Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Command Center wants to make changes to my computer, can't click no

08 Aug 2014   #1
uapaul

Windows 7 Home Premium 64bit
 
 
Command Center wants to make changes to my computer, can't click no

A few seconds after logging into my computer, I receive this message:

Do you want the following program to make changes to you computer?

It's from Command Center and the file origin is from my Hard Drive. When I show info about the pubisher's certificate it says that it's "ok" and show that it came from microsoft root authority. The validity of it expired in 2011. If I click on yes the message goes away until the next time i log onto my computer.

However, if I click on no instead of yes the message almost instantly pops up again. If I click on the x in the corner, the message goes away for about 2 seconds and comes right back. I can ctrl alt delete and open task manager, which get's rid of a message for few seconds only for it to come back in the taskbar. It stays there until I click yes.

I'm afraid that this is malware and that it's affecting my computer a lot. For example my CPU and network usage spikes randomly and it seems like my computer is slower than usual. Recently I've been having a lot of trouble with malware infection and I have been following these steps to delete it however I am wary about JUnkware Removal Tool. How to easily clean an infected computer (Malware Removal Guide)

If I anyone is able to help me with this, it would be greatly appreciated.


My System SpecsSystem Spec
.
08 Aug 2014   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.

****Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
08 Aug 2014   #3
uapaul

Windows 7 Home Premium 64bit
 
 

Sorry, I'm a bit new to this. What exactly is script blocking protection and how do I disable it?
My System SpecsSystem Spec
.

08 Aug 2014   #4
uapaul

Windows 7 Home Premium 64bit
 
 

I scanned with dds, here is the dds notepad and the zipped attach file


Attached Files
File Type: txt dds.txt (28.1 KB, 4 views)
File Type: zip attach.zip (3.5 KB, 0 views)
My System SpecsSystem Spec
09 Aug 2014   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I see three antivirus programs running ... Avira, Avast and AVG.


Please uninstall two of those programs. These programs run on your systems resources, and most likely are fighting each other for those resources. They could also be fighting each other's virus definitions.


Only run one Antivirus program.


Download AVAST Software Uninstall Utility
Special Note: Needs to be started from Safe Mode, the program will offer to reboot you into Safe Mode on launch. If you did not install the Avast product to the default install location, you need to point to it in the box.


Download AVG Remover
Supports all AVG products. The Remover Tool is usually the top two links on the page. Make sure to download the correct 32-bit or 64-bit version. Currently there are separate removers AVG 2012 and 2013 products.


Download Avira RegistryCleaner
Avira’s removal tool is more of a registry cleaner to clean any left over keys the software has created. It scans HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE by default. If you need to expand the search, click the Configuration button and select the other keys.


After you have removed any two of the above, Please download AdwCleaner by Xplode and save to your Desktop.
Step #1.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Step #2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs
My System SpecsSystem Spec
09 Aug 2014   #6
uapaul

Windows 7 Home Premium 64bit
 
 

I uninstalled avast, however to my knowledge I never downloaded avira. I searched my computer for "avira" and nothing came up. Is it possible Sophos Virus Remover or another malware remover is being recognized as avira or could a virus be masking itself as avira?


Attached Thumbnails
Command Center wants to make changes to my computer, can't click no-avira-hiding.png  
My System SpecsSystem Spec
10 Aug 2014   #7
andrew129260

Windows 10 Pro
 
 

Good job. Could you take screenshots of the uac prompt and the info of the file?

Please continue with the adwcleaner instructions jacee advised.

While you wait for jacee, I was wondering if you could also post this log for me?

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING.

Attached Images
My System SpecsSystem Spec
10 Aug 2014   #8
uapaul

Windows 7 Home Premium 64bit
 
 

I'm not able to take a screenshot of the uac prompt because it greys out the rest of the screen and I tried pressing ctrl printscreen and pasting it into paint, however when I click paste nothing appears.


Attached Files
File Type: txt AdwCleaner[R3].txt (1.1 KB, 2 views)
File Type: txt AdwCleaner[S1].txt (1.7 KB, 3 views)
My System SpecsSystem Spec
10 Aug 2014   #9
uapaul

Windows 7 Home Premium 64bit
 
 

Here is the herdprotect log


Attached Files
File Type: txt Scan_2014-8-10-17-31.txt (255.6 KB, 2 views)
My System SpecsSystem Spec
10 Aug 2014   #10
andrew129260

Windows 10 Pro
 
 

I feel dumb. My apologies. I knew that wouldn't work. I wasn't thinking. Sorry. UAC when the prompts happen creates a secure desktop, so no programs can run or screenshots can be taken. Whoops.

Please answer this question: Did you run the removal tools for avast and avira since you have avg?

Adwcleaner logs show your clean, nothing found. Herdprotect tells a different story...
You have some malware hiding in your temp folders and appdata.


 

Code:
---------------------------------------------------------------------------------

File path: 		c:\users\paulurban\appdata\local\temp\quarantine.exe
Publisher: 		
MD5: 			d1b8356365d58b249b8e9e883e115b6a
SHA-1: 			4bb8bdc6dd4f5de70ebaa9e065847b29716bb295
Created: 		8/6/2014 10:48:25 AM
Detections: 		3
Determination: 		UndefinedMalware
			- Jiangmin as TrojanDropper.FrauDrop.uic (Undefined)
			- Antiy Labs AVL as Trojan/Win32.Scar (Undefined)
			- Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)

---------------------------------------------------------------------------------

File path: 		c:\users\paulurban\appdata\local\temp\{04487208-2c0e-4343-bd9a-6711f49c9607}\setup.exe
Publisher: 		Activision                                                
MD5: 			cec7e6472df1f863cf77902759f4a0f2
SHA-1: 			e5e80275d3a7210d70cc9671e861676b40c213fc
Created: 		1/18/2014 4:59:55 PM
Detections: 		3
Determination: 		UndefinedMalware
			- Agnitum Outpost as Trojan.Genome (Undefined)
			- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
			- Sunbelt AntiMalware as Porn-Dialer.Win32.CapreDeam.N (Undefined)

---------------------------------------------------------------------------------

File path: 		c:\users\paulurban\appdata\local\temp\diqm\flashplayer_151\software\strongvault.exe
Publisher: 		Strongvault
Signer: 		Strongvault Online Storage LLC
MD5: 			245dbd87a3e22ec610c823d38443a630
SHA-1: 			cdf66b8c6cc63352b760b29c4edcaec1ddceaa26
Created: 		5/13/2013 8:56:36 PM
Detections: 		3
Determination: 		Adware
			- ESET NOD32 as MSIL/Adware.StrongVault (Adware)
			- Comodo Security as ApplicUnwnt (Undefined)
			- Reason Heuristics as PUP.Optional.Installer.StrongvaultOnlineStorage.L (Adware)

---------------------------------------------------------------------------------

File path: 		c:\users\paulurban\appdata\local\temp\diqm\flashplayer_151\software\yontoo.exe
Publisher: 		Web Deals Interactive LLC
Signer: 		Web Deals Interactive LLC
MD5: 			067becafd5f884ceb2e86f766f965b5d
SHA-1: 			da602313ec344e31f340105c29df699267f73b84
Created: 		5/13/2013 8:55:47 PM
Detections: 		7
Determination: 		Adware
			- Reason Heuristics as PUP.Installer.WebDealsInteractive.J (Adware)
			- Agnitum Outpost as Adware.Generic (Adware)
			- Comodo Security as UnclassifiedMalware (Undefined)
			- Dr.Web as Adware.Plugin.8 (Adware)
			- VIPRE Antivirus as Yontoo (Undefined)
			- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
			- ESET NOD32 as Win32/Adware.Yontoo (variant) (Adware)

---------------------------------------------------------------------------------



Make sure your data (Documents, music, etc.) is backed up either on an external hard drive or somewhere else as a precaution before proceeding:

1.) Please download and save the file TFC by Old Timer. Again, save the file to your downloads folder or your desktop. Do not run it.

Downloading TFC


2.) Close your programs before running this tool. TFC will close ALL open programs.

3.) Browse to where you saved tfc. Right click on tfc.exe and choose Run As Administrator.

4.) Click the Start button to begin the cleaning process and let it run uninterrupted to completion. When it finishes it will say total files cleaned, and the start button will be grayed out. Click exit.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
My System SpecsSystem Spec
Reply

 Command Center wants to make changes to my computer, can't click no




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Open Command Window Here - Add or Remove Shift + Right Click
How to Use "Open Command Window Here" Context Menu Item without Shift+ Right Click This will show you how to add or remove having to press Shift and right clicking on a folder or drive to use the Open Command Window Here from the context menu item for all users in Vista, Windows 7, and Windows...
Tutorials
alienware m17 r1 command center download (Can't find it anywhere)
I can find the download for the m17 r1, i've tried everywhere even posted on alien ware forums got no reply, if anyone could please help me i would appreciate it -BayEasy:cool:
Software
How to add RD /s /q command to right click?
Can someone post me what I need to import to registry, so i can right click some file or folder, and delete (that right clicked folder) it with this command RD /s /q ? I assume it something like Windows Registry Editor Version 5.00 @="&Power.Delete" @="\"cmd.exe\" WHAT GOES HERE???"
Customization
How do I make a DOS / command prompt boot CD?!?
I've looked everywhere on the web, and everything seems to apply to Windows 98 or earlier, and people with floppy disks! I need a simple CD or USB drive (CD preferably as USB booting I can never get to work) so I can flash a BIOS. The computer has no flash function in BIOS setup, and no windows...
General Discussion
how to delete command to the right click
how to delete command to the right click http://www.up.kurdclick.net//uploads/images/kurdclick9c21790493.jpg
Customization
Make the Command Prompt GUI look nicer
For those who have not done that yet, here is a little video tutorial I made on how to make the cmd GUI a little fancier. I did not like the little black window of cmd - maybe you don't either. Command Prompt on Vimeo
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:39.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App