Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Affected by Malware and Windows 7 64Bits Update issue


  • This topic is locked This topic is locked
8 replies to this topic

#1 samindia

samindia

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 10 July 2017 - 02:29 PM

Hi

 

Attn. : Malware Response Team

 

I was suggested to run FRST toolbar

 

I have also new issue

 

My windows 7 64 bit does not get update

 

I get message " Windows 7 Sp1 is not genuine " , but i am using this Genuine windows 7 for last 6 years

 

the screen of my desktop is black

 

here are the reports

Attached File  FRST.txt   58.86KB   10 downloadsAttached File  Addition.txt   27.14KB   7 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 PM

Posted 11 July 2017 - 07:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\GATEWAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-06]
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers04: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers04: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers06: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {35228FA7-AC05-42BE-A64B-2F69F57A6B8E} - System32\Tasks\{F0A7B1E3-83FF-44D3-AEC2-D764C3034E61} => pcalua.exe -a C:\Users\GATEWAY\AppData\Local\Temp\jre-8u131-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6B0AE16F-2414-430F-A091-64FB9F055411} - System32\Tasks\{0F9A8DF0-D2A3-4C39-96AA-EF020CD45357} => pcalua.exe -a C:\Users\GATEWAY\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {CD39F42E-DEC9-4831-BB4F-D59B4E68C515} - System32\Tasks\{2000EE90-46E9-438F-A8B1-BCA996EFDDC8} => pcalua.exe -a C:\Users\GATEWAY\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 samindia

samindia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 11 July 2017 - 08:52 AM

Hello Nasdaq

 

Thank You very much for helping me out of this situation

 

here are the problem

 

1. My Windows desktop is black screen earlier it was with windows logo and blue color one.

 

2. I am not getting any message of "Windows not being genuine" anymore at right bottom corner.

 

3. I cannot still update my windows error code C0000022

 

4. Under System I am still not getting genuine windows message , My windows7 64 bit is genuine it came with my Gateway Laptop and there is sticker at back of my laptop with 25 digit alphanumeric code but I don't have CD with me as I never made one for windows and drivers.

 

5. I feel my laptop is remotely controlled , The only 2 user on this laptop are Gateway and Sam . Sam is Phantom account created by ESET Security 9 under Anti-theft function. Gateway is one I use it is password protected.

 

6. I feel my programs like Google Chrome , AdobeAttached File  Fixlog.txt   6.83KB   0 downloadsAttached File  ESETscanlog.txt   475.82KB   0 downloads and ESET Smart Security are infected by Malware , even though i had ESET reinstalled on 9/July/2017 earlier Device Control function was not working but after reinstall it started to function properly.

 

I am also attaching my ESET scan report in this.

 

I really appreciate all your efforts , Thank you Very Much.

 

SamIndia



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 PM

Posted 11 July 2017 - 01:14 PM



Repair these services.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#5 samindia

samindia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 12 July 2017 - 09:44 AM

Hello Nasdaq

 

Thanks for your quick reply

 

I still have these problems / issues with my laptop

 

here are the problems / issues

 

1. My Windows desktop is black screen earlier it was with windows logo and blue color one.

 

2. I am not getting any message of "Windows not being genuine" anymore at right bottom corner.

 

3. I cannot still update my windows error code C0000022

 

4. Under System I am still not getting genuine windows message , My windows7 64 bit is genuine it came with my Gateway Laptop and there is sticker at back of my laptop with 25 digit alphanumeric code but I don't have CD with me as I never made one for windows and drivers.

 

These are the same 4 major problem as mentioned in my earlier post.

 

The new one is I am getting message in Action Center that there is not Anti Virus program but I have ESET on.

 

I accidentally installed Reimage Repair by clicking on Big Green DOWNLOAD later I came to know this wrong program so I uninstalled it then downloaded Tweaking's windows repair from direct download option.

 

On step 2 there were some suggestion but I did not take any action as it was not mentioned by you but I have the report of it,please take a look at Tweaking.Computer-Windows Repair - Pre Scan Report.txt

 

Here are the some other report of Repairs for you .

 

Thanks

 

SamIndia

 

Attached File  Tweaking.com - Windows Repair - Pre-Scan.txt   4.79KB   1 downloads

Attached File  Repair_WMI.txt   409.75KB   0 downloads

Attached File  Repair_Windows_Updates.txt   10.37KB   0 downloads

Attached File  Repair_MSI_Windows_Installer.txt   480bytes   0 downloads

Attached File  _Windows_Repair_Log.txt   5.09KB   0 downloads

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 PM

Posted 12 July 2017 - 10:00 AM

The error message is to repair your Reparse points.

You already have the Windowss repair tool.
Follow the instructions to do the repair.



Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.


Let me know what problem persists.

#7 samindia

samindia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 13 July 2017 - 12:48 PM

Hello Nasdaq

 

the problem still exists as mentioned in my last post

 

The process did not went smoothly , step3 check disc part during reboot it was hanging up at step 4 of 5 @14% so i had to restart my laptop after waiting for more than an hour.

 

at step 2 i had selected Repair Environment Variable .

 

at step 3 i did check disc and selected option r

 

at step 4 i clicked on Do IT

 

at step 5 i selected create option in system recovery.

 

at step 6 repair i selected all the option

 

I am not sure where i went wrong or there is problem in disc.

 

I did all the process in safe mode to ESET was not involved.

 

I had extracted zip folder on desktop.

 

I have got no log file

 

I have only this file if this can help you

 

Attached File  changelog.txt   106.06KB   1 downloads

 

Please advice

 

SamIndia



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:42 PM

Posted 14 July 2017 - 06:51 AM

Lets check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

Check also for any out dated 3rd party drivers.

Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.

Update all the 3rd party divers that are old.
===

Restart the computer and let me know what problem persists.

#9 samindia

samindia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 20 July 2017 - 03:27 AM

Hi Nasdaq

 

Sorry for delay in replying since I did not had laptop for few days it was in repair center.

 

Thanks fo all your help.

 

My laptop's hard disk crashed on saturday.

 

I took it to my local servicing guy.

 

They put in a new hardisk , reinstalled windows 7 (since I had the key ) and serviced my laptop.

 

It is running beautifully now.

 

Thanks for all the help.

 

Good Luck

 

SamIndia






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users