Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm New. With Command Prompt Problems!


  • Please log in to reply
44 replies to this topic

#1 mitcheyfex

mitcheyfex

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 12:21 PM

Hello guys i'm Mitch
 
I've been having an issue with my command prompt window keep popping up and only doing so for around 1-2 seconds so i never get a chance to see what it says or what it is executing but i know it says it is something from the System32. I bought this system second hand and its a brilliant system and performs fine it had also a fresh install of windows 10 i believe when i received it at factory standard but this issue has been happening even since then!
 
This is increasingly annoying because when it happens it causes any game i'm playing to minimise and sometimes even close, it could happen while browsing, watching movies, downloading, even on start up sometimes!

So with no where else to turn i found you guys and made a post i hope it has all the info you need!!.


System Information:

OS Name    Microsoft Windows 10 Pro
Version    10.0.14393 Build 14393
Other OS Description     Not Available
OS Manufacturer    Microsoft Corporation
System Name    DESKTOP-6HH5N0M
System Manufacturer    System manufacturer
System Model    System Product Name
System Type    x64-based PC
System SKU    SKU
Processor    Intel® Core™ i5-2500K CPU @ 3.30GHz, 3301 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date    American Megatrends Inc. 1201, 17/08/2012
SMBIOS Version    2.7
Embedded Controller Version    255.255
BIOS Mode    Legacy
BaseBoard Manufacturer    ASUSTeK COMPUTER INC.
BaseBoard Model    Not Available
BaseBoard Name    Base Board
Platform Role    Desktop
Secure Boot State    Unsupported
PCR7 Configuration    Binding Not Possible
Windows Directory    C:\WINDOWS
System Directory    C:\WINDOWS\system32
Boot Device    \Device\HarddiskVolume1
Locale    United Kingdom
Hardware Abstraction Layer    Version = "10.0.14393.206"
User Name    DESKTOP-6HH5N0M\Mitch
Time Zone    GMT Standard Time
Installed Physical Memory (RAM)    8.00 GB
Total Physical Memory    7.95 GB
Available Physical Memory    4.11 GB
Total Virtual Memory    9.20 GB
Available Virtual Memory    5.90 GB
Page File Space    1.25 GB
Page File    C:\pagefile.sys
Hyper-V - VM Monitor Mode Extensions    Yes
Hyper-V - Second Level Address Translation Extensions    Yes
Hyper-V - Virtualization Enabled in Firmware    No
Hyper-V - Data Execution Protection    Yes

 
 
 
 
 
 
RogueKiller Test Result Txt. (28 Threats):
 
RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Mitch [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/13/2017 16:40:19 (Duration : 00:18:35)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\ZipTool -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\FFinder LTD -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\OCS -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\OCS -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\SlimWare Utilities Inc -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\AppDataLow\Software\adawarebp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\AppDataLow\Software\adawarebp -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2936263124-128178603-3029906266-1001\Software\Microsoft\Internet Explorer\Main | Start Page :

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 13 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\DriverSetupUtility -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Mitch\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Users\Mitch\AppData\Roaming\ZipTool -> Found
[PUP.Gen1][Folder] C:\ProgramData\DriverSetupUtility -> Found
[PUP.Gen1][Folder] C:\Program Files\DriverSetupUtility -> Found
[PUP.Firefox][File] C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\k2roouxm.default\Invalidprefs.js -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://uk.minehp.com/?tn=sdkm_inner_minehp_uk&guid=a65af5e727ebc0e2240e2331ad5baa5d] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAJS-22B4A0 +++++
--- User ---
[MBR] 8074f52a9a3b7cba4ef58d323ea54be6
[BSP] 84698c39e17f5270adc2bc98409c65f2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 304200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 623210496 | Size: 492 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 +++++
--- User ---
[MBR] 7c29ae8cfd8e04bb5fae82cf3ef760db
[BSP] 97769c0be3f1cde06ec0e22bca3dbd6f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952598016 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

 
 
 
 
 
 
 
AdwCleaner Test Result (101 threats):
 
# AdwCleaner v6.043 - Logfile created 13/02/2017 at 17:12:18
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : Mitch - DESKTOP-6HH5N0M
# Running from : C:\Users\Mitch\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\Mitch\AppData\Roaming\ziptool
Folder Found:  C:\Users\Mitch\AppData\Roaming\ZipTool
Folder Found:  C:\Program Files\DriverSetupUtility
Folder Found:  C:\ProgramData\DriverSetupUtility
Folder Found:  C:\ProgramData\Application Data\DriverSetupUtility
Folder Found:  C:\Users\Public\Documents\Guid
Folder Found:  C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\ziptool
Folder Found:  C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\ZipTool


***** [ Files ] *****

File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
File Found:  C:\Users\Mitch\AppData\Roaming\Installer.dat
File Found:  C:\Users\Mitch\AppData\Roaming\Main.dat
File Found:  C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\k2roouxm.default\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKU\S-1-5-21-2936263124-128178603-3029906266-1001\Software\SlimWare Utilities Inc
Key Found:  HKU\S-1-5-21-2936263124-128178603-3029906266-1001\Software\AppDataLow\Software\adawarebp
Key Found:  HKCU\Software\SlimWare Utilities Inc
Key Found:  HKCU\Software\AppDataLow\Software\adawarebp
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKLM\SOFTWARE\FFinder LTD
Key Found:  [x64] HKCU\Software\SlimWare Utilities Inc
Key Found:  [x64] HKCU\Software\AppDataLow\Software\adawarebp
Key Found:  [x64] HKLM\SOFTWARE\ZipTool
Key Found:  [x64] HKLM\SOFTWARE\DtsEncodeTools
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Data Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tjsxhxptAD8hZXb6RkYM-R
Key Found:  HKU\S-1-5-21-2936263124-128178603-3029906266-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cyberlink-power2g
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\free-5kplayer.en.
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\kmplayer.en.softo
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\quest-helper.en.s
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\uk.hao123.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cyberlink-power2go.e
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\free-5kplayer.en.sof
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\kmplayer.en.softonic
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\quest-helper.en.soft
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\uk.hao123.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cyberlink-power
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\free-5kplayer.e
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\kmplayer.en.sof
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\quest-helper.en
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\uk.hao123.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cyberlink-power2go
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\free-5kplayer.en.s
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\kmplayer.en.softon
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\quest-helper.en.so
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\uk.hao123.com
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [12674 Bytes] - [13/02/2017 16:13:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [12427 Bytes] - [13/02/2017 17:12:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12501 Bytes] ##########

 
 
Please note i use MBAM (MalwareBytes) Regularly and always clear any thing found after scan and the problem still doesn't dissapearing, however i only downloaded AdwCleaner and RogueKiller because i had noticed it had been reccomended somewhere else in the forum to gather information so i havent cleaned the threats on either of these two programs as i dont know if it is safe to do so having never used them before.
 
This problem is driving me nuts and i hope that the info i have given you is sufficient enough to identify what the problem causing this commandprompt issue is.
 
If there are any other additional tests you would like me to run let me know and also let me know if its safe to remove the threats displayed on AdwCleaner and RogueKiller.
 
 
Other than that bare with me i'm new to the site! salute to all the wonderful members and admins!

Regards,

 
Mitch

Edited by Al1000, 13 February 2017 - 12:37 PM.
moved from Windows 10 Support


BC AdBot (Login to Remove)

 


#2 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:01:28 PM

Posted 13 February 2017 - 12:38 PM

Hi mitcheyfex

 
Welcome to Bleeping Computer!
 
It could be scheduled task making the Command Prompt popping up please open the Command Prompt and execute below command to display the scheduled tasks on the local computer.
 
 


SCHTASKS /Query /FO list /V > %UserProfile%\Desktop\ScheduledTasks.txt

Above command will create a file named ScheduledTasks.txt on your Desktop please place this file into Zip archive and attach it to your next post.


Posted Image


#3 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 12:46 PM

FreeBooter,

 

Thank you!, And also thank you for your quick reply Got the file on my Desktop and trying to work out how to attach...



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:28 AM

Posted 13 February 2017 - 01:21 PM

You can post an attachment by doing the following. 

Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options.

Post2_zpsf05c0430.png

When you click on More Relpy Options  you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you want to post, then click on Attach This File, then Add Reply.

attachment_zps9v6amtri.png

 

 

The PUPs (Potentially Unwanted Programs) are not malicious, go ahead and allow the program to remove these.  AdwCleaner found a lot of adware, let it remove these as well.

 

Please post the log from your last Malwarebytes scan.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 01:32 PM

Okay, it definetly doesn't bring up that box, just the normal reply box for me, also the website has started really playing up since my first post very slow, ive tried on firefox and internet explorer... its just not working for me =( appreciate your help maybe theres some other way to get it to you guys?



#6 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:01:28 PM

Posted 13 February 2017 - 01:39 PM

You can post content of the ScheduledTasks.txt file.

Posted Image


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:28 AM

Posted 13 February 2017 - 01:41 PM

My bad... I forgot that this is in the Am I Infected forum.  The option to add an attachment isn't available in this forum.  You will need to use a host website like Photobucket to post a link which will post as a picture.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 01:47 PM

Guys i really appreciate your help, but im not sure how i'm supposed to do this i've just done a mb check and the content of the results is too long for the post, so i cant post it as a reply, is there any way i can get the neccesary files over??
 



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:28 AM

Posted 13 February 2017 - 01:58 PM

You need to zip the file and then post that in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 02:03 PM

File is zipped, and there is no way to attach it to the topic.



#11 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 02:31 PM

Any other suggestions? as there is not a way to attach and content is too large to put into a post?



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:28 AM

Posted 13 February 2017 - 02:44 PM

Copy the zipped file post it in your topic.


Edited by dc3, 13 February 2017 - 02:45 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:01:28 PM

Posted 13 February 2017 - 03:19 PM

Please paste the content of the ScheduledTasks.txt file to PasteBin.com and let us have the url link.

Posted Image


#14 mitcheyfex

mitcheyfex
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 February 2017 - 06:43 PM

Hello sorry about the late reply thank you FreeBooter for the solution, here is the link http://pastebin.com/tTYqraCt



#15 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:01:28 PM

Posted 13 February 2017 - 11:36 PM

Hi mitcheyfex,


You are using program called System Mechanic uninstall this program to see issue resolves.



I would like to have you run a Clean Boot.

How to perform a Clean Boot.

Warning: Disabling items in Services or Startup may leave your anitivius disabled until the process is ended. For this reason I would suggest that you perform this process off line.

Press the Windows keywindowskey_zps092d5c75.png and the R key to open Run, then type msconfig in the search box. This will open System Configuration.

If you are prompted for an administrator password or for confirmation, you should enter the password or provide confirmation.

(1) Click/tap on the General tab.

(2) Click/tap on the Selective startup option.

(3) Remove the check mark in the Load startup items check box.

msconfig_zpsuoxvomjq.png

4. Click on the Services tab.

5. Place a check mark in the Hide all Microsoft services check box, this will remove the Microsoft Services from the list but will still be running.

6. Click Disable all, this will remove all of the check marks in the Services list.

clean%20boot%203_zpsyvcjopso.png

7. Click on Hide all Microsoft services. Click on Apply then OK

clean%20boot%202_zpsekds879g.png

Click on Restart in the window that opens.

When the computer is restarted it will boot normally.

Let me know if the problem persists after restarting the computer.


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users