Can't open Command Prompt & Other issue

Reboot into safe mode and run it please.

Changing the services to default may kill the wifi…

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

Code:

     [IMG alt="PO7tPc7.png"]https://i.imgur.com/PO7tPc7.png

Open notepad, and copy and paste the content of the codebox below into an open notepad.

[ICODE] Start:: CreateRestorePoint: CloseProcesses: CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35. 442\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35. 423\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 32\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 92\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 102\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 82\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 52\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35. 452\psuser_64.dll => No File SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File GroupPolicy-x32: Restriction ? <==== ATTENTION Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_def ault\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found> C:\WINDOWS\SysWOW64\Amazon SetDefaultFilePermissions: C:\Windows\System32\cmd.exe SetDefaultFilePermissions: C:\windows\system32\consent.exe CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp emptytemp: Reboot: End:[/ICODE]

Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.

I ran the all-in-one tool last night before seeing this message. I entered the code you suggested, ran FSRT, and rebooted.

Still can’t run cmd prompt as admin :frowning:[/IMG][/QUOTE]

Attach all logs from this point…Post the fix log from FRST.

---

Download Autologger to your desktop.
[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][IMG alt=“KA81Q57.png”]https://i.imgur.com/KA81Q57.png
[/ul]

---

Also, run this tool and post the log. This time do not copy and paste it, attach it, as it is rather long.

Download Quick Diag to your desktop.
Very Important!! – Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

[IMG alt=“upload_2017-2-23_9-27-51-png.1654”]https://pchelpforum.net/attachments/...7-51-png.1654/[/IMG]

I’ll check these out when I get back home.

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (22-03-2022 09:08:44) Run:4
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35. 452\psuser_64.dll => No File
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File
FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.ex e => No File
GroupPolicy-x32: Restriction ? <==== ATTENTION
Edge Extension: (No Name) → AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) → BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) → LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) → PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_def ault\apdfllckaahabafndbhieahigkjlhalf_live.crx
C:\WINDOWS\SysWOW64\Amazon
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
SetDefaultFilePermissions: C:\windows\system32\consent.exe
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End:

---

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully
“HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{79D487 FF-A063-4A2F-BA37-9FDDFE380E24}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{C61CEB 76-8A69-4D76-98A0-E8A690B01591}” => removed successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\ Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE 08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\ Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\ Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\ Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaah abafndbhieahigkjlhalf => removed successfully
C:\WINDOWS\SysWOW64\Amazon => moved successfully
“C:\Windows\System32\cmd.exe” => Default permissions restored successfully.
“C:\windows\system32\consent.exe” => Default permissions restored successfully.

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Deleted file - C:\Users\khval\AppData\Local\temp.ses
Deleted file - C:\Users\khval\AppData\Local\temp\7896-10720-9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-12984-10.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4060-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4412-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5044-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5976-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-6072-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7100-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7564-8.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7916-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-8988-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-10848-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-11040-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12540-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12848-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-13008-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-7228-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9200-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9472-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\HPSA_Uninstall_2 0220322-082712.txt
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverla y.ico
Deleted file - C:\Users\khval\AppData\Local\temp\StructuredQuery. log
Deleted file - C:\Users\khval\AppData\Local\temp~DFF691582FC4B647 F0.TMP
Deleted file - C:\Users\khval\AppData\Local\temp~DFFF2A9B2DC013C3 07.TMP

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\Application_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\AppxErrorReport_B1F833E4-3DA1-0006-F775-F8B1A13DD801.txt => moved successfully
C:\Windows\Temp\FusionRestarter-expand.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\System_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11809102 B
Java, Flash, Steam htmlcache => 2409 B
Windows/system/drivers => 4084 B
Edge => 9813213 B
Chrome => 717168 B
Brave => 272335540 B
Firefox => 15451756 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2370 B
NetworkService => 40272 B
khval => 3279811 B
Kristian => 3293027 B

RecycleBin => 1544998 B
EmptyTemp: => 305 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:09:33 ====

@khval94 Temporarily disable user account control.

Step 1: Type control panel in the search bar of Windows 10 and click this app in the result to open it.
Step 2: Go to User Accounts > Change User Account Control settings.
Step 3: Drag the slider control to Never notify and click OK to apply the change.

---

Step 1: Type netplwiz in the search bar of Windows 10 and click this app in the result to open it.
Step 2:Make sure your account is selected.
Step 3: Select properties option.
Step 4: Select Group Membership.
Step 5: Click Administrator.
Step 6: Click Apply
Step 7: Reboot when prompted and check the issue.

Note: You may need to do this from the other admin account you created, you might not be able to apply these changes to yourself.

---

1. Right-click your computer desktop and then go to New > Shortcut.
2. Type cmd.exe in the box that is below Type cmd.exe and then click Next.
   [ol]
   [li]Right-click the shortcut you have created and then select Properties.[/li][li]Go to Security > Advanced.[/li][li]Select Run as administrator and click OK.[/li][li]Click Apply and OK to save the change.[/li][/ol]

After this setting, you can run Command Prompt as administrator by double-clicking this shortcut.

---

You can uninstall RogueKiller and Zemana with GeekUninstaller.

Open notepad, and copy and paste the content of the codebox below into an open notepad.

[ICODE] Start:: CreateRestorePoint: CloseProcesses: C:\Program Files (x86)\Zemana C:\Program Files\RogueKiller C:\Users\khval\AppData\Roaming\uTorrent Web C:\Program Files (x86)\TotalAV C:\Program Files\mcafee C:\Program Files (x86)\Lavasoft C:\Program Files\AVG C:\Program Files\Common Files\AVG C:\Program Files\Malwarebytes C:\$AV_AVG C:\WINDOWS\ZAM.krnl.trace C:\WINDOWS\System32\avgremoverx.exe C:\Users\khval\AppData\Local\BitTorrentHelper C:\Users\khval\AppData\Local\mbam C:\Users\khval\AppData\Local\Zemana C:\Program Files\Common files\AVG DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D 59EC2BD37A" DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|"CCleaner Smart Cleaning" DeleteValue:[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|"AVGUI.exe" [-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software] [-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK] [-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft] [-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana] [-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK] [-HKLM\Software\AVG] [-HKLM\Software\Malwarebytes] [-HKLM\Software\TrendMicro] [-HKLM\Software\ZmnGlobalSDK] [-HKLM\Software\WOW6432Node\Amazon] [-HKLM\Software\WOW6432Node\Lavasoft] [-HKLM\Software\WOW6432Node\TrendMicro] CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp emptytemp: Reboot: End:[/ICODE]

Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.

Before entering the code:

In Security > Advanced, there is no option to Select as Admin. I was trying to take a screenshot to show you but the snipping tool will not open, neither will the search next to Start.

I moved this back to windows 10. I am out of ideas.

Other than a repair install.

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (23-03-2022 09:40:26) Run:5
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Zemana
C:\Program Files\RogueKiller
C:\Users\khval\AppData\Roaming\uTorrent Web
C:\Program Files (x86)\TotalAV
C:\Program Files\mcafee
C:\Program Files (x86)\Lavasoft
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Malwarebytes
C:$AV_AVG
C:\WINDOWS\ZAM.krnl.trace
C:\WINDOWS\System32\avgremoverx.exe
C:\Users\khval\AppData\Local\BitTorrentHelper
C:\Users\khval\AppData\Local\mbam
C:\Users\khval\AppData\Local\Zemana
C:\Program Files\Common files\AVG
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|“CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D 59EC2BD37A”
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|“CCleaner Smart Cleaning”
DeleteValue:[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run]|“AVGUI.exe”
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK]
[-HKLM\Software\AVG]
[-HKLM\Software\Malwarebytes]
[-HKLM\Software\TrendMicro]
[-HKLM\Software\ZmnGlobalSDK]
[-HKLM\Software\WOW6432Node\Amazon]
[-HKLM\Software\WOW6432Node\Lavasoft]
[-HKLM\Software\WOW6432Node\TrendMicro]
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End:

---

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Zemana => moved successfully
C:\Program Files\RogueKiller => moved successfully
“C:\Users\khval\AppData\Roaming\uTorrent Web” => not found
“C:\Program Files (x86)\TotalAV” => not found
“C:\Program Files\mcafee” => not found
“C:\Program Files (x86)\Lavasoft” => not found
“C:\Program Files\AVG” => not found
C:\Program Files\Common Files\AVG => moved successfully
“C:\Program Files\Malwarebytes” => not found
C:$AV_AVG => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\WINDOWS\System32\avgremoverx.exe => moved successfully
C:\Users\khval\AppData\Local\BitTorrentHelper => moved successfully
C:\Users\khval\AppData\Local\mbam => moved successfully
C:\Users\khval\AppData\Local\Zemana => moved successfully
“C:\Program Files\Common files\AVG” => not found
“HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\“CCleanerBrowserAutoLaun ch_9DCAA999358A6B6ADFA24D59EC2BD37A”” => not found
“HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run\“CCleaner Smart Cleaning”” => not found
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\StartupApproved\Run\“AVGUI.exe”” => not found
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\AVG => removed successfully
HKLM\Software\Malwarebytes => removed successfully
HKLM\Software\TrendMicro => removed successfully
HKLM\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\WOW6432Node\Amazon => removed successfully
HKLM\Software\WOW6432Node\Lavasoft => removed successfully
HKLM\Software\WOW6432Node\TrendMicro => removed successfully

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Deleted file - C:\Users\khval\AppData\Local\temp.ses
Deleted file - C:\Users\khval\AppData\Local\temp\8488-12640-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8132-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8136-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\khval\AppData\Local\temp\khval.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\Kristian.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\LibraryConfigura tionS.xml
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverla y.ico
Deleted file - C:\Users\khval\AppData\Local\temp\QBEasyUpgrader29 .log
Deleted file - C:\Users\khval\AppData\Local\temp\QBSearchIndexerE rror.txt
Deleted file - C:\Users\khval\AppData\Local\temp\wctABB9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp~DF1AF6037F000E9E 44.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCE L\App1647972571758142700_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCE L\App1647972571759143300_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\wctAC27.tmp => moved successfully
C:\Windows\Temp\wctB475.tmp => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9604362 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4084 B
Edge => 0 B
Chrome => 0 B
Brave => 412579049 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5060 B
khval => 240985 B
Kristian => 240985 B

RecycleBin => 0 B
EmptyTemp: => 403.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:40:46 ====

I’ll try running the repair install and get back to you this evening.

Can I remove any of the other tools we downloaded during this process? I really appreciate all your efforts!

The whole reason I was trying to run cmd prompt as admin was to remove microsoft edge from my computer in the first place. Any suggestions for how to remove this without cmd prompt..? Also, do you know what’s going on with the search bar not being able to open now?

I actually just tried removing it with the Geek tool, looks like it was removed..

OK Mal, it looks like the option to select Run as Admin was in Properties > Shortcut >advanced, not Security > Advanced. I was able to select and Apply, and now the shortcut runs as Admin!!

Thank you so much!

Could you please advise on anything else I need to do to make sure my computer is running safely? Do you have any recommendations for protecting my computer from further infections/mishaps?

Not sure. With everything that is going on, I’d do the repair. But this tool may be able to help.

https://www.techspot.com/downloads/6184-fixwin.html

You can delete anything you wish to delete.

I can make a detailed reply when I return home about security.

Or this video.

[MEDIA=youtube]6OFLuAnaNtI[/MEDIA]