BAse Filtering Engine Access Denied Error 5

Collapse
X
Collapse
 
  • Page of 5
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • thiisnacc
    PCHF Member
    • Apr 2022
    • 55
    #1

    BAse Filtering Engine Access Denied Error 5

    So recently I have been fighting this (assumed) virus on my computer with no luck. I tried to repair the PC by granting ‘Everyone’ administrative permissions to the BFE service it worked partially but I couldnt turn my firewall back on even after doing that. I think My OS got corrupted as well. I tried to Factory Reset my computer but wanted to keep my files. That, too, worked partially. Now I am back to square one with it being turned off again along with the firewall. By the way I had avast on my computer before all of this. I would let avast run an offline scan that showed some files on my PC were “decompression bombs”. I have since removed Avast and just rely on Windows Security.

    Today, in safe mode, I typed in elevated cmd

    Code:
    takeown /S mycomputername /U %username% /F %USERPROFILE% /R /SKIPSL. This worked.

I then tried cacls %USERPROFILE% /T /E /G %USERNAME%:F. This still gave Access Denied after.

I typed:

sc queryex bfe, It returned:

SERVICE_NAME: bfe

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

WIN32_EXIT_CODE : 5 (0x5)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

It’s Dependencies Says RPC and a host of other services depend on this service including Windows Firewall which is also malfunctioning (won’t start).
    Any help is appreciated.
    Tags: None
    • thiisnacc
      PCHF Member
      • Apr 2022
      • 55
      #2
      Also:

      Code:
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by User (administrator) on USER-PC (Dell Inc. Latitude E6420) (07-04-2022 11:23:57)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <25>
(explorer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2015-07-09] (Alps Electric Co., LTD. → Alps Electric Co., Ltd.)
HKU\S-1-5-21-2824228921-1266272492-1798908342-1000...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [3540392 2022-04-01] (Microsoft Corporation → Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6C62D0AC-543D-40BA-905F-28548A1E30C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {6E5D8396-48D3-4C6A-970F-2F6E68B814D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {7A33FAEB-A02C-4BA1-9842-B1968E871A29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {80FE780A-E9DC-437B-8A20-A30EB381883B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {B96A7024-47B1-425E-A9D8-874CC35B63D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-03-30] (Microsoft Corporation → Microsoft Corporation)
Task: {FC862D59-E4C2-46D4-9804-8539BCE13817} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-03-30] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip..\Interfaces{dc8eb244-98c6-4869-851b-99f0edab5748}: [DhcpNameServer] 192.168.10.1
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-07]
Edge Extension: (Hippo Video: Video and Screen Recorder) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cijidiollmnkegoghpfobabpecdkeiah [2022-04-07]
Edge Extension: (MetaMask) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2022-03-11]
Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2022-03-07]
Edge Extension: (AdGuard AdBlocker) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2022-03-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. → Alps Electric Co., Ltd.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-03-29] (Microsoft Corporation → Microsoft Corporation)
S4 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher → Broadcom Corporation)
S4 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [43520 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher → Broadcom Corporation)
S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [65536 2007-02-11] (Microsoft Windows Hardware Compatibility Publisher → O2Micro International)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-13] (Microsoft Windows Publisher → Microsoft Corporation)
S4 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [260096 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher → )
S4 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746736 2022-01-17] (Oracle Corporation → Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag64.sys [27648 2020-07-30] (Microsoft Windows Hardware Compatibility Publisher → LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2020-07-30] (Microsoft Windows Hardware Compatibility Publisher → LG Electronics Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 → Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 → Apple Inc.)
R3 cykbfltrService; C:\WINDOWS\System32\drivers\cykbfltr.sys [19968 2015-06-24] (Microsoft Windows Hardware Compatibility Publisher → Cypress Semiconductor, Inc.)
U5 mvumis; C:\WINDOWS\System32\drivers\mvumis.sys [63800 2019-12-07] (Microsoft Windows → Marvell Semiconductor, Inc.)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w7x64.sys [195768 2013-08-16] (O2Micro → O2Micro)
S3 Ser2pl; C:\WINDOWS\System32\drivers\ser2pl64.sys [227248 2017-10-30] (WDKTestCert charles-yeh,131345514351795974 → Prolific Technology Inc.)
S3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows → Conexant Systems, Inc.)
S3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows → Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows → Conexant Systems, Inc.)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239648 2022-01-17] (Oracle Corporation → Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249560 2022-01-17] (Oracle Corporation → Oracle Corporation)
S1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1046416 2022-01-17] (Oracle Corporation → Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows → Microsoft Corporation)
S3 MpKsl10f302d1; ??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates{2134960C-024E-452A-BD21-3692784F72D8}\MpKslDrv.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-07 10:44 - 2022-04-07 10:44 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2022-04-06 14:15 - 2022-04-06 14:15 - 000007894 _____ C:\Users\User\Downloads\Per.zip
2022-04-06 11:39 - 2022-04-06 11:40 - 000015985 _____ C:\Users\User\Downloads\Addition.txt
2022-04-06 11:38 - 2022-04-07 11:24 - 000009661 _____ C:\Users\User\Downloads\FRST.txt
2022-04-06 11:37 - 2022-04-07 11:24 - 000000000 ____D C:\FRST
2022-04-06 11:35 - 2022-04-06 11:36 - 002365440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2022-04-06 10:59 - 2022-04-07 08:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-04-02 13:11 - 2022-04-02 13:11 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-04-02 12:44 - 2022-04-02 13:16 - 000000000 ____D C:\Program Files\Microsoft Office
2022-04-02 12:44 - 2022-04-02 12:44 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-04-02 12:10 - 2022-04-02 12:10 - 000000368 _____ C:\Users\User\AppData\Roaming\SaraBat.bat
2022-04-02 11:52 - 2022-04-02 13:17 - 000000000 ____D C:\Users\User\AppData\Local\SaraResults
2022-04-02 10:01 - 2022-04-02 10:01 - 000000000 ____D C:\Users\User\AppData\Local\SaRALogs
2022-04-02 09:51 - 2022-04-02 13:20 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2022-04-02 09:51 - 2022-04-02 09:51 - 000000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2022-03-30 13:23 - 2022-03-30 13:23 - 000000000 ___HD C:$WinREAgent
2022-03-28 19:27 - 2022-04-06 21:01 - 097517568 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-03-28 19:11 - 2022-03-28 19:27 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-03-28 16:32 - 2022-03-28 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2022-03-28 16:31 - 2022-03-28 16:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2022-03-28 16:30 - 2022-03-28 16:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2022-03-28 16:30 - 2022-03-28 16:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2022-03-28 16:23 - 2022-04-07 10:39 - 002025348 _____ C:\WINDOWS\ntbtlog.txt
2022-03-28 16:23 - 2022-03-28 16:23 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2022-03-27 20:07 - 2022-03-27 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-03-13 20:29 - 2022-03-24 16:50 - 000000000 ____D C:\Users\User.VirtualBox
2022-03-10 18:43 - 2022-04-06 11:02 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2022-03-08 18:09 - 2022-03-08 18:10 - 000000000 ____D C:\Users\User\Downloads\Virtual Box and iso
2022-03-08 17:28 - 2022-03-24 14:14 - 000000000 ____D C:\ProgramData\VirtualBox
2022-03-08 17:27 - 2022-03-08 17:27 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2022-03-08 17:27 - 2022-03-08 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2022-03-08 17:27 - 2022-01-17 05:12 - 001046416 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxSup.sys
2022-03-08 17:27 - 2022-01-17 05:12 - 000188184 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2022-03-08 17:26 - 2022-03-08 17:26 - 000000000 ____D C:\Program Files\Oracle

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-07 08:08 - 2022-02-17 14:42 - 000000000 ____D C:\WINDOWS\INF
2022-04-07 08:08 - 2022-02-17 12:09 - 000839732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-07 08:04 - 2022-02-09 21:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-06 21:01 - 2022-02-17 14:36 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-04-06 17:59 - 2022-02-17 11:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-06 16:38 - 2022-02-03 10:48 - 000000133 _____ C:\Users\User\0
2022-04-06 14:17 - 2022-02-17 14:43 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-06 14:17 - 2022-02-17 11:53 - 000038755 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2022-04-06 14:17 - 2022-02-17 11:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-06 10:54 - 2022-02-17 14:43 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-06 10:54 - 2022-02-17 11:52 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-06 10:54 - 2022-02-17 11:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-05 09:10 - 2022-02-17 14:43 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-04 16:58 - 2022-02-17 12:32 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2824228921-1266272492-1798908342-1000
2022-04-04 16:58 - 2022-02-17 12:32 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2824228921-1266272492-1798908342-1000
2022-04-04 16:58 - 2022-02-17 12:02 - 000002380 ____C C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-02 20:23 - 2022-02-17 14:51 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-02 20:23 - 2022-02-17 14:51 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-02 13:16 - 2022-02-17 14:43 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-04-02 11:54 - 2022-02-17 11:52 - 000439016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-02 09:57 - 2019-08-16 20:49 - 000000000 ___DC C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2022-03-30 14:42 - 2022-02-17 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-28 16:34 - 2022-02-17 12:02 - 000000000 ____D C:\Users\Administrator
2022-03-28 16:31 - 2022-02-17 14:43 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-28 16:31 - 2022-01-31 17:53 - 000000000 ___RD C:\Users\Administrator\3D Objects
2022-03-28 16:31 - 2018-02-21 02:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-25 21:07 - 2022-02-17 12:33 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2022-03-25 21:07 - 2022-02-17 12:27 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2022-03-25 21:07 - 2022-02-17 12:27 - 000000000 ____D C:\ProgramData\Packages
2022-03-22 20:46 - 2022-02-17 14:43 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-15 17:12 - 2022-02-17 11:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 12:07 - 2022-02-19 20:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 11:01 - 2022-02-19 20:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 10:55 - 2022-02-19 20:06 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2022-04-02 12:10 - 2022-04-02 12:10 - 000000368 _____ () C:\Users\User\AppData\Roaming\SaraBat.bat
2022-04-02 12:10 - 2022-04-02 12:10 - 000196984 _____ (Microsoft Corporation) C:\Users\User\AppData\Roaming\SetupProd_Act.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7041
          #3
          Adware Cleaner

          [ul]
          [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select[/li][IMG alt=“Spcusrh.png”]https://i.imgur.com/Spcusrh.png

          Run as Administrator
          [li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]



          Can you move FRST to your desktop, and then boot into normal mode and run the tool please. Attach both logs, I’d rather not have it copy and pasted.



          Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
          Post the log created.



          I am currently at work on lunch break. I’ll have a reply for you once I return home. ???[/IMG]

            Comment

            • thiisnacc
              PCHF Member
              • Apr 2022
              • 55
              #4
              Originally posted by Malnutrition
              Adware Cleaner

              [ul]
              [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select[/li][IMG alt=“Spcusrh.png”]https://i.imgur.com/Spcusrh.png

              Run as Administrator
              [li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]



              Can you move FRST to your desktop, and then boot into normal mode and run the tool please. Attach both logs, I’d rather not have it copy and pasted.



              Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
              Post the log created.



              I am currently at work on lunch break. I’ll have a reply for you once I return home. ???
              [ATTACH type=“full”]9440[/ATTACH]

              Hello!

              I got lost on the “make sure that every item listed in the different tabs is checked and click on” part. The Log FIles Tab says AdwCleaner.txt do I check that as well or do I leave everything else default in the other tabs?

              [ATTACH type=“full”]9441[/ATTACH]
              [ATTACH type=“full”]9442[/ATTACH][/IMG][/QUOTE]

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041
                  #5
                  Skip adwarecleaner and run Frst from normal mode. Post the two logs generated.

                    Comment

                    • thiisnacc
                      PCHF Member
                      • Apr 2022
                      • 55
                      #6
                      Originally posted by Malnutrition
                      Skip adwarecleaner and run Frst from normal mode. Post the two logs generated.

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041
                          #7
                          Please run farbar service scanner as requested in normal mode.

                          Also, what is this file?

                          SaraBat.bat

                            Comment

                            • thiisnacc
                              PCHF Member
                              • Apr 2022
                              • 55
                              #8
                              Originally posted by Malnutrition
                              Please run farbar service scanner as requested in normal mode.

                              Also, what is this file?

                              SaraBat.bat
                              [ATTACH type=“full”]9445[/ATTACH]
                              I came out of safe mode. Does Boot Mode: Normal not = Normal mode? Also, I do not know what that file is.

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7041
                                  #9
                                  This is farbar service scanner. ???

                                  Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
                                  Post the log created.

                                    Comment

                                    • thiisnacc
                                      PCHF Member
                                      • Apr 2022
                                      • 55
                                      #10
                                      Originally posted by Malnutrition
                                      This is farbar service scanner. ???

                                      Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
                                      Post the log created.
                                      Sorry about that

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7041
                                          #11
                                          Please scan this file at VirusTotal

                                          C:\Users\User\AppData\Roaming\SetupProd_Act.exe

                                            Comment

                                            • thiisnacc
                                              PCHF Member
                                              • Apr 2022
                                              • 55
                                              #12
                                              Originally posted by Malnutrition
                                              Please scan this file at VirusTotal

                                              C:\Users\User\AppData\Roaming\SetupProd_Act.exe
                                              [ATTACH type=“full”]9447[/ATTACH]

                                              If I remember correctly this is a application that repairs Microsoft Office issues. I do not know what the sarabat.bat is though or why my desktop.ini file is visible

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7041
                                                  #13
                                                  Ok. I’m on my phone…

                                                  Let me make a detailed reply when I get home. That will be in an hour or maybe 2

                                                    Comment

                                                    • thiisnacc
                                                      PCHF Member
                                                      • Apr 2022
                                                      • 55
                                                      #14
                                                      Originally posted by Malnutrition
                                                      Ok. I’m on my phone…

                                                      Let me make a detailed reply when I get home. That will be in an hour or maybe 2
                                                      Sure

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7041
                                                          #15
                                                          Ok.
                                                          Let’s do this…

                                                          FRST Fix.

                                                          Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



                                                          Step2:
                                                          ZHP cleaner Scan.
                                                          Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
                                                          Once you have started the program, you will need to click the scanner button.
                                                          The program will close all open browsers!
                                                          Once the scan is completed, the you will want to click the Repair button.
                                                          At the end of the process you may be asked to reboot your machine.
                                                          After you reboot a report will open on your desktop.
                                                          Attach the report here in your next reply.


                                                          Step 3:
                                                          ZHP Diag Scan Click here to download.
                                                          Save to your desktop.
                                                          Right Click Run as Admin.
                                                          Click the Options button.
                                                          Click on Check All
                                                          Then click close.
                                                          Click the Scanner button.
                                                          When complete please push the report button.
                                                          A notepad will open… attach the report in your next reply.



                                                          As far as adware cleaner, right click run as admin, if nothing is found then run the basic repair.

                                                          [ATTACH type=“full” alt=“Capture.PNG”]9449[/ATTACH]

                                                            Comment

                                                            Previous 1 2 3 4 5 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree