreams: C:\ProgramData\TEMP:9758CFB3 [258]
AlternateDataStreams: C:\ProgramData\TEMP:9857FAE3 [125]
AlternateDataStreams: C:\ProgramData\TEMP:993185CB [516]
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4 [184]
AlternateDataStreams: C:\ProgramData\TEMP:A1BCD70C [152]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [120]
AlternateDataStreams: C:\ProgramData\TEMP:B722BCE5 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\TEMP:CFF6B3FF [119]
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB [430]
AlternateDataStreams: C:\ProgramData\TEMP:D2B953F4 [150]
AlternateDataStreams: C:\ProgramData\TEMP:D5D75FF0 [144]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [470]
AlternateDataStreams: C:\ProgramData\TEMP:E5DE9C8F [121]
AlternateDataStreams: C:\ProgramData\TEMP:E8F960C4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:EA701346 [238]
AlternateDataStreams: C:\ProgramData\TEMP:ECDCF846 [252]
AlternateDataStreams: C:\ProgramData\TEMP:F1F10B64 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8 [260]
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF [140]
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 [137]

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  IPCONFIG /release =========


Windows IP Configuration



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 03 May 2016 - 07:16 AM

Please run the CMD command with Administraror rights

https://technet.microsoft.com/en-us/library/cc947813(v=ws.10).aspx

At the prompt type the following one line at a time and press the Enter key.

IPCONFIG /flushdns
IPCONFIG /release
IPCONFIG /renew


Make sure you have a space BETWEEN IPCONFIG AND THE BACKSLASH.

If you get an error after each command please post it in your next reply.

====

If you get an error on any of the commands run this at the command prompt.

sfc /Scannow

Additional information here.

How to run sfc /Scannow
http://support.microsoft.com/kb/929833

#5 msrobinson037

msrobinson037
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 May 2016 - 06:04 AM

First, I should mention that today when turning on the PC, in normal mode, it is now asking me for the product key to the OS. Also, in the bottom right corner it says, "Windows 7 Build 7601 This copy of Windows is not genuine." I've never seen it do this before. As you know, I have no idea what the product key is since this PC was given to me after being upgraded to Windows 7 Professional.

 

I ran cmd with administrator rights. First, IPCONFIG /flushdns which ran successfully. Then IPCONFIG /release. It sat there for over 4 hours without giving me any indication of whether it ran successfully or if there was an error - all it said was Windows IP Configuration just like flushdns, but I never got any results.

 

Since the first command, IPCONFIG /flushdns gave a successful response fairly quickly, I'm assuming that there should have been some sort of indication, long before the 4 hour mark, about whether or not the IPCONFIG /release command was successful - Due to that, I decided to try these commands in safe mode.

 

Unfortunately, when I ran the commands in safe mode, I still got the same outcome. IPCONFIG /flush dns was successful and IPCONFIG /release didn't report anything - after letting it sit there for quite a while - other than listing Windows IP configuration directly underneath like normal.

 

I'm not sure if this was necessary, but since running the IPCONFIG /release command was unsuccessful in giving any type of response, I did try the sfc /Scannow command with administrator rights. It came back with, "Windows Resource Protection could not start the repair service" in both normal and safe mode.

 

Lastly, I am still experiencing all of the issues that I addressed in my first post, as well as the PC not shutting down and now the request to enter my product key due to my Windows 7 Professional "no longer being genuine."

 

Please let me know how to proceed, thank you



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 04 May 2016 - 06:57 AM

Let do some repairs of important services.

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    14 - Removed Temp Files
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?


#7 msrobinson037

msrobinson037
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 06 May 2016 - 05:15 AM

I just wanted to let you know I'm still running the Windows Repair All-in One program. It's been running for over 8 hours and is on repair number 6. I will post the results as soon as I have them.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 06 May 2016 - 06:42 AM

No harm in stopping the process.

Then restart the computer and run the fix from No. 6.

#9 msrobinson037

msrobinson037
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 08 May 2016 - 09:36 PM

As we discussed last, there were some issues with running the program all the way through. I stopped it - as you suggested - and I didn't run it again until today. The program doesn't create one error log when everything is complete, you have to locate the program logs and then there is a seperate error log per step. With that being said, the logs from my initial run were unclear, more than likely because I stopped it.
 
So I decided to run the program from the beginning again, rarther than run it from step 6. This time around the program ran all the way through, I tried to copy and paste the logs but it came back with an error about my post being too long. Due to that, I've attached the txt files for each error log.

 

Attached File  Drive_C_Set_Owner_Error_Log.txt   1.27MB   1 downloads

Attached File  Drive_C_Set_Permissions_Error_Log.txt   962bytes   1 downloads

Attached File  HKLM_Set_Owner_Error_Log.txt   694bytes   0 downloads

Attached File  HKLM_Set_Permissions_Error_Log.txt   694bytes   0 downloads

Attached File  HKU_Set_Owner_Error_Log.txt   922bytes   0 downloads

Attached File  HKU_Set_Permissions_Error_Log.txt   922bytes   0 downloads

Attached File  Services_Set_Permissions_Error_Log.txt   142bytes   1 downloads


Edited by msrobinson037, 08 May 2016 - 09:40 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 09 May 2016 - 07:35 AM

Something is protecting the registry keys.

I suggest your remove Spybot and Destroy via the Control Panel > Programs > Programs and Features applet.

Restart the computer normally.

Refer to post No. 2 and execute the fix I suggested.

Make sure that the Fixlist.txt file you have created in located on the Desktop were the Farbar tool is parked.

Post the fixlog.txt contents for my review.

Let me know what problem persists.

#11 msrobinson037

msrobinson037
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 10 May 2016 - 05:48 PM

The computer seems to be working fairly well at this point, I'm no longer getting notifications that the firewall is disabled. The internet seems to be connecting fine so far and the issues with the internet browsers are okay so far. Also, the PC is finally shutting down properly AT LAST!

 

However, somewhere along the way with this process the Windows Product Key vanished and it's still asking me to enter it and saying my copy of Windows is not genuine. The issue here is that I don't have the product key since the PC was given to me after being upgraded to Windows 7 Professional. Due to that, I doubt the product key printed on the sticker on the bottom of the PC will work since it's for the Windows Vista that was originally on the PC. I'm assuming that since I don't have it, that's not something we can fix.

 

Below is the latest result scan from the Farbar fix, please let me know how to proceed, especially in regards to the registry, if there are further steps that need to be taken:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Administrator (2016-05-10 18:22:49) Run:12
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Hailey & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [No File]
Task: {0A6A5EE7-BDC7-4966-9802-6DD704E3CBD7} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {131E3CBC-2932-47E4-B55C-91C696498A61} - \Searchya -> No File <==== ATTENTION
Task: {2471305C-6671-40F7-AE2C-B550B5666148} - \PC-Mechanic Startup -> No File <==== ATTENTION
Task: {24DEDB44-E893-4455-B83E-D9969BE41D72} - \ShopperPro -> No File <==== ATTENTION
Task: {33297783-1ECB-45DB-9ED6-CB308B627DDE} - System32\Tasks\4785 => Wscript.exe C:\Users\Hailey\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {3A620DB2-51B9-4D3C-82D9-A4341A5A2AE9} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {4E126409-CC93-4F66-B48D-36BA8538B880} - \DNSCHILDERSBURG -> No File <==== ATTENTION
Task: {54AD199D-540D-4B4C-8ECB-AE46A7DFF445} - \SPDriver -> No File <==== ATTENTION
Task: {60706AE3-321D-4EBD-8E86-FE54AA325AD5} - \Smp -> No File <==== ATTENTION
Task: {8CF4F530-B94E-4DCA-8B74-15989F99A79B} - \DnsIo2 -> No File <==== ATTENTION
Task: {AD1C1BA7-3AED-4A9F-8098-3A0F1E5E94CD} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {AE4E0661-92DC-41FD-AB7F-761252229244} - \SMW_UpdateTask_Time_333536313133393431382d3437415a556c2a3223346c41 -> No File <==== ATTENTION
Task: {CDAD0D8A-4DCF-442D-9DAD-D59340B56CD0} - System32\Tasks\{18553900-408B-45DC-9482-034C8428C989} => pcalua.exe -a C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Task: {CFE68941-ACED-412F-9CC2-3183B6AD5569} - \Microsoft\Windows Defender\MpIdleTask -> No File <==== ATTENTION
Task: {D9819D34-3734-4D21-A389-3588CFDF4DC5} - \IBUpd -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C [182]
AlternateDataStreams: C:\ProgramData\TEMP:0860D6D6 [112]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [115]
AlternateDataStreams: C:\ProgramData\TEMP:0915A718 [134]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]
AlternateDataStreams: C:\ProgramData\TEMP:0DE96CF5 [140]
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3 [123]
AlternateDataStreams: C:\ProgramData\TEMP:12BCD9DC [138]
AlternateDataStreams: C:\ProgramData\TEMP:1BD320E3 [130]
AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [151]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:3790BACD [128]
AlternateDataStreams: C:\ProgramData\TEMP:39CB2031 [183]
AlternateDataStreams: C:\ProgramData\TEMP:4112A0B6 [129]
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [121]
AlternateDataStreams: C:\ProgramData\TEMP:437B1C75 [181]
AlternateDataStreams: C:\ProgramData\TEMP:439E3411 [123]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4B7A6240 [150]
AlternateDataStreams: C:\ProgramData\TEMP:4C3B92C7 [145]
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2 [364]
AlternateDataStreams: C:\ProgramData\TEMP:554C6431 [116]
AlternateDataStreams: C:\ProgramData\TEMP:5E7551D4 [138]
AlternateDataStreams: C:\ProgramData\TEMP:5F85EE30 [128]
AlternateDataStreams: C:\ProgramData\TEMP:65AB2A58 [129]
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F [153]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:8B79B813 [306]
AlternateDataStreams: C:\ProgramData\TEMP:9758CFB3 [258]
AlternateDataStreams: C:\ProgramData\TEMP:9857FAE3 [125]
AlternateDataStreams: C:\ProgramData\TEMP:993185CB [516]
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4 [184]
AlternateDataStreams: C:\ProgramData\TEMP:A1BCD70C [152]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [120]
AlternateDataStreams: C:\ProgramData\TEMP:B722BCE5 [124]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\TEMP:CFF6B3FF [119]
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB [430]
AlternateDataStreams: C:\ProgramData\TEMP:D2B953F4 [150]
AlternateDataStreams: C:\ProgramData\TEMP:D5D75FF0 [144]
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810 [470]
AlternateDataStreams: C:\ProgramData\TEMP:E5DE9C8F [121]
AlternateDataStreams: C:\ProgramData\TEMP:E8F960C4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:EA701346 [238]
AlternateDataStreams: C:\ProgramData\TEMP:ECDCF846 [252]
AlternateDataStreams: C:\ProgramData\TEMP:F1F10B64 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F49868C8 [260]
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF [140]
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 [137]

End
*****************

Restore point was successfully created.
Processes closed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4858:3df7:15d9:bd97%13
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : rochester.rr.com

========= End of CMD: =========


=========  IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Link-local IPv6 Address . . . . . : fe80::4858:3df7:15d9:bd97%13
   IPv4 Address. . . . . . . . . . . : 192.168.2.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : rochester.rr.com

========= End of CMD: =========

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A6A5EE7-BDC7-4966-9802-6DD704E3CBD7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{131E3CBC-2932-47E4-B55C-91C696498A61} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Searchya => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2471305C-6671-40F7-AE2C-B550B5666148} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Startup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24DEDB44-E893-4455-B83E-D9969BE41D72} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33297783-1ECB-45DB-9ED6-CB308B627DDE} => key not found.
C:\Windows\System32\Tasks\4785 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4785 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A620DB2-51B9-4D3C-82D9-A4341A5A2AE9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E126409-CC93-4F66-B48D-36BA8538B880} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSCHILDERSBURG => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54AD199D-540D-4B4C-8ECB-AE46A7DFF445} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60706AE3-321D-4EBD-8E86-FE54AA325AD5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CF4F530-B94E-4DCA-8B74-15989F99A79B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DnsIo2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1C1BA7-3AED-4A9F-8098-3A0F1E5E94CD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE4E0661-92DC-41FD-AB7F-761252229244} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333536313133393431382d3437415a556c2a3223346c41 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDAD0D8A-4DCF-442D-9DAD-D59340B56CD0} => key not found.
C:\Windows\System32\Tasks\{18553900-408B-45DC-9482-034C8428C989} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{18553900-408B-45DC-9482-034C8428C989} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFE68941-ACED-412F-9CC2-3183B6AD5569} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MpIdleTask" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9819D34-3734-4D21-A389-3588CFDF4DC5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"C:\ProgramData\TEMP" => ":02DD996C" ADS not found.
"C:\ProgramData\TEMP" => ":0860D6D6" ADS not found.
"C:\ProgramData\TEMP" => ":08801FDB" ADS not found.
"C:\ProgramData\TEMP" => ":0915A718" ADS not found.
"C:\ProgramData\TEMP" => ":0B4227B4" ADS not found.
"C:\ProgramData\TEMP" => ":0DE96CF5" ADS not found.
"C:\ProgramData\TEMP" => ":10D45FC3" ADS not found.
"C:\ProgramData\TEMP" => ":12BCD9DC" ADS not found.
"C:\ProgramData\TEMP" => ":1BD320E3" ADS not found.
"C:\ProgramData\TEMP" => ":1D209D22" ADS not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":3790BACD" ADS not found.
"C:\ProgramData\TEMP" => ":39CB2031" ADS not found.
"C:\ProgramData\TEMP" => ":4112A0B6" ADS not found.
"C:\ProgramData\TEMP" => ":436BE28C" ADS not found.
"C:\ProgramData\TEMP" => ":437B1C75" ADS not found.
"C:\ProgramData\TEMP" => ":439E3411" ADS not found.
"C:\ProgramData\TEMP" => ":4B244549" ADS not found.
"C:\ProgramData\TEMP" => ":4B7A6240" ADS not found.
"C:\ProgramData\TEMP" => ":4C3B92C7" ADS not found.
"C:\ProgramData\TEMP" => ":4D066AD2" ADS not found.
"C:\ProgramData\TEMP" => ":554C6431" ADS not found.
"C:\ProgramData\TEMP" => ":5E7551D4" ADS not found.
"C:\ProgramData\TEMP" => ":5F85EE30" ADS not found.
"C:\ProgramData\TEMP" => ":65AB2A58" ADS not found.
"C:\ProgramData\TEMP" => ":716C3D9F" ADS not found.
"C:\ProgramData\TEMP" => ":7687A3E3" ADS not found.
"C:\ProgramData\TEMP" => ":8B79B813" ADS not found.
"C:\ProgramData\TEMP" => ":9758CFB3" ADS not found.
"C:\ProgramData\TEMP" => ":9857FAE3" ADS not found.
"C:\ProgramData\TEMP" => ":993185CB" ADS not found.
"C:\ProgramData\TEMP" => ":9D0A16E4" ADS not found.
"C:\ProgramData\TEMP" => ":A1BCD70C" ADS not found.
"C:\ProgramData\TEMP" => ":A31FAD21" ADS not found.
"C:\ProgramData\TEMP" => ":B722BCE5" ADS not found.
"C:\ProgramData\TEMP" => ":B9C6EB6C" ADS not found.
"C:\ProgramData\TEMP" => ":CFF6B3FF" ADS not found.
"C:\ProgramData\TEMP" => ":D2032EBB" ADS not found.
"C:\ProgramData\TEMP" => ":D2B953F4" ADS not found.
"C:\ProgramData\TEMP" => ":D5D75FF0" ADS not found.
"C:\ProgramData\TEMP" => ":D8F9D810" ADS not found.
"C:\ProgramData\TEMP" => ":E5DE9C8F" ADS not found.
"C:\ProgramData\TEMP" => ":E8F960C4" ADS not found.
"C:\ProgramData\TEMP" => ":EA701346" ADS not found.
"C:\ProgramData\TEMP" => ":ECDCF846" ADS not found.
"C:\ProgramData\TEMP" => ":F1F10B64" ADS not found.
"C:\ProgramData\TEMP" => ":F49868C8" ADS not found.
"C:\ProgramData\TEMP" => ":F67947AF" ADS not found.
"C:\ProgramData\TEMP" => ":F89F2593" ADS not found.
EmptyTemp: => 10.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:23:36 ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:29 PM

Posted 11 May 2016 - 07:43 AM

From the Run box executed REGEDIT.EXE

The registry editor will open.

Navigate to this key.


HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId

You should see the product ID.

It may or may not be the same as the one on the back of the computer, what ever number(s) you have.

===

p.s.
You may be interested in reading this topic.
http://www.howtogeek.com/206329/how-to-find-your-lost-windows-or-office-product-keys/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users