Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with Unwanted Websites and WordFence


  • Please log in to reply

#16
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 394 posts

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 19:22:51) Run:7
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s

*****************


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 19:22:52 ====


  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,068 posts

Lets fix:

 

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
@="Action Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}]
@="Windows Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}]
@="Windows Defender"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:00000000

EndRegedit:
Reboot:
End::

 

 

Run FSS after a restart. Check your Control Pannel.


  • 0

#18
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 394 posts

Action Center, Windows Update and Windows Defender icons are now all showing in Control Panel.

 

Logs are below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 19:30:37) Run:8
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
@="Action Center"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}]
@="Windows Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}]
@="Windows Defender"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:00000000
EndRegedit:
Reboot:

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

====> Registry


The system needed a reboot.

==== End of Fixlog 19:30:38 ====

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 17-01-2019 at 19:32:18
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,068 posts

Outstanding, congratulations.

 

Windows Defender is disabled, perhaps is AVG as certain antivirus programs will disable Windows Defender. Lets delete the entire value and see

Run this fix:

 

Start::

Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /f

End::

 

 

Then run Services.msc

 

Scroll down to Windows Defender and double click on it. Make sure is either automatic or a delayed start. Start the service

 

Let me know the outcome.


  • 0

#20
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 394 posts

Unfortunately,  I need to run an errand right now.  I will follow your instructions later this evening and then post a reply.  Thank you very much for your help so far!


  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,068 posts

Very well. I'll be back in the a.m.. Good night.


  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP