Im getting what looks like virus/adware

**Antoine** · 03-02-2021, 03:57 PM

heres the 2nd scan, it took 6 hours and found nothing but Im still getting virus detected pop ups galore

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/21
Scan Time: 6:58 PM
Log File: 6dc457ee-7af2-11eb-bc0b-00c2c671cd06.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37649
License: Trial

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: Owner-PC\Owner

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 740156
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 hr, 21 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

**jmarket** · 03-02-2021, 05:55 PM

I would suggest taking my advice in this post due to the uncertainty of the legitimacy of your OS plus you said you don’t use certain software but I see certain software running and installed. I’d much rather play it safe than sorry in this case

**Antoine** · 03-02-2021, 06:02 PM

Originally posted by jmarket

I would suggest taking my advice in this post due to the uncertainty of the legitimacy of your OS plus you said you don’t use certain software but I see certain software running and installed. I’d much rather play it safe than sorry in this case

well I confirmed that I dont have a cracked version of Windows on that PC. As for the certain software I actually said I USED to have them on there but I dont think they still are but Im 99% certain theyre gone. Well after that discussion I was Avast was indeed still there so before doing the adw and malwarebytes scans I uninstalled Avast as well as some other old pre work files (from 2017) still on that PC such as minitool, ZHP, plus any other virus related programs like there was one called Rogue cleaner or something like that, after I got rid of all those I did malwarebytes and adw scans and well.. you know the results of those. So Id say that clean install of windows isnt necessary at the moment… unless of course we’re out of options?

**jmarket** · 03-02-2021, 06:09 PM

Can you please provide fresh FRST logs? I want to see what’s new

**Antoine** · 03-02-2021, 11:00 PM

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Owner (02-03-2021 16:42:21)
Running from C:\Users\Owner\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2021-03-02 00:11:17)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1014905426-3769363605-1701117676-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1014905426-3769363605-1701117676-503 - Limited - Disabled)
Guest (S-1-5-21-1014905426-3769363605-1701117676-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1014905426-3769363605-1701117676-1003 - Limited - Enabled)
Owner (S-1-5-21-1014905426-3769363605-1701117676-1001 - Administrator - Enabled) => C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-1014905426-3769363605-1701117676-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Amazon Music Importer (HKLM-x32...{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}) (Version: 3.1.0 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32...{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM...{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM...{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32...{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM...{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32...{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32...{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink DVD Menu Template Pack (HKLM-x32...{0C8EBB00-4909-459C-8347-B2068B7F0319}) (Version: 2.0 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3610 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 9.0.2410 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1203_33054 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2109i - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1202 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1018 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2325.01 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2408 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.)
DisplayLink Graphics Driver (HKLM...{5ABC05B8-3675-4C55-AF38-C5B0A88DA025}) (Version: 8.5.3365.0 - DisplayLink Corp.)
erLT (HKLM-x32...{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
iCloud (HKLM...{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
iTunes (HKLM...{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
KeePass Password Safe 1.37 (HKLM-x32...\KeePass Password Safe_is1) (Version: 1.37 - Dominik Reichl)
LBAI (HKLM-x32...{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Logitech Webcam Software (HKLM-x32...{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Mouse and Keyboard Center (HKLM...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM...{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Samsung ML-1865W Series (HKLM-x32...\Samsung ML-1865W Series) (Version: - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32...{91140000-0011-0000-0000-0000000FF1CE}Office14.PROPLUSR{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Quicktracks Plugin (HKLM-x32...{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32...\InstallShield{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
Trendnet USBKVM Switcher (HKLM-x32...\Trendnet USBKVM Switcher_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM...{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZHPFix 2015 (HKLM-x32...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
[HEADING=1]Packages:[/HEADING]
AV Cast → C:\Program Files\WindowsApps\63429HDWProduction.AVCast_2018.1 126.16.0_x64__vzjvkadhfn8tr [2018-11-28] (HDW Production)
Candy Crush Soda Saga → C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.18 7.400.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
iHeartRadio → C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartR adio_7.0.40.0_x64__a76a11dkgb644 [2021-03-01] (iHeartMedia.)
Lenovo Vantage → C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101 .29.0_x64__k1h2ywk1493x8 [2021-01-29] (LENOVO INC.)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-01] (Microsoft Studios) [MS Ad]
MSN Food & Drink → C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4 .336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness → C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3 .0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Sports → C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714. 0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Travel → C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x 64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0 [2021-02-21] (Spotify AB) [Startup Task]
Twitter → C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neut ral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation → Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [PhotoStreamsExt] → {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc. → Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-07-16] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\Person 1 - Chrome.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) → --profile-directory=“Default”
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) → --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2015-08-11 15:32 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-18 13:57 - 2007-07-17 16:26 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2015-08-05 12:15 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2015-08-11 15:33 - 2012-04-23 14:03 - 000380928 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-08-11 15:33 - 2012-08-28 10:51 - 000155648 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 000098304 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 017694720 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-08-11 15:33 - 2012-07-17 12:36 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2015-08-05 12:15 - 2012-07-26 23:07 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2010-12-03 16:45 - 2010-12-03 16:45 - 000150624 _____ (CyberLink → ) [File not signed] C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM .dll
2021-03-01 18:03 - 2021-03-01 18:03 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vc omp.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation → Microsoft Corporation)
BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1014905426-3769363605-1701117676-1001...\samsungsetup.com → hxxp://www.samsungsetup.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2019-01-08 17:31 - 000000845 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Tel ephony\Providers => ProviderFileName2 → ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3AD575BF-2AB2-425A-84D8-3ADCB88F30B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{F9D37732-05BD-46C4-AE10-B5069CC5D3DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{8A4598AC-55C0-4933-A56A-DCC2100190C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{FA5DA722-9B64-437E-A786-B8DE61497B2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{1E8CB704-867E-4844-83FF-894BFFA50E82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{078ECCBE-2E4D-4DB8-857B-7D5BD6A56BC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{6DECE11E-D24D-4993-9DA2-7CE65446ADB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{F489BABA-E255-448D-880D-D0A730B19F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{2FC7D826-C05D-4BDD-832E-B72E8B4B0A42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{50608695-6AAF-49F3-B577-EBD9765EE930}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. → Apple Inc.)
FirewallRules: [{5694F12C-76D5-4FB4-9720-2F249D3D68F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{59ADB011-D9DA-4190-B44E-6B563D7B1320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{AA5BE2D4-0F31-498C-8934-912AA774A6AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{96CCCC02-1466-4686-B024-B3712ED68015}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{375B3A70-0160-4DF6-970B-A89FF225ECCE}] => (Allow) LPort=5558
FirewallRules: [{7E54A6EE-FB66-4B87-AF21-0770E20C250E}] => (Allow) LPort=5556
FirewallRules: [{EC64A73F-9C15-4066-BBFC-80A58E246C2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{F22331B4-691C-4F0C-8675-8A4BDF00E39D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [UDP Query User{D4799C1E-4693-4F64-B855-4DA5749DE500}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC → )
FirewallRules: [TCP Query User{4CB13AE9-7084-4A83-BC12-848522DF60E8}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC → )
FirewallRules: [{6227C5EA-E5F9-4C60-8D66-32D77F2E16EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE (CyberLink → CyberLink Corp.)
FirewallRules: [{E3A6ED74-81F5-446A-957D-10E530C43644}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink → CyberLink Corp.)
FirewallRules: [{BDC72FFF-6BF5-4EA4-A1C9-87615CF8650F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink → CyberLink Corp.)
FirewallRules: [{B3F40DE2-8388-4CAE-8638-D6A2B4EFF453}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{0FB634A8-6EA7-43B2-A769-45454BE438C0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{38448C18-A688-49C7-8174-1B2BC24536EC}] => (Allow) LPort=54925
FirewallRules: [{E3D39E12-16A5-4746-8B99-19BD74822B66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)
FirewallRules: [{B883ABCE-DF1A-4A0B-ABAE-8CA27CB83D1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)
FirewallRules: [{4318DBDD-DDE1-463F-BCE7-258D6D028763}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)
FirewallRules: [{49A75FE9-C561-4677-8237-CBBBA6E4DDF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.06 GB) (Free:56.03 GB) (47%)

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Owner-PC.local. Addr 192.168.1.142

Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA FE80:0000:0000:0000:E817:E563:0AE0:1EE1

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:1409:8DA2

26A:B94D

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:E817:E563:0AE0:1EE1
[HEADING=1]System errors:[/HEADING]
Error: (03/02/2021 12:48:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:36 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:33 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:30 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:27 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:22 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/01/2021 06:43:09 PM) (Source: DCOM) (EventID: 10005) (User: Owner-PC)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
[HEADING=1]Windows Defender:[/HEADING]
Date: 2021-03-01 18:40:15
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2021-03-01 18:50:51
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dl l which has been disallowed for protected processes.

==================== Memory info ===========================

BIOS: LENOVO FHKT48AUS 05/28/2014
Motherboard: LENOVO SHARKBAY
Processor: Intel(R) Core™ i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 90%
Total physical RAM: 4002.3 MB
Available physical RAM: 378 MB
Total Virtual: 5602.3 MB
Available Virtual: 1578.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.06 GB) (Free:56.03 GB) NTFS
Drive f: (My Book) (Fixed) (Total:1862.98 GB) (Free:1763.82 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.3 GB) FAT32

\?\Volume{bd82434a-ce60-11e4-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\?\Volume{71b5c2a1-0000-0000-0000-c0991d000000}\ () (Fixed) (Total:0.84 GB) (Free:0.4 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 71B5C2A1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)

================================================== ========
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0C)

================================================== ========
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

**Antoine** · 03-02-2021, 11:11 PM

FRST2.txt

https://drive.google.com/file/d/1lGOVQQcFLWC_D0XDI6r6IPMn7Aau6Bfe/view?usp=sharing

theres cleary something in these FRST files that doesnt allow me to copy and paste them here if Ive been able to copy and paste everything else just fine lol

**jmarket** · 03-03-2021, 02:23 AM

Good news is a lot of bad stuff is gone now. I will have a look at your logs tomorrow and will have a fix for you. This will be an easy fix but it will take a few steps to accomplish.

**Antoine** · 03-03-2021, 03:06 AM

If a lot of the bad stuff is gone why don’t the pop ups seem to have decreased lol

**Antoine** · 03-03-2021, 06:41 PM

lemme know. Ill be standing by

**jmarket** · 03-04-2021, 05:02 PM

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Antoine** · 03-04-2021, 05:13 PM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Owner (04-03-2021 11:07:48) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal[/HEADING]
fixlist content:

start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {08FB5BE8-6146-45FE-82AA-AAEBD942693D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {0D219ACD-7011-4534-B120-F3505C4837B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {1D8DF3E7-9F2D-40E4-88F5-F341BFD0253E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask → No File <==== ATTENTION
Task: {2E7A2325-D316-4452-9C0E-C1293B13226B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
Task: {45CA8801-18F2-4B31-9729-883429B5FECF} - \Microsoft\Windows\UNP\RunCampaignManager → No File <==== ATTENTION
Task: {67A6FD32-C356-4EC5-95D4-CC1194581A0C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {8C3EDB83-36E2-4054-9D57-8EF4192E26A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
Task: {9A3E4869-5465-442C-A6A9-8FF408CA91EF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
Task: {9EDE4753-F683-4ECA-BAE0-7F320A3EBCC9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deReminderTime → No File <==== ATTENTION
Task: {9EF291FD-9567-4DA4-A2AE-43E2A5E95508} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
Task: {A19C0C04-EA51-45A5-8A41-10A2539243F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {C36FCA9A-D611-4856-BFB3-2F5780E1458C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deTime → No File <==== ATTENTION
Task: {E5FF7E72-8DAD-4F94-8287-1B81E5D2A1C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTION
Task: {F25A43D6-ACAA-44F8-80CE-1B1A9CF247E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {F8AB5D5D-48F4-4B75-9D38-EC025CC9187F} - \WPD\SqmUpload_S-1-5-21-1014905426-3769363605-1701117676-1001 → No File <==== ATTENTION
Task: {2F2589E7-DF1D-4E34-BE08-AC75A9E52FC6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
CHR Notifications: Default → hxxps://captchatopsource.com; hxxps://pchelpforum.net; hxxps://rktax.securefilepro.com; hxxps://us.letgo.com; hxxps://www.facebook.com
CHR HomePage: Default → hxxp://www.deloittenet.com
CHR HKLM-x32...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx
CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
FirewallRules: [{375B3A70-0160-4DF6-970B-A89FF225ECCE}] => (Allow) LPort=5558
FirewallRules: [{7E54A6EE-FB66-4B87-AF21-0770E20C250E}] => (Allow) LPort=5556
FirewallRules: [{38448C18-A688-49C7-8174-1B2BC24536EC}] => (Allow) LPort=54925
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{08FB5BE 8-6146-45FE-82AA-AAEBD942693D}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{08FB5BE 8-6146-45FE-82AA-AAEBD942693D}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0D219AC D-7011-4534-B120-F3505C4837B0}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0D219AC D-7011-4534-B120-F3505C4837B0}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1D8DF3E 7-9F2D-40E4-88F5-F341BFD0253E}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1D8DF3E 7-9F2D-40E4-88F5-F341BFD0253E}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSo ftwareProtectionPlatform\SvcRestartTask” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2E7A232 5-D316-4452-9C0E-C1293B13226B}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2E7A232 5-D316-4452-9C0E-C1293B13226B}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandcontent” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{45CA880 1-18F2-4B31-9729-883429B5FECF}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{45CA880 1-18F2-4B31-9729-883429B5FECF}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UNP\RunCampaignManager” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{67A6FD3 2-C356-4EC5-95D4-CC1194581A0C}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{67A6FD3 2-C356-4EC5-95D4-CC1194581A0C}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8C3EDB8 3-36E2-4054-9D57-8EF4192E26A2}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8C3EDB8 3-36E2-4054-9D57-8EF4192E26A2}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxconfig-B” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{9A3E486 9-5465-442C-A6A9-8FF408CA91EF}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9A3E486 9-5465-442C-A6A9-8FF408CA91EF}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9EDE475 3-F683-4ECA-BAE0-7F320A3EBCC9}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9EDE475 3-F683-4ECA-BAE0-7F320A3EBCC9}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeReminde rTime” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9EF291F D-9567-4DA4-A2AE-43E2A5E95508}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9EF291F D-9567-4DA4-A2AE-43E2A5E95508}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{A19C0C0 4-EA51-45A5-8A41-10A2539243F3}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A19C0C0 4-EA51-45A5-8A41-10A2539243F3}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C36FCA9 A-D611-4856-BFB3-2F5780E1458C}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C36FCA9 A-D611-4856-BFB3-2F5780E1458C}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeTime” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E5FF7E7 2-8DAD-4F94-8287-1B81E5D2A1C9}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E5FF7E7 2-8DAD-4F94-8287-1B81E5D2A1C9}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F25A43D 6-ACAA-44F8-80CE-1B1A9CF247E0}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F25A43D 6-ACAA-44F8-80CE-1B1A9CF247E0}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F8AB5D5 D-48F4-4B75-9D38-EC025CC9187F}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F8AB5D5 D-48F4-4B75-9D38-EC025CC9187F}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmU pload_S-1-5-21-1014905426-3769363605-1701117676-1001” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{2F2589E7-DF1D-4E34-BE08-AC75A9E52FC6}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2F2589E 7-DF1D-4E34-BE08-AC75A9E52FC6}” => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup” => removed successfully
“Chrome Notifications” => removed successfully
“Chrome HomePage” => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \daanglpcpkjjlkhcbladppjphglbigam => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxcui => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{375B3A 70-0160-4DF6-970B-A89FF225ECCE}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{7E54A6 EE-FB66-4B87-AF21-0770E20C250E}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{38448C 18-A688-49C7-8174-1B2BC24536EC}” => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= RemoveProxy: =========

“HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net
IPv6 Address. . . . . . . . . . . : 2601:483:c400:110:e817:e563:ae0:1ee1
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:68c1:38d3:16e0:23b6
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:69cd:a2b8:3880:b0be
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:a1f1:63e0:e393:4dd1
Link-local IPv6 Address . . . . . : fe80::e817:e563:ae0:1ee1%3
Default Gateway . . . . . . . . . : fe80::c641:1eff:fe3f:ab09%3

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net
IPv6 Address. . . . . . . . . . . : 2601:483:c400:110:e817:e563:ae0:1ee1
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:68c1:38d3:16e0:23b6
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:69cd:a2b8:3880:b0be
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:a1f1:63e0:e393:4dd1
Link-local IPv6 Address . . . . . : fe80::e817:e563:ae0:1ee1%3
IPv4 Address. . . . . . . . . . . : 192.168.1.142
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::c641:1eff:fe3f:ab09%3
192.168.1.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37771452 B
Java, Flash, Steam htmlcache => 7941 B
Windows/system/drivers => 1214494 B
Edge => 22576474 B
Chrome => 360866305 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 35662 B
NetworkService => 39238 B
Owner => 104684506 B

RecycleBin => 66899336 B
EmptyTemp: => 576.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:08:54 ====

**jmarket** · 03-04-2021, 05:14 PM

How are things now?

**Antoine** · 03-04-2021, 05:16 PM

so after reboot i didnt get bombarded with 7 fake virus alerts yet (usually wouldve happened by now though) I did get a buncha script errors at startup but I was getting those already anyway. One thing that was new however is windows defender/firewall popped up at started up blocking Chrome.exe for some reason. I hit allow access (since it is just Chrome after all) but nothing happened thankfully

**jmarket** · 03-04-2021, 05:18 PM

The reason why windows defender is blocking Chrome now is because we did a firewall reset, which removed any bad rules. Just allow it through and you’ll be good

**jmarket** · 03-04-2021, 05:19 PM

I want to reset your browsers just to be on the safe side too.

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator

Forums - PC Help Forum

https://pchelpforum.net/attachments/vwueyaz-png.1017

PCHF Forums

Click on Reset Chrome– Allow completion.
Click on Reset Firefox– Allow completion.
Click on Reset Internet Explorer– Allow completion.

Now reboot your machine.

Im getting what looks like virus/adware

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment