Main Forum > General Computer Support

Windows 7 Ult 64 bit trapped by BSD and can not get out.

<< < (56/71) > >>

Boggin:
Try a sfc /scannow from that prompt.

FreeCat:
OK,
It took a while.  Here is the screen:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Morgan Pierce Parker>
C:\Users\Morgan Pierce Parker>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Users\Morgan Pierce Parker>

Boggin:
You shouldn't have been able to do that from that level of cmd prompt.

When you select the cmd prompt to Run as administrator you will find that findstr cmd will produce the desktop icon for the CBS log as I've described.

Boot up into Safe Mode with Networking and open Windows Repair and run just the Permissions repairs to see if that puts things right.

See if you can still perform a sfc /scannow from the Users cmd prompt after the reboot.

FreeCat:
ok Boggin, I will do that in the safe mode later today.
Currently, I am using the machine for work and can not reboot.

But, I did do a Malware Bytes scan and some thing have shown up:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/4/18
Scan Time: 2:16 AM
Log File: b9e38b54-37cf-11e8-9250-00ff83c10af3.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4608
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 807126
Threats Detected: 12
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 41 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}, No Action By User, [314], [238383],1.0.4608

Registry Value: 4
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|DISPLAYNAME, No Action By User, [314], [238383],1.0.4608
PUP.Optional.TNT, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|OSDFILEURL, No Action By User, [6695], [244085],1.0.4608
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|FAVICONURL, No Action By User, [314], [238383],1.0.4608
PUP.Optional.FindWide, HKU\S-1-5-21-2396228472-3482715812-2186985281-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E8307B89-5F41-4591-83AE-91CC210327DF}|URL, No Action By User, [314], [238383],1.0.4608

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\EXTENSIONS\PHAHNHBGFDHGOBENEBNJBGMACGPBFAAG, No Action By User, [1229], [373186],1.0.4608

File: 4
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\computed_hashes.json, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FastestTube, C:\Users\Morgan Pierce Parker\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.4.0.19_0\_metadata\verified_contents.json, No Action By User, [1229], [373186],1.0.4608
PUP.Optional.FindWide, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [314], [301558],1.0.4608
PUP.Optional.Freshy, C:\USERS\MORGAN PIERCE PARKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZYGI7OP.DEFAULT\PREFS.JS, No Action By User, [277], [301562],1.0.4608

Physical Sector: 0
(No malicious items detected)


(end)
===============================

I think I should quarantine these, but I will wait for your opinion.

I do not know how these PUPs get there.  I plan to uninstall MalwareBytes and put on Avast on the next boot.  Would that stop these PUPs?

I see that two of these are for FireFox.  I only use FireFox when GoToMeeting is used as that does not work with Opera.  Is there another supplementary browser you would suggest.  I have been running Opera for ten years and, to me, it is the best.

Boggin:
I would keep MBAM as it's an excellent antimalware scanner, but if you read the report, it says no action by user.

They are just browser extensions which a website may have put in.

I only ever use IE - currently IE 11.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version