[SOLVED] WU Thread 17707 - For BrianDrab

OK, let's get started.

Step#1 - Warnings
#1 - The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

Please uninstall the following Peer-to-Peer program(s): qBittorrent 3.2.4

#2 - Registry Cleaning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools


Step#2 - Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Step#3 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
Holaâ„¢ 1.10.317 - Better Internet - (see here, here, here and here if you need convincing)
Skype Click to Call


Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner
Danger

.txt

Danger

as well.


Items for your next post
1. Fixlog.txt
2. Adwcleaner.txt

 

Attachments

Note: I could not uninstall Skype Click to Call. I got error code 2503 followed by 2502


  • The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503.
  • The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502.

Contents of Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Joshua (2015-11-09 17:48:06) Run:1
Running from C:\Users\Joshua\Desktop
Loaded Profiles: Joshua (Available Profiles: Joshua)
Boot Mode: Normal
==============================================


fixlist content:
*****************
CreateRestorePoint:
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2031232 2015-11-08] (Hola Networks Ltd.)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk [2015-10-06]
ShortcutTarget: x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk -> C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}\x art angelica good night kiss 1080p mp4 pornleech t10354206.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53720;https=127.0.0.1:53720
RemoveProxy:
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-11-08] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-11-08] (Hola)
FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-05] ()
FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-05] (Hola)
FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/FlashPlayer -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-05] ()
FF Plugin HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc -> C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-05] (Hola)
FF Extension: Hola Better Internet - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\f30p0o61.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-11-05] [not signed]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-08]
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8126592 2015-11-08] (Hola Networks Ltd.)
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.)
S3 WinRing0_1_2_0; \??\D:\uTorrent Downloads\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
Task: {0FF42913-D390-4A83-AE93-E7BE889FC2FD} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {12109814-316B-4B9D-8A97-B56EEFC35727} - \GPUP -> No File <==== ATTENTION
Task: {1DADB620-2365-4C4C-A6EE-4C8C98250FB5} - \Inst_Rep -> No File <==== ATTENTION
Task: {67460191-824B-4AF8-957F-897E198401C4} - \Smp -> No File <==== ATTENTION
Task: {6E98D15F-38C4-4A72-AB54-8D75C2D6D67D} - System32\Tasks\q5S0ufZaM7kEsN => C:\Users\Joshua\AppData\Roaming\q5S0ufZaM7kEsN.exe <==== ATTENTION
Task: {78A285E5-303E-48A2-8AE5-2DF0A4B157C5} - \Jelbrus Secure Web Task -> No File <==== ATTENTION
Task: {9019EEFB-7133-4694-A4C9-7FFFB1B94413} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {90C15D79-12DA-4B2D-B097-381D9FE4B9DE} - \SMW_UpdateTask_Time_323836383030323230342d375b553441415045575a4a6c -> No File <==== ATTENTION
Task: {A9519FD6-6826-4237-81DA-30CE07071F14} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {B4E23D7A-D0D4-4C33-8497-CE28E911C54F} - \IBUpd -> No File <==== ATTENTION
Task: {C05BAA1E-BCFA-469E-BB37-097D019F67FE} - System32\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15 => C:\Users\Joshua\AppData\Roaming\Z5gVwJr6AsMBo2zsej18OCHsm15.exe <==== ATTENTION
Task: {F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F} - System32\Tasks\dpqlgVd => C:\Users\Joshua\AppData\Roaming\dpqlgVd.exe <==== ATTENTION
Task: {FA0BE9B3-2897-40B9-A916-0C5F8988B6F9} - System32\Tasks\AtaomK7uBOhTd1iUX => C:\Users\Joshua\AppData\Roaming\AtaomK7uBOhTd1iUX.exe <==== ATTENTION
Task: C:\Windows\Tasks\AtaomK7uBOhTd1iUX.job => C:\Users\Joshua\AppData\Roaming\AtaomK7uBOhTd1iUX.exe <==== ATTENTION
Task: C:\Windows\Tasks\dpqlgVd.job => C:\Users\Joshua\AppData\Roaming\dpqlgVd.exe <==== ATTENTION
Task: C:\Windows\Tasks\q5S0ufZaM7kEsN.job => C:\Users\Joshua\AppData\Roaming\q5S0ufZaM7kEsN.exe <==== ATTENTION
Task: C:\Windows\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15.job => C:\Users\Joshua\AppData\Roaming\Z5gVwJr6AsMBo2zsej18OCHsm15.exe <==== ATTENTION
EmptyTemp:
*****************


Restore point was successfully created.
C:\Program Files\Hola\app\hola_svc.exe => No running process found
C:\Program Files\Hola\app\hola_updater.exe => No running process found
C:\Program Files\Hola\app\hola.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value not found.
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x art angelica good night kiss 1080p mp4 pornleech t10354206.lnk => moved successfully
C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}\x art angelica good night kiss 1080p mp4 pornleech t10354206.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully


========= RemoveProxy: =========


HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully




========= End of RemoveProxy: =========


"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Joshua\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => moved successfully
"HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
"HKU\S-1-5-21-1107761083-2953826425-3119506108-1001\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => moved successfully
HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@hola.org/FlashPlayer => key not found.
C:\Users\Joshua\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll => not found.
HKU\S-1-5-21-1107761083-2953826425-3119506108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@hola.org/vlc => key not found.
C:\Users\Joshua\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => not found.
C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\f30p0o61.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack => moved successfully
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => not found
hola_svc => service not found.
hola_updater => service not found.
WinRing0_1_2_0 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FF42913-D390-4A83-AE93-E7BE889FC2FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF42913-D390-4A83-AE93-E7BE889FC2FD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12109814-316B-4B9D-8A97-B56EEFC35727}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12109814-316B-4B9D-8A97-B56EEFC35727}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DADB620-2365-4C4C-A6EE-4C8C98250FB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DADB620-2365-4C4C-A6EE-4C8C98250FB5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67460191-824B-4AF8-957F-897E198401C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67460191-824B-4AF8-957F-897E198401C4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E98D15F-38C4-4A72-AB54-8D75C2D6D67D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E98D15F-38C4-4A72-AB54-8D75C2D6D67D}" => key removed successfully
C:\Windows\System32\Tasks\q5S0ufZaM7kEsN => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\q5S0ufZaM7kEsN" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78A285E5-303E-48A2-8AE5-2DF0A4B157C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A285E5-303E-48A2-8AE5-2DF0A4B157C5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9019EEFB-7133-4694-A4C9-7FFFB1B94413}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9019EEFB-7133-4694-A4C9-7FFFB1B94413}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90C15D79-12DA-4B2D-B097-381D9FE4B9DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90C15D79-12DA-4B2D-B097-381D9FE4B9DE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323836383030323230342d375b553441415045575a4a6c => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9519FD6-6826-4237-81DA-30CE07071F14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9519FD6-6826-4237-81DA-30CE07071F14}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4E23D7A-D0D4-4C33-8497-CE28E911C54F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4E23D7A-D0D4-4C33-8497-CE28E911C54F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C05BAA1E-BCFA-469E-BB37-097D019F67FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C05BAA1E-BCFA-469E-BB37-097D019F67FE}" => key removed successfully
C:\Windows\System32\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Z5gVwJr6AsMBo2zsej18OCHsm15" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EF9DE2-2E06-4622-AC82-1D39D4DC0F4F}" => key removed successfully
C:\Windows\System32\Tasks\dpqlgVd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dpqlgVd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA0BE9B3-2897-40B9-A916-0C5F8988B6F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0BE9B3-2897-40B9-A916-0C5F8988B6F9}" => key removed successfully
C:\Windows\System32\Tasks\AtaomK7uBOhTd1iUX => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AtaomK7uBOhTd1iUX" => key removed successfully
C:\Windows\Tasks\AtaomK7uBOhTd1iUX.job => moved successfully
C:\Windows\Tasks\dpqlgVd.job => moved successfully
C:\Windows\Tasks\q5S0ufZaM7kEsN.job => moved successfully
C:\Windows\Tasks\Z5gVwJr6AsMBo2zsej18OCHsm15.job => moved successfully
EmptyTemp: => 512.9 MB temporary data Removed.




The system needed a reboot.


==== End of Fixlog 17:48:34 ====

Contents of AdwCleaner[C3].txt:

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 17:56:48
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Joshua - JOSHS_MSI
# Running from : C:\Users\Joshua\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib


***** [ Services ] *****




***** [ Folders ] *****


[-] Folder Deleted : C:\Program Files\Hola
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\ProgramData\{5810fe60-34b0-8353-5810-0fe6034bf980}
[-] Folder Deleted : C:\Users\Joshua\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Joshua\AppData\Local\Hola
[-] Folder Deleted : C:\Users\Joshua\AppData\Roaming\Hola


***** [ Files ] *****




***** [ DLLs ] *****




***** [ Shortcuts ] *****




***** [ Scheduled tasks ] *****




***** [ Registry ] *****


[-] Key Deleted : HKLM\SOFTWARE\3e1919de-44ab-4cc2-b4d9-a5faece0cc68
[-] Key Deleted : HKLM\SOFTWARE\4c702055-3100-47f7-a332-73747362fea8
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2C09954F-CDA8-4BD1-8794-1D543E050378}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_


***** [ Web browsers ] *****




*************************


:: "Tracing" keys removed
:: Winsock settings cleared


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [5106 bytes] ##########
 
Thanks for the info. Please now do the following.

Step#1 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Items for your next post
1. JRT log
2. Rootkit Scan results
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by Joshua on 2015-11-09 at 19:42:53.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Tasks






~~~ Registry Values


Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404






~~~ Registry Keys






~~~ Files






~~~ Folders


Successfully deleted: [Folder] C:\Users\Joshua\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Joshua\Appdata\Local\installer
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin






~~~ Chrome




[C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


[C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


[C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


[C:\Users\Joshua\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-11-09 at 19:44:29.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-09 19:48:56
-----------------------------
19:48:56.193 OS Version: Windows x64 6.2.9200
19:48:56.193 Number of processors: 8 586 0x3C03
19:48:56.193 ComputerName: JOSHS_MSI UserName: Joshua
19:48:56.378 Initialize success
19:48:56.483 VM: initialized successfully
19:48:56.484 VM: Intel CPU supported
19:49:00.649 VM: disk I/O iaStorA.sys
19:51:53.144 AVAST engine defs: 15110902
19:52:10.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e
19:52:10.328 Disk 0 Vendor: TOSHIBA_THNSNJ128G8NU JUXA0102 Size: 122104MB BusType: 11
19:52:10.330 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003f
19:52:10.332 Disk 1 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
19:52:10.339 Disk 0 MBR read successfully
19:52:10.341 Disk 0 MBR scan
19:52:10.347 Disk 0 unknown MBR code
19:52:10.349 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
19:52:10.377 Disk 0 scanning C:\Windows\system32\drivers
19:52:17.224 Service scanning
19:52:34.409 Modules scanning
19:52:34.426 Disk 0 trace - called modules:
19:52:34.441 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:52:34.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001927de060]
19:52:34.457 3 CLASSPNP.SYS[fffff800dcb9e170] -> nt!IofCallDriver -> [0xffffe00190189520]
19:52:34.461 5 ACPI.sys[fffff800dcef2c21] -> nt!IofCallDriver -> [0xffffe0019018b9f0]
19:52:34.466 7 ACPI.sys[fffff800dcef2c21] -> nt!IofCallDriver -> \Device\0000003e[0xffffe0019018b060]
19:52:34.613 AVAST engine scan C:\Windows
19:52:35.519 AVAST engine scan C:\Windows\system32
19:55:26.591 AVAST engine scan C:\Windows\system32\drivers
19:55:33.666 AVAST engine scan C:\Users\Joshua
19:59:59.666 AVAST engine scan C:\ProgramData
20:01:16.787 Disk 0 statistics 5938096/0/0 @ 3693.58 MB/s
20:01:16.791 Scan finished successfully
21:41:17.503 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
21:41:17.508 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"
 
Thanks. Last few things.

Step#1 - Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.

Note: If you don't use Java or don't know if you need it I would uninstall it.

If you wish to keep it please follow the instructions below to update to the newest version.
1. Click the Start button
2. Type Java
3. Click on Configure Java in the search results
4. Click the Update tab
5. Click the Update Now button and allow the update to download/install.

Step#2 - Malwarebytes Scan

  • Open Malwarebytes. I see you have it installed.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG
    .

Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG


5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG



Step#4 - Fresh Set of Logs

1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.



Items for your next post
1. Malwarebytes log
2. FRST and Addition logs
 
Hi BrianDrab,

How are we doing here? Making any progress? Any idea what the source of the problem is yet?

When I tried to uninstall Jave 8 Update 40 I got the same error code as with Skype Click to Call (2503 and 2502).

Malwarebytes Anti-Malware
www.malwarebytes.org


Scan Date: 2015-11-10
Scan Time: 8:41 AM
Logfile:
Administrator: Yes


Version: 2.2.0.1024
Malware Database: v2015.11.10.03
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled


OS: Windows 8.1
CPU: x64
File System: NTFS
User: Joshua


Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442696
Time Elapsed: 17 min, 45 sec


Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled


Processes: 0
(No malicious items detected)


Modules: 0
(No malicious items detected)


Registry Keys: 0
(No malicious items detected)


Registry Values: 0
(No malicious items detected)


Registry Data: 0
(No malicious items detected)


Folders: 0
(No malicious items detected)


Files: 0
(No malicious items detected)


Physical Sectors: 0
(No malicious items detected)




(end)
 

Attachments

Your logs look very clean so yes we are making progress. Let's focus on your issues now. I need you to run a chkdsk.

Step#1 - ChkDsk Scan
1. Right-click your Start button and select Command Prompt (Admin). Answer Yes to allow if the User Account Control dialog comes up.
2. You should now have a black window open that you can type in to.
3. Please type chkdsk and then press enter.
4. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.
Chkdsk.JPG


5. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
6. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
Please copy the contents of this file and paste into your next post.
 
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013


------< Log generate on 2015-11-10 9:42:49 AM >------
Category: 0
Computer Name: Joshs_MSI
Event Code: 26212
Record Number: 116940
Source Name: Chkdsk
Time Written: 11-10-2015 @ 14:42:37
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.


WARNING! F parameter not specified.
Running CHKDSK in read-only mode.


Stage 1: Examining basic file system structure ...


846592 file records processed.


File verification completed.


8277 large file records processed.




0 bad file records processed.




Stage 2: Examining file name linkage ...


1028072 index entries processed.


Index verification completed.


0 unindexed files scanned.




0 unindexed files recovered.




Stage 3: Examining security descriptors ...
Security descriptor verification completed.


90741 data files processed.


CHKDSK is verifying Usn Journal...


38851328 USN bytes processed.


Usn Journal verification completed.


Windows has scanned the file system and found no problems.
No further action is required.


123980799 KB total disk space.
96943764 KB in 690548 files.
418804 KB in 90742 indexes.
0 KB in bad sectors.
970923 KB in use by the system.
65536 KB occupied by the log file.
25647308 KB available on disk.


4096 bytes in each allocation unit.
30995199 total allocation units on disk.
6411827 allocation units available on disk.


-----------------------------------------------------------------------
Category: 0
Computer Name: Joshs_MSI
Event Code: 26212
Record Number: 116843
Source Name: Chkdsk
Time Written: 11-10-2015 @ 14:35:47
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.


WARNING! F parameter not specified.
Running CHKDSK in read-only mode.


Stage 1: Examining basic file system structure ...


846592 file records processed.


File verification completed.


8261 large file records processed.




0 bad file records processed.




Stage 2: Examining file name linkage ...


1028066 index entries processed.


Index verification completed.


0 unindexed files scanned.




0 unindexed files recovered.




Stage 3: Examining security descriptors ...
Security descriptor verification completed.


90738 data files processed.


CHKDSK is verifying Usn Journal...


38165592 USN bytes processed.


Usn Journal verification completed.


Windows has scanned the file system and found no problems.
No further action is required.


123980799 KB total disk space.
96816588 KB in 690491 files.
418792 KB in 90739 indexes.
0 KB in bad sectors.
969899 KB in use by the system.
65536 KB occupied by the log file.
25775520 KB available on disk.


4096 bytes in each allocation unit.
30995199 total allocation units on disk.
6443880 allocation units available on disk.


-----------------------------------------------------------------------
Category: 0
Computer Name: Joshs_MSI
Event Code: 1001
Record Number: 107215
Source Name: Microsoft-Windows-Wininit
Time Written: 11-09-2015 @ 02:31:14
Event Type: Information
User:
Message:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.


A disk check has been scheduled.
Windows will now check the disk.


Stage 1: Examining basic file system structure ...
832768 file records processed.


File verification completed.
8355 large file records processed.


0 bad file records processed.




Stage 2: Examining file name linkage ...
1017878 index entries processed.


Index verification completed.
0 unindexed files scanned.


0 unindexed files recovered.




Stage 3: Examining security descriptors ...
Cleaning up 2219 unused index entries from index $SII of file 0x9.
Cleaning up 2219 unused index entries from index $SDH of file 0x9.
Cleaning up 2219 unused security descriptors.
Security descriptor verification completed.
92556 data files processed.


CHKDSK is verifying Usn Journal...
36150424 USN bytes processed.


Usn Journal verification completed.


Stage 4: Looking for bad clusters in user file data ...
832752 files processed.


File data verification completed.


Stage 5: Looking for bad, free clusters ...
978541 free clusters processed.


Free space verification is complete.


Windows has made corrections to the file system.
No further action is required.


123980799 KB total disk space.
118678516 KB in 721658 files.
433644 KB in 92557 indexes.
0 KB in bad sectors.
954471 KB in use by the system.
65536 KB occupied by the log file.
3914168 KB available on disk.


4096 bytes in each allocation unit.
30995199 total allocation units on disk.
978542 allocation units available on disk.


Internal Info:
00 b5 0c 00 8f 6c 0c 00 66 78 16 00 00 00 00 00 .....l..fx......
eb 02 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........


Windows has finished checking your disk.
Please wait while your computer restarts.


-----------------------------------------------------------------------
Category: 0
Computer Name: Joshs_MSI
Event Code: 26226
Record Number: 107076
Source Name: Chkdsk
Time Written: 11-09-2015 @ 01:27:37
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.


Checking file system on D:
Volume label is Data.


Stage 1: Examining basic file system structure ...

106752 file records processed.


File verification completed.

748 large file records processed.



0 bad file records processed.




Stage 2: Examining file name linkage ...

119698 index entries processed.


Index verification completed.








Stage 3: Examining security descriptors ...
Security descriptor verification completed.

6474 data files processed.


CHKDSK is verifying Usn Journal...

37789560 USN bytes processed.


Usn Journal verification completed.


Windows has scanned the file system and found no problems.
No further action is required.


962025471 KB total disk space.
503824668 KB in 99490 files.
28024 KB in 6475 indexes.
239183 KB in use by the system.
65536 KB occupied by the log file.
457933596 KB available on disk.


4096 bytes in each allocation unit.
240506367 total allocation units on disk.
114483399 allocation units available on disk.


----------------------------------------------------------------------




Stage 1: Examining basic file system structure ...


Stage 2: Examining file name linkage ...


Stage 3: Examining security descriptors ...


Windows has scanned the file system and found no problems.
No further action is required.


-----------------------------------------------------------------------
 
Good. Are you still having the following issues?

Programs such as Google Chrome, Firefox, and Adobe Reader routinely stop respondingApplications won't open or come to the front after being minimized to the toolbar
Click to expand...
 
At the moment, I cannot replicate either of those problems, but I will keep trying to.

An issue I am experiencing currnetly is that Windows seems to have deactivated (Windows 8.1 came pre-installed on my laptop).

I go to Control Panel > System and Security > System, and under Windows activation I see:

Windows is not activated
Product ID: Not Available

I click on Activate Windows which brings me to a screen that says "Activate Windows" and "Thanks, you're all done" but when I check again, Windows is still not activated.
 
Update: I encountered the issue with Adobe Reader. At first, I could bring the program itself up from the taskbar but with multiple documents open, I couldn't (from the taskbar) open a specific document. Then Adobe Reader stopped responding.
 
Please do the following and let me know when done.

Step#1 - Run Windows Repairs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
Extract.JPG

3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
Capture.JPG



6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
10. Please click the Unselect All button and then click to enable only the following ones:


03 - Reset Service Permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
10 - Remove Policies Set By Infection
14 - Remove Temp Files
15 - Repair Proxy Settings
21 - Repair MSI (Windows Installer)


11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
StartRepairsWithReboot.JPG

12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
 
Thanks. Please do the following.

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

FYI: I got a message from the Action Center that I needed to verify my account on my PC and I did. I didn't check in between Windows Repairs and doing that (whoops), but now Windows is activated again.

What still concerns me is that I figured if all was fixed, I would see the "Get Windows 10" app, since I have a legitimate copy of Windows 8.1, but I still am not seeing that. I am not positive that that's relevant, just bringing it up in case it is.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Joshua (2015-11-10 12:11:12) Run:2
Running from C:\Users\Joshua\Desktop
Loaded Profiles: Joshua (Available Profiles: Joshua)
Boot Mode: Normal
==============================================


fixlist content:
*****************
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security


*****************




========= wevtutil cl application =========




========= End of CMD: =========




========= wevtutil cl system =========




========= End of CMD: =========




========= wevtutil cl security =========




========= End of CMD: =========




==== End of Fixlog 12:11:12 ====
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top