Jump to content

Windows settings are managed "by your organization" I'm not in a domain


Recommended Posts

Hi there,

I went to check windows update and noticed that the automatic updates were turned off because Some settings are managed by your organization.  I'm not part of any domain or organization, this is a personal computer.  This is the first I've noticed this setting.  I'm a little concerned it is malware, but I'm pretty safe with my web browsing and whatnot.  I really appreciate any help you could provide.  

 

 

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

Hello @muaddib87

It looks like you have the following software installed that "might" be the cause.

PACE Anti-Piracy, Inc
https://www.paceap.com/

You have Norton 360 which might also have some sort of link but probably not.

 

You appear to have another computer on your network with the same name? Have you cloned a system or using one of the Virtual system like Hyper--V or VMware, etc?

Application errors:
==================
Error: (01/03/2022 01:29:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Cali.local already in use; will try Cali-2.local instead

 

I would highly recommend that you uninstall Bonjour from Control Panel, Programs, Programs and Features.

 

You have a Razor mouse driver not loading properly as well as AMDRyzenMasterDriverV19 that looks to have tried to reinstall but was already installed so it faulted.

System errors:
=============
Error: (01/03/2022 01:29:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDRyzenMasterDriverV19 service failed to start due to the following error:
Cannot create a file when that file already exists.

Error: (01/03/2022 01:03:16 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Razer Synapse Service service depends on the following service: Razer Game Manager Service. This service might not be installed.

 

Then the actual Windows Installer itself faulted a few days ago

Error: (12/28/2021 08:36:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Difficult to say for sure why that is. These could just be temporary issues or it could be that maybe Pace or Norton are locking the system down too much?

 

 

 

We can do some generic cleanup if you like, let me know.

 

 

Link to post
Share on other sites

Hi there,

Thank you so much for the reply and help. 

I don't have another computer on the network with the same name.  I do have a laptop I just recently purchased, but it should have a different name.  Is this concerning? 

I actually have no idea what the Pace software is...should I uninstall it?

I would absolutely love to do anything to help secure the PC. Thank you. 

Link to post
Share on other sites

  • Root Admin

Please go ahead and temporarily uninstall your Norton 360 and restart the computer. @muaddib87 and I'll check back on you again in the morning sometime.

Then run the following generic clean-up script.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Kindly pardon the intrusion here by me.  I only intend to help out a bit.

Hello @muaddib87

First, if you completed the Fixlist then kindly attach the FIXLOG.txt  on your next reply.

[ 2  ]

Kindly also run this diagnostic report.  It may just be that your system is missing a important key Windows service entry.

This next is just a report to check on some Windows services  

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file. 

Cheers.

Link to post
Share on other sites

Some questions & clarifications, please.

Norton 360  ( thru Norton Lifelock) is the installed / resident antivirus.  Is it up-to-date ?  is it a paid / active license?

Is the Malwarebytes a free, or trial, or is it a paid Premium ?

I am curious to know on both.  Anyhow, go ahead and make this wee-bit of adjustment.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

Once the Command prompt window is up,   copy > paste the line in the codebox below into the command-window

It is best to  use COPY & Paste for the following.  All of each line as-is
 

echo > 0 & sc qc securityhealthservice >> 0 & sc queryex securityhealthservice >> 0 & sc qc windefend >> 0& echo >> 0 & notepad 0

tap Enter when ready.   These are queries only.  Then attach or paste the contents of the file 0 on your next reply.

The file named 0 will be showing  (opened) in NOTEPAD.

Link to post
Share on other sites

  • Root Admin

Hello @muaddib87

Please save the attached FIXLIST.TXT file to the same location as the Farbar program as you did before.

fixlist.txt

 

Then run the Farbar program with an Admin account and click on the FIX button.

This will remove ALL policies from the computer.

 

Then follow up and run the command requested by @Maurice Naggar

echo > 0 & sc qc securityhealthservice >> 0 & sc queryex securityhealthservice >> 0 & sc qc windefend >> 0& echo >> 0 & notepad 0 

 

Thanks

 

Link to post
Share on other sites

Hi there,

Norton is a paid version and malwarebytes is the trial version, but I think I'll be switching over soon.  

ECHO is on.
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: securityhealthservice
        TYPE               : 10  WIN32_OWN_PROCESS 
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\SecurityHealthService.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Security Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: securityhealthservice 
        TYPE               : 10  WIN32_OWN_PROCESS  
        STATE              : 4  RUNNING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 13264
        FLAGS              : 
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: windefend
        TYPE               : 10  WIN32_OWN_PROCESS 
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe"
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Microsoft Defender Antivirus Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
ECHO is on.
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.