Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Pro. 64 bit "wont update/windows features blank"


  • This topic is locked This topic is locked
13 replies to this topic

#1 bonezz777

bonezz777

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 24 November 2017 - 05:49 PM

Hello Y'all Hope Everybody had a nice Thanksgiving;

My computer has Not been able to update since brand new; There is circumstances though;

When I first got my computer, I was on dial up, (people pc) so slow you could not load a sale paper, would time out; So you Also could not download a free anti virus tool, and "if" you did, you Couldn't update it; So I bought a a/v from wallyworld, But it would Not run Until it updated, and of course, You Could not Update it so I gave it away.....Now I have fast internet, but TOO late, I'm infected, by trying to download anything/everything, in doing so, I inadvertently downloaded "Fake antivirus" , I don't know this to be a fact, but I Do know I'm infected;

Everytime I log in my desktop screen is all rearranged, and some biometric fingerprint thing pops up & I don't know how to rid myself of it, also there is this interbreader guitar/banjo sound everytime I do something?, instead of the original windows sound I'm use to; Also windows will Not update since new computer hooked up to dialup, and my windows features is Blank/gone....I DO Not Know Computers, but I've tried everything; On top of that I'm Plagued w/Comodo after I tried to delete it, Now I'm running a free trial of avg.....Sure could use some help, from someone who really knows what they are doing;

Thanks in advance,

Tim    Attached File  SNAG-17112417454700.png   198.9KB   0 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 26 November 2017 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information please run this program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post theFRST and Addition.txt logs for my review.

Wait for further instructions.

#3 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 26 November 2017 - 10:02 AM

Hello nasdaq,

Thank You for Your responce;

I have a small update in my computer, I Was poking around & found hp security client and was able to disable the bio. log in; Also Malwarebytes found hijackers and PuPs, it quarantined them...Okay here are the reports you requested; PS: AVG when ran scan didn't find anything, but MBAM did?, should I get a different AV?, Thanks,

Tim 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 27 November 2017 - 08:35 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\addrbook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\avg driver updater.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brccboot.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brinstck.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brolink0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brscutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brstmonw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicexplorersettings.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicie_32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicshellupdate.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicstartmenu.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dsatray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpcustpartic.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mbam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcfxset.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins001.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-10-14]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
GroupPolicy: Restriction <==== ATTENTION
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-11-26] (SlimWare Utilities, Inc.)
U0 aswVmm; no ImagePath
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U4 npcap_wifi; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
U2 srService; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {909B7741-1B6B-4F1C-970D-90D66C412A99} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -> No File <==== ATTENTION
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C7E4B2E-E6A6-487B-9033-8B3AC9E3AADA} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {ED344779-9928-4A8E-B485-F4AFD5D28194} - System32\Tasks\{8620DA3A-B850-430D-BAF1-5488DAC413CD} => C:\Windows\system32\pcalua.exe -a C:\Users\Tim\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [143]
AlternateDataStreams: C:\Users\Tim\Downloads\dxwebsetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mbar-1.09.3.1001.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
C:\Windows\System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2
C:\Windows\System32\DRIVERS\SWDUMon.sys

cmd: netsh winsock reset catalog
EmptyTemp:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
 

PS: AVG when ran scan didn't find anything, but MBAM did?, should I get a different AV?, Thanks,


No. AVG is your Virus protection. MBAM is protecting against PUP (Potentially Unwanted Programs) and other malware and Rogue programs.

Please let me know what problem persists with this computer.

Edited by nasdaq, 27 November 2017 - 08:35 AM.


#5 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 27 November 2017 - 11:04 AM

Mail Delivery Subsystem <mailer-daemon@googlemail.com>
10:50 AM (0 minutes ago)
cleardot.gif
 
cleardot.gif
cleardot.gif
to me
cleardot.gif
 
 
 
 
 I tried to mail a post back but this was sent to my in box....I do not understand your instructions, I mean I followed up to note pad, then lost it mentally, not computer literate,sorry.. " Please copy the entire contents of the code box below to a new file." and " Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.".....

Tim



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 27 November 2017 - 01:53 PM

Hi,

Download the Fixlist.txt file attached. Place the file in this Desktop folder in bold. C:\Users\Tim\Desktop
This is were the farbar program is located.

Run FRST (the farbar program) and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Let me know what problem persists.

Attached Files



#7 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 27 November 2017 - 08:07 PM

Hi nasdaq, 
I was really Confused, but was able to figure it out by (drag & drop fix list into folder) Here is your requested log:Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Tim (27-11-2017 19:16:34) Run:1
Running from C:\Users\Tim\Desktop\FRST-OlderVersion
Loaded Profiles: Tim & Guest (Available Profiles: Tim & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
(© 2015 Microsoft Corporation) C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\addrbook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\avg driver updater.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brccboot.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brinstck.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brolink0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brscutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\brstmonw.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicexplorersettings.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicie_32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicshellupdate.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\classicstartmenu.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dsatray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpcustpartic.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mbam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pcfxset.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins001.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-10-14]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (No File)
GroupPolicy: Restriction <==== ATTENTION
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-3386813744-1969293527-735481815-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-11-26] (SlimWare Utilities, Inc.)
U0 aswVmm; no ImagePath
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
U2 ERSvc; no ImagePath
U2 IAStorDataMgrsvc; no ImagePath
U2 NIHardwareService; no ImagePath
U4 npcap_wifi; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
U2 srService; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {6648098E-9C85-4D31-9D29-15910CBE5E3C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7656ADD2-637A-49B9-BD5B-2163FC5FC827} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81F28D25-FD76-46E0-9A94-7CFBD52AD198} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {909B7741-1B6B-4F1C-970D-90D66C412A99} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -> No File <==== ATTENTION
Task: {91245DE5-488E-4A6D-B6F4-7DED8F800C96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C7E4B2E-E6A6-487B-9033-8B3AC9E3AADA} - System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ATTENTION
Task: {ABEE2E06-9083-4E46-BC19-0049023C84E8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DA4FECCE-33E1-4D3E-9643-20A155D7D694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E2C37FAE-6107-4123-9785-B2DF00782DE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {ED344779-9928-4A8E-B485-F4AFD5D28194} - System32\Tasks\{8620DA3A-B850-430D-BAF1-5488DAC413CD} => C:\Windows\system32\pcalua.exe -a C:\Users\Tim\AppData\Local\Temp\jre-8u141-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [143]
AlternateDataStreams: C:\Users\Tim\Downloads\dxwebsetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe:a [420]
AlternateDataStreams: C:\Users\Tim\Downloads\mbar-1.09.3.1001.exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\GlassWireSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe:BDU [0]
C:\Windows\System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2
C:\Windows\System32\DRIVERS\SWDUMon.sys
 
cmd: netsh winsock reset catalog
EmptyTemp:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Tim\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\addrbook.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avg driver updater.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brccboot.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brinstck.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brolink0.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brscutil.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brstmonw.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\classicexplorersettings.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\classicie_32.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\classicshellupdate.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\classicstartmenu.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dsatray.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\googleearth.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpcustpartic.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpwucli.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcfxset.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pdvdlaunchpolicy.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\realconverter.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\realplay.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\realtrimmer.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rnxproc.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rpsystray.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setup.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sidebar.exe => key not found
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins001.exe => key removed successfully
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007 => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
HKLM\Software\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key removed successfully
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
HKLM\Software\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found
HKLM\Software\Classes\PROTOCOLS\Handler\vipresg => key removed successfully
HKLM\Software\Classes\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\DrvAgent64 => key removed successfully
DrvAgent64 => service removed successfully
HKLM\System\CurrentControlSet\Services\ERSvc => key removed successfully
ERSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\IAStorDataMgrsvc => key removed successfully
IAStorDataMgrsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NIHardwareService => key removed successfully
NIHardwareService => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => key removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\NVSvc => key removed successfully
NVSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Parvdm => key removed successfully
Parvdm => service removed successfully
HKLM\System\CurrentControlSet\Services\SASDIFSV => key removed successfully
SASDIFSV => service removed successfully
HKLM\System\CurrentControlSet\Services\SASKUTIL => key removed successfully
SASKUTIL => service removed successfully
HKLM\System\CurrentControlSet\Services\srService => key removed successfully
srService => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6648098E-9C85-4D31-9D29-15910CBE5E3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6648098E-9C85-4D31-9D29-15910CBE5E3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7656ADD2-637A-49B9-BD5B-2163FC5FC827} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7656ADD2-637A-49B9-BD5B-2163FC5FC827} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81F28D25-FD76-46E0-9A94-7CFBD52AD198} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81F28D25-FD76-46E0-9A94-7CFBD52AD198} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{909B7741-1B6B-4F1C-970D-90D66C412A99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{909B7741-1B6B-4F1C-970D-90D66C412A99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91245DE5-488E-4A6D-B6F4-7DED8F800C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91245DE5-488E-4A6D-B6F4-7DED8F800C96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C7E4B2E-E6A6-487B-9033-8B3AC9E3AADA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7E4B2E-E6A6-487B-9033-8B3AC9E3AADA} => key removed successfully
C:\Windows\System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup\Delayed Startup\Tim\2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABEE2E06-9083-4E46-BC19-0049023C84E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABEE2E06-9083-4E46-BC19-0049023C84E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEA65F2D-8098-4DFD-B8FF-CEAF5AF39585} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA4FECCE-33E1-4D3E-9643-20A155D7D694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4FECCE-33E1-4D3E-9643-20A155D7D694} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC3E1EBE-2642-4AE8-8BE7-33C3936F5C3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2C37FAE-6107-4123-9785-B2DF00782DE8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C37FAE-6107-4123-9785-B2DF00782DE8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED344779-9928-4A8E-B485-F4AFD5D28194} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED344779-9928-4A8E-B485-F4AFD5D28194} => key removed successfully
C:\Windows\System32\Tasks\{8620DA3A-B850-430D-BAF1-5488DAC413CD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8620DA3A-B850-430D-BAF1-5488DAC413CD} => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully
C:\Users\Tim\Downloads\dxwebsetup.exe => ":BDU" ADS removed successfully
C:\Users\Tim\Downloads\IE9-Windows7-x64-enu.exe => ":a" ADS removed successfully
C:\Users\Tim\Downloads\mbar-1.09.3.1001.exe => ":BDU" ADS removed successfully
C:\Users\Tim\Documents\GlassWireSetup (1).exe => ":BDU" ADS removed successfully
C:\Users\Tim\Documents\mb3-setup-consumer-3.1.2.1733 (1).exe => ":BDU" ADS removed successfully
"C:\Windows\System32\Tasks\Avira\System Speedup\Delayed Startup\Tim\2" => not found.
C:\Windows\System32\DRIVERS\SWDUMon.sys => moved successfully
 
========= netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3156872 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 145584362 B
Edge => 0 B
Chrome => 450428737 B
Firefox => 0 B
Opera => 100683370 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 3087184 B
LocalService => 621924 B
NetworkService => 44322 B
Tim => 101894760 B
Guest => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 776.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:18:54 ====.......
Is there a tool to rid me of comodo at every login???, I Thank You for your Time/Mind, I Really do appreciate what You & the Rest at Bleeping Computers do for us less witty people, Again, Thank You.... 
I will monitor my computer for the next few day's and let You know.
Tim
PS. I tried to do windows update right after the Fix, it did not work, Also I went to windows features, it was Still Blank, Thanks
Tim  

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 28 November 2017 - 08:28 AM

Hi,

I have created a new Fixlist.txt which is attached to remove Comodo.

If the old version of the fixlist.txt list is still on your desktop please delete it.

Now download the attached fixlist.txt and drag & drop the file on your desktop.

Run the Farbar tool and hit the Fix button.

Comodo will be removed.

===

This may solve your Windows updates issues. Not sure. But we have to make sure that you have all the correct versions of the operating system files.

Check the integrity of the operating system files.
Run this command sfc /Scannow
How to here
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

Attached Files



#9 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 28 November 2017 - 12:57 PM

Hi nasdaq,

I now have a serious Problem, with the last fix.list;

I ran it, computer rebooted & turned on, But my Keyboard was dead/not lit up; I used all the normal procedures to get it back, power down computer/battery, unhooked keyboard powered up rehooked key board, and the "Normal" num. lock was lit up, (I thought-good all is well) NOT, was lit but No keystrokes would let me sign in, not even in safe mode; So I scratched my head & thought I will Try Virtual on screen keyboard, That Did Work [BUT] I had a double sign box? weird..So I tried my Keys to sign in and it WAS working, all the way up to the point where I use the " Mouse" to click the blue sign in button, as soon as I did ERROR unrecognized mouse,Not exact wording,But something like that....So I had NO Computer, I had One more thing to try, Boot in Safe mode w/networking, it worked Otherwise, I could Not Write You;

Also when I run Malwarebytes Adware cleaner, it found 22 items, I hit Clean and it freezes up(I Think the BUG Blocks it), Attached is a pic of what it does...Thanks; I think/know the fix list killed my keyboard OR the Bug is trying to Block it?????? here is the snap shot of what I saw:::Also here is the frst log:::Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017

Ran by Tim (28-11-2017 11:00:32) Run:2
Running from C:\Users\Tim\Desktop\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: Tim (Available Profiles: Tim & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
AV: COMODO Antivirus (Disabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AS: COMODO Advanced Protection (Disabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
FW: COMODO Firewall (Disabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
COMODO Antivirus (HKLM\...\{01182FCE-8E8E-419F-8745-24236D28F2F9}) (Version: 10.0.2.6396 - COMODO Security Solutions Inc.) Hidden
S4 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10872400 2017-10-30] (COMODO)
S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-10-30] (COMODO)
R1 cmdcss; C:\Windows\system32\drivers\cmdcss.sys [112152 2017-10-20] (COMODO)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2017-10-20] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [849248 2017-10-20] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2017-10-20] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-10-20] (COMODO)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-08-07] (COMODO)
Task: {080C7001-8A1E-4B53-B677-8DDF86A3C613} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {40EBAA5C-47CB-4311-ACEE-21AC79AD29E8} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2017-10-30] (COMODO)
Task: {6E6E0902-A091-4AE5-A08F-C90280FAE70E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-10-30] (COMODO)
Task: {7D19A181-9092-4858-9146-599B609C2EA7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {BB99BDC8-1993-42AF-ADD3-A3C9B00698F6} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
Task: {F50553BF-D66B-4C32-9FBA-8C25E7661518} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-10-30] (COMODO)
C:\Program Files\COMODO
C:\Windows\system32\drivers\cmdcss.sys
C:\Windows\System32\DRIVERS\cmderd.sys
C:\Windows\System32\DRIVERS\cmdguard.sys
C:\Windows\System32\DRIVERS\cmdhlp.sys
C:\Windows\System32\DRIVERS\inspect.sys
C:\Windows\system32\drivers\isedrv.sys
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\Windows\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921}
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}
C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}
C:\Windows\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
AV: COMODO Antivirus (Disabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD} => removed successfully
AS: COMODO Advanced Protection (Disabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} => removed successfully
FW: COMODO Firewall (Disabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01182FCE-8E8E-419F-8745-24236D28F2F9}\\SystemComponent => value removed successfully
HKLM\System\CurrentControlSet\Services\CmdAgent => key removed successfully
CmdAgent => service removed successfully
HKLM\System\CurrentControlSet\Services\cmdvirth => key removed successfully
cmdvirth => service removed successfully
cmdcss => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cmdcss => key removed successfully
cmdcss => service removed successfully
cmderd => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cmderd => key removed successfully
cmderd => service removed successfully
cmdGuard => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cmdGuard => key removed successfully
cmdGuard => service removed successfully
cmdHlp => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cmdHlp => key removed successfully
cmdHlp => service removed successfully
inspect => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\inspect => key removed successfully
inspect => service removed successfully
isedrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\isedrv => key removed successfully
isedrv => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{080C7001-8A1E-4B53-B677-8DDF86A3C613} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{080C7001-8A1E-4B53-B677-8DDF86A3C613} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40EBAA5C-47CB-4311-ACEE-21AC79AD29E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40EBAA5C-47CB-4311-ACEE-21AC79AD29E8} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E6E0902-A091-4AE5-A08F-C90280FAE70E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E6E0902-A091-4AE5-A08F-C90280FAE70E} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D19A181-9092-4858-9146-599B609C2EA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D19A181-9092-4858-9146-599B609C2EA7} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BB99BDC8-1993-42AF-ADD3-A3C9B00698F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB99BDC8-1993-42AF-ADD3-A3C9B00698F6} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50553BF-D66B-4C32-9FBA-8C25E7661518} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50553BF-D66B-4C32-9FBA-8C25E7661518} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => key removed successfully
C:\Program Files\COMODO => moved successfully
C:\Windows\system32\drivers\cmdcss.sys => moved successfully
C:\Windows\System32\DRIVERS\cmderd.sys => moved successfully
C:\Windows\System32\DRIVERS\cmdguard.sys => moved successfully
C:\Windows\System32\DRIVERS\cmdhlp.sys => moved successfully
C:\Windows\System32\DRIVERS\inspect.sys => moved successfully
C:\Windows\system32\drivers\isedrv.sys => moved successfully
"C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}" => not found.
"C:\Windows\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:01:58 ====  

Attached Files


Edited by bonezz777, 28 November 2017 - 01:24 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 28 November 2017 - 01:57 PM


Refer to this article and read it.

https://www.ghacks.net/2015/07/21/how-to-disable-driver-updates-from-windows-update/


Under this section.
You may use the Windows Registry to modify the driver update preference instead.

Start regedit and look at the value for SearchOrderConfig

Make sure it set to 2

You may also have to check

Method 3: Group Policy Editor

If at any time you need help to proceed please ask.

#11 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 28 November 2017 - 02:56 PM

Hi  nasdaq,

I told you at the beginning I could Not know computers Basic use only;

I was able to use my keyboard & Computer Until Your last fix, Not only did it Not remove comodo, it Disabled my keyboard & my log in;

If you do not know what your doing, Contact Your supervisor; Thanks,Tim:::::::::::::::::I now have a serious Problem, with the last fix.list;

I ran it, computer rebooted & turned on, But my Keyboard was dead/not lit up; I used all the normal procedures to get it back, power down computer/battery, unhooked keyboard powered up rehooked key board, and the "Normal" num. lock was lit up, (I thought-good all is well) NOT, was lit but No keystrokes would let me sign in, not even in safe mode; So I scratched my head & thought I will Try Virtual on screen keyboard, That Did Work [BUT] I had a double sign box? weird..So I tried my Keys to sign in and it WAS working, all the way up to the point where I use the " Mouse" to click the blue sign in button, as soon as I did ERROR unrecognized mouse,......

​I'm not being ungrateful/mean  It's just I'm old man on Disability & cant afford a Computer shop, ​ I Need my computer to communicate w/SSDI and wellcare; And I DON'T know how to do these things you ask, I looked everywhere for that order config, even put in the FIND box of that page, Said No Topic Found........Tim


Edited by bonezz777, 28 November 2017 - 03:27 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 29 November 2017 - 08:34 AM



Hi,

Let find out if you can restore your system to a recommended date.

Go to this page.
http://www.microcenter.com/tech_center/article/2863/how_to_run_a_system_restore_in_safe_mode_windows_7

Read the article and proceed to restore you system to a recommended date.

As you can see in the article (image) you can choose a Different Restore point.

You can then choose a date prior to the beginning of your computer problems.

If at any time you need advice before proceeding please ask.

If you choose a restore point let it finish it may take a few hours.

#13 bonezz777

bonezz777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 AM

Posted 30 November 2017 - 08:42 AM

Hi,

I know how to do system restore, I tried in regular/safe mode, I also looked for hours to find restore point from FRST, Finally found it hit enter, AND it WIPED out my computer, I had Nothing, All Because that last "FIX Code", I had a Working computer Until Then, and I was able to Contact You ONLY Through Safe mode; But then I found & Ran FRST Restore point; Once rebooted, I had Nothing But a Black Screen, Not Even Safe mode; I found my Original Windows disk, inserted it, and ONLY then,was I able to see my Computer; And I went to Windows Properties, And It Was Empty; My Computer & all it's Contents GONE!; It took Me Hours to install windows,hp drivers, frame work etc etc.....My computer is NOT Fully Functional Yet.....

For a Old man, that knows NOTHING about computers, this was VERY Stressing & Aggravating; I still have a lot to do yet, I DON'T know if Your fix code done this, OR the Virus??.......All I Do Know is I Don't Trust ANYBODY Any More.....GOOD Day & GOOD BY......



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 30 November 2017 - 02:03 PM

I'm sorry you feel that way.

I have suggested may fixes and nothing like that has ever happened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users