Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help. Windows new claims my copy is no longer genuine


  • Please log in to reply
16 replies to this topic

#1 capricorntony13

capricorntony13

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 18 October 2016 - 12:16 AM

Hello, 

 

I think that I was hit with a virus that leads me to believe that my copy of WIn7 from my online-bought laptop a few years ago is no longer genuine. I tried virus scans and they detected something, but the virus keeps coming back. Some files come up as corrupt, and I am instructed to run chkdsk, which runs for a second or two and stops immediately. I need help cleaning it. I also am glad that I have donated to your legal defense fund. Please help. Thnx. 


Edited by NickAu, 18 October 2016 - 01:35 AM.
Moved to more appropriate forum


BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:05:02 PM

Posted 18 October 2016 - 01:30 AM

I've requested your topic to be moved to the Am I Infected? forum.



#3 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 18 October 2016 - 10:12 AM

If you haven't used the programs below with the settings described in the instructions....please give them a shot finding the problem.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 11 November 2016 - 08:15 PM

Sorry for the delay. 

 

MBAM scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/6/2016
Scan Time: 8:49 PM
Logfile: mbam scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.06.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tony
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277595
Time Elapsed: 19 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
AdW scan:
# AdwCleaner v6.030 - Logfile created 06/11/2016 at 21:17:09
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-05.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Tony - TONY-PC
# Running from : C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1396EJRE\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1841 Bytes] - [05/10/2016 09:08:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [1025 Bytes] - [06/11/2016 21:17:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [1905 Bytes] - [05/10/2016 09:06:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1447 Bytes] - [06/11/2016 21:16:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1244 Bytes] ##########
 
JRT scan:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Tony (Administrator) on Sun 11/06/2016 at 21:25:34.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 29 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Tony\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Tony) (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Tony (Task)
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1396EJRE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71N5OMUX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IBW32VU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIEKA9UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECGLYUDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDE6VBKM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL24R2BY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMT83QCL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3HJAJ2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRK6A4NH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7J94P1D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGAZJDC6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1396EJRE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71N5OMUX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IBW32VU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIEKA9UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECGLYUDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDE6VBKM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL24R2BY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMT83QCL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3HJAJ2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRK6A4NH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7J94P1D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGAZJDC6 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/06/2016 at 21:29:51.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET  - the virus froze the ESET program after about 80% into the scan. 


#5 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 12 November 2016 - 08:57 AM

Rerun both MBAM and JRT scans....post the logs if they find anything...

 

Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;

  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it
  • This time, click on Logs
  • From there, go under the Quarantine Log tab, and click on the Export button
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply
  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

Edited by buddy215, 12 November 2016 - 09:07 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 12 November 2016 - 09:36 PM

EEK results:

 

Emsisoft Emergency Kit - Version 11.9
Last update: 11/12/2016 7:44:20 PM
User account: Tony-PC\Tony
Computer name: TONY-PC
OS version: Windows 7x64 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/12/2016 7:45:41 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 71193
Found 2
 
Scan end: 11/12/2016 7:49:22 PM
Scan time: 0:03:41
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
 
Quarantined 1
****
 
Security Check results:
 

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 12.11.2016 19:51:23
Path starting: C:\Users\Tony\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Tony
VersionXML: 3.51is-12.11.2016
___________________________________________________________________________
 
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 04.01.2015 09:17:05
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
SystemDrive: C: FS: [NTFS] Capacity: [448.2 Gb] Used: [137.3 Gb] Free: [310.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18449 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-10-05 02:40:48
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
IObit Malware Fighter (disabled)
avast! Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and out of date)
IObit Malware Fighter (disabled)
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.11.2.2262
ESET Online Scanner v3
Ad-Aware Web Companion v.1.1.844.1586
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.6.0.1220
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.41212.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.29 v.7.29.102
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.23.0.0.257
Adobe Flash Player 23 ActiveX v.23.0.0.205 Warning! Download Update
Adobe Reader X (10.1.16) MUI v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.71 Warning! Download Update
Mozilla Firefox 47.0.1 (x86 en-US) v.47.0.1 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service has stopped
Malwarebytes Anti-Exploit Service (MbaeSvc) - The service has stopped
SAS Core Service (!SASCORE) - The service is running
C:\Program Files\SUPERAntiSpyware\SASCore64.exe v.6.0.0.1080
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
MyWinLocker v.4.0.14.27 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Advanced SystemCare 9 v.9.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Driver Booster 3.5 v.3.5 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
MyWinLocker Suite v.4.0.14.19 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
IObit Malware Fighter 4 v.4.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
IObit Uninstaller v.5.4.0.125 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
MyWinLocker 4 v.4.0.14.27 << Hidden Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 


#7 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 13 November 2016 - 07:15 AM

Uninstall these programs: (Use Download Revo Uninstaller Freeware to uninstall them)

My WinLocker

All of the IObit programs

Advanced System Care

Super Antispyware

Adobe Reader

Ad-Aware Web Companion

 

Update your Firefox and Chrome browsers

 

After doing the above....do this:

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 13 November 2016 - 07:39 PM

CCleaner - Windows Startups:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run AthBtTray Atheros Commnucations "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Yes HKLM:Run AtherosBtStack Atheros Commnucations "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
Yes HKLM:Run Malwarebytes Anti-Exploit Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Yes HKLM:Run RIMBBLaunchAgent.exe Research In Motion Limited C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Yes HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
 
***
 
CCleaner - Scheduled Tasks
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task EgisUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task PMMUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\PMMUpdate.exe"
Yes Task SafeZone scheduled Autoupdate 1460682675 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"
 
***
CCleaner - Programs list
 
Acer Backup Manager NTI Corporation 10/24/2013 351 MB 3.0.0.105
Acer Crystal Eye Webcam CyberLink Corp. 1/9/2014 42.4 MB 1.5.2904.00
Acer ePower Management Acer Incorporated 1/9/2014 6.00.3010
Acer eRecovery Management Acer Incorporated 10/24/2013 5.00.3508
Acer Registration Acer Incorporated 1/9/2014 1.04.3507
Adobe AIR Adobe Systems Incorporated 9/25/2016 23.0.0.257
Adobe Flash Player 23 ActiveX Adobe Systems Incorporated 11/6/2016 18.7 MB 23.0.0.205
Atheros Bluetooth Suite (64) Atheros 1/9/2014 76.3 MB 7.4.0.125
Atheros Driver Installation Program Atheros 1/9/2014 10.0
Avast Free Antivirus AVAST Software 5/4/2016 11.2.2262
BlackBerry Desktop Software 7.1 Research In Motion Ltd. 7/29/2015 7.1.0.41
Broadcom Card Reader Driver Installer Broadcom Corporation 1/9/2014 2.76 MB 15.2.4.4
Broadcom NetLink Controller Broadcom Corporation 1/9/2014 536 KB 15.2.5.1
CCleaner Piriform 11/6/2016 5.23
ETDWare PS/2-X64 10.6.12.4_WHQL ELAN Microelectronic Corp. 1/9/2014 10.6.12.4
Google Chrome Google Inc. 1/4/2015 54.0.2840.99
Identity Card Acer Incorporated 1/9/2014 1.00.3503
Intel® Management Engine Components Intel Corporation 1/9/2014 8.0.2.1410
Intel® OpenCL CPU Runtime Intel Corporation 1/9/2014
Intel® Processor Graphics Intel Corporation 9/29/2015 10.18.10.3355
Intel® Rapid Storage Technology Intel Corporation 11/13/2016 11.0.0.1032
Intel® Trusted Connect Service Client Intel Corporation 1/9/2014 10.6 MB 1.23.605.1
Launch Manager Acer Inc. 1/9/2014 5.1.15
Malwarebytes Anti-Exploit version 1.9.1.1235 Malwarebytes 11/6/2016 6.71 MB 1.9.1.1235
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 11/6/2016 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2/15/2016 38.8 MB 4.6.01055
Microsoft Office Home and Student 2013 - en-us Microsoft Corporation 11/6/2016 15.0.4867.1003
Microsoft Silverlight Microsoft Corporation 3/20/2016 100 MB 5.1.41212.0
Microsoft SkyDrive Microsoft Corporation 4/18/2015 25.1 MB 16.4.6013.0910
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/9/2014 290 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 1/9/2014 562 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/24/2013 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 1/9/2014 596 KB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 Microsoft Corporation 1/9/2014 12.1 MB 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 1/9/2014 9.76 MB 10.0.30319
Mozilla Firefox 47.0.2 (x86 en-US) Mozilla 11/13/2016 92.0 MB 47.0.2
Mozilla Maintenance Service Mozilla 11/13/2016 214 KB 47.0.2.6148
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 1/9/2014 6.0.1.6543
Revo Uninstaller 2.0.1 VS Revo Group, Ltd. 11/13/2016 21.1 MB 2.0.1
RogueKiller version 12 Adlice Software 10/2/2016 75.2 MB 12
Shared C Run-time for x64 McAfee 10/24/2013 2.78 MB 10.0.0
Skype™ 7.29 Skype Technologies S.A. 11/6/2016 159 MB 7.29.102
Virtual Rosary 3/15/2016
Welcome Center Acer Incorporated 1/9/2014 1.02.3507
 
 
***
I was unable to find the Ad-Aware Web Companion program

Edited by capricorntony13, 13 November 2016 - 07:40 PM.


#9 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 13 November 2016 - 08:45 PM

Suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task SafeZone scheduled Autoupdate 1460682675 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

Yes Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"

 

Uninstall these programs:

Mozilla Firefox 47.0.2 (x86 en-US) Mozilla 11/13/2016 92.0 MB 47.0.2 (Uninstall or Update....your choice)

 

Did you rerun MBAM and JRT scans....if so....did they find anything to remove?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 14 November 2016 - 04:44 AM

Startups and Tasks disabled. 

 

Firefox uninstalled. 

 

MBAM found nothing.

 

JRT Scan:

 

It failed to create a restore point, then the scan ran.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Tony (Limited) on Mon 11/14/2016 at  0:45:59.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Tony\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UBO3QGI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z1S07S6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIEKA9UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMKP3X9C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECGLYUDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3HJAJ2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QK9WIWTM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGAZJDC6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UBO3QGI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z1S07S6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIEKA9UT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMKP3X9C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECGLYUDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3HJAJ2I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QK9WIWTM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGAZJDC6 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/14/2016 at  0:47:12.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
***...and, during the scan, at the lower right corner of the screen, a message came up that said that the cmd.exe file was corrupted. It sometimes gives me the same message about other programs as well. All scans were in Safe Mode.


#11 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 14 November 2016 - 07:04 AM

Close all programs. You can do the below in Safe Mode, too.

 

Click Start, type Command Prompt or cmd in the Search box, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

 

At the command prompt, type the following command, and then press ENTER: sfc /scannow

 

The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.After the process is finished, you may receive one of the following messages:

  • Windows Resource Protection did not find any integrity violations.

    This means that you do not have any missing or corrupted system files.
  • Windows Resource Protection could not perform the requested operation.

    To resolve this problem, perform the System File Checker scan in safe mode, and make sure that the PendingDeletes and PendingRenames folders exist under %WinDir%\WinSxS\Temp.
  • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

    To view the detail information about the system file scan and restoration, go to How to view details of the System File Checker process.
  • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 16 November 2016 - 10:20 PM

I ran the sfc scan in safe mode. it stopped at 32% and gave a message that Windows Resource Protection could not perform the requested operation. I could not locate the winsxs folders. i tried the tree command in DOS and when it came up to the winsxs folder, an error message came up in the lower right corner of the screen saying that tree.com was a corrupt file, and that c:\windows\serviceprofiles\networkservice is corrupt and unreadable. it also says to run chkdsk. i restarted in regular mode to look up online how to locate the winsxs folder, and i got a message that windows could not automatically update. i tried to manually update and it gave me an error message. so, now besides having an OS that tells me that my copy is not genuine, but i cannot update it either. man, i'm screwed. what do you think i should do next?



#13 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 17 November 2016 - 06:40 AM

If you didn't run the Check Disk....you should. Of course, it is always advisable to backup whatever you would not want to lose to another hardware medium...documents, pics, videos, etc.

Depending on what Check Disk finds and can't repair....you may need to replace hdd or just reinstall your Windows 7 and all of the other software.

 

How to Fix Hard Drive Problems with Chkdsk in Windows 7, 8, and 10


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 17 November 2016 - 10:14 PM

I tried to run chkdsk /r  from safe mode. it said that it could not because the volume was in use, and it asked if i wanted to run it upon a restart. i said yes. i restarted in safe mode, and it did not go on. i restarted in regular mode and it said that the autocheck program could not be found. 



#15 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:02 PM

Posted 18 November 2016 - 05:34 AM

Use Speccy FREE version to view S.M.A.R.T info on hdd and other info. Once you have completed the scan please post a link to the results or post the results.

Speccy - System Information - Free Download  Be sure to look for any offers of toolbars, etc. and uncheck those.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users