Tweet
Here is the adware file.
-
-
As far as pasting the code goes, you did exactly what was asked. The program works from the clipboard.
How is the machine running?
Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.Comment
-
It is running fine until it locks up. It locked up before you had me run everything. Hopefully it wont again.Comment
-
Ok, we have removed a whole slew of garbage from this machine. I am currently at work, so I will check over the logs when I get home.
Please run this for me. I am sure more garbage will be removed by this tool. And once I get home I’ll provide another fix for you after checking the logs.
Make sure and disable your antivirus/defender prior to the scan.
[ul]
[li]Download ESET Online Scanner from herea nd save it to your Desktop.[/li][li]Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.[/li][li]Click Get started.[/li][li]In the Terms of use screen, click Accept if you agree to the Terms of use.[/li][li]Click Get started in the welcome screen.[/li][li]Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.[/li][li]Click Computer scan, in the Welcome back screen.[/li][li]Choose Full scan on the next screen.[/li][li]Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan[/li][li]When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.[/li][li]ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue[/li][li]You will now be offered a trial version of ESET Internet Security.Click continue[/li][li]On the next screen, you can leave feedback about the program if you wish.[/li][li]Select Delete application’s data on closing, if you are short of disk space or do not wish to retain the program for future use.[/li][li]If you left feedback, click Submit and continue. If not, Close without feedback.[/li][li]Copy and paste the contents of the ESETScan.txt file in your next reply.[/li][/ul]Comment
-
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 DeleteKey: HKLM\SOFTWARE\499c114e-8890-5040-9c02-24abe7d3ebe9 DeleteKey: HKCU\SOFTWARE\iWinArcade DeleteKey: HKU\.DEFAULT\SOFTWARE\iWinArcade DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\iWinArcade DeleteKey: HKU\.DEFAULT\Software\ByteFence DeleteKey: HKU\S-1-5-18\Software\ByteFence DeleteKey: HKLM64\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence DeleteKey: HKU\.DEFAULT\Software\ByteFence DeleteKey: HKU\S-1-5-18\Software\ByteFence DeleteKey: HKCU\Software\undefined DeleteKey: HKLM64\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 DeleteKey: HKLM\SOFTWARE\499c114e-8890-5040-9c02-24abe7d3ebe9 DeleteKey: HKLM\SOFTWARE\WOW6432Node\IObit DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer Manager DeleteKey: HKCU\SOFTWARE\TeamViewer DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\TeamViewer DeleteKey: HKLM\SOFTWARE\WOW6432Node\Wondershare DeleteKey: HKCU\SOFTWARE\Wondershare DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Wondershare DeleteKey: HKLM\SOFTWARE\ComodoGroup DeleteKey: HKLM\SOFTWARE\WOW6432Node\ComodoGroup DeleteKey: HKLM\SOFTWARE\ZmnGlobalSDK DeleteKey: HKCU\SOFTWARE\Avast Software DeleteKey: HKCU\SOFTWARE\Browser Cleanup DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software DeleteKey: HKU\.DEFAULT\SOFTWARE\Browser Cleanup DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Avast Software DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Browser Cleanup DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cdloader DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|PlariumPlay DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|launcher DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cdloader DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|PlariumPlay DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|launcher DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SunJavaUpdateSched C:\ProgramData\IObit C:\Users\stormy\AppData\Roaming\IObit C:\Users\stormy\AppData\LocalLow\IObit C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys C:\Program Files (x86)\TeamViewer C:\Program Files (x86)\TeamViewer Manager 9 C:\Users\stormy\AppData\Roaming\TeamViewer C:\Users\stormy\AppData\Roaming\TeamViewer Manager C:\WINDOWS\System32\drivers\teamviewervpn.sys C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys C:\Program Files (x86)\Common Files\Wondershare C:\Users\stormy\AppData\Roaming\Wondershare C:\Users\stormy\AppData\Local\Wondershare C:\Program Files (x86)\AVAST Software C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater C:\Users\stormy\AppData\Roaming\Avast Tuneup C:\Program Files\Avast Software\Cleanup\TuneupUI.exe C:\WINDOWS\Installer\42bc65e4.msi C:\ProgramData\Trymedia C:\Users\stormy\AppData\Local\amulet C:\ProgramData\Trymedia C:\Users\stormy\AppData\Local\amulet C:\WINDOWS\System32\drivers\wireguard.sys C:\WINDOWS\System32\drivers\nlwt.sys C:\Windows\System32\Tasks\Games Reboot: End::
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.[/COLOR]Comment
-
This was a long process. About 120k files into the scan my pc locked up. I was able to move the mouse around and right click things but nothing responded. I had to do a hard reboot. I just finished the scan which took 10+ hours. Not sure if you want me to do your recent post still.Originally posted by MalnutritionComment
-
Yes please. Also, this will not take nearly as long.Originally posted by StormyComment
-
I have attached both log files of FRST and ZHP
This is what I get when I hit the repair button in ZHP. It is asking for a script?
Comment
-
You need ZHP cleaner. Here I uploaded a copy for you.
@Stormy these are two different programs.Comment
-
OH lol OK I will run that and be back in a bit. So many cool programs, I do not know how you keep trackOriginally posted by MalnutritionComment
-
Here we go.Comment
-
Machine just locked up again and this is in the event viewer :
Name resolution for the name b1sync.zemanta.com timed out after none of the configured DNS servers responded.
After reboot these 2 events popped up:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user docshopetoplay\stormy SID (S-1-5-21-1489974321-262691052-1310840580-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user docshopetoplay\stormy SID (S-1-5-21-1489974321-262691052-1310840580-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Comment
-
Please post Fresh FRST and addition.txt logsComment
-
Here you goComment
-
You are running multiple VPN om this machine.
OpenVPN
ProtonVPN
nordvpn
teamviewervpn
Are you actually using them?
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{656078cc-ccb9-2943-99f6-a7606543c8cb}\localserver32 -> "C:\Users\stormy\AppData\Local\PlariumPlay\8.6.0-0.0.1\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File HKU\S-1-5-21-1489974321-262691052-1310840580-1000\...\Run: [MicrosoftEdgeAutoLaunch_7B77D97F8D9A6789E109A5D8CA0258A2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3894824 2023-11-08] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.159\Installer\chrmstp.exe [2023-11-15] (Google LLC -> Google LLC) Task: {B8B29EAE-7EBD-4A93-98B7-528C9ACEA5A4} - \Games\UpdateCheck_S-1-5-21-1489974321-262691052-1310840580-1000 -> No File <==== ATTENTION Task: {E81DE5FE-20E3-4559-ABC1-0AE0878A7078} - System32\Tasks\{081AB658-AFCE-4197-A2C0-347360638DFC} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe (No File) Task: {ED0A2454-B1CB-4CFE-B28D-D5FBB0B60834} - System32\Tasks\{08C84F9C-4D8A-441A-A1FE-2F79CE4DC484} => C:\Program Files (x86)\LeeGT-Games\Golden Rails - Road to Klondike CE\GoldenRails_RoadToKlondike_CE.exe (No File) Task: {541F4A55-A86F-43BA-B00A-04A2D38B8248} - System32\Tasks\{2BF06911-2770-4AAE-82AC-9F257664117B} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe (No File) Task: {FB43DB3F-3688-4725-B7C9-934D6F9B6789} - System32\Tasks\{2FEBF5CB-780D-41E6-9772-692864E4202E} => C:\Program Files (x86)\LeeGT-Games\Golden Rails - Road to Klondike CE\GoldenRails_RoadToKlondike_CE.exe (No File) Task: {95DC5F43-F12A-40BC-8460-A591B1841F16} - System32\Tasks\{38D0DEFD-924D-43DC-BEAC-CC202E948100} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe (No File) Task: {661D2DA3-9365-44A8-BA7B-295447B8E457} - System32\Tasks\{3C768A61-9195-462B-9941-FC587BD90956} => C:\Program Files (x86)\LeeGT-Games\Dreamwalker - Never Fall Asleep\Dreamwalker.exe (No File) Task: {96F559E0-1B7E-4AE8-BF43-9B95A5860654} - System32\Tasks\{45A06CD8-2672-4E04-B6CE-EAAFFDE904C5} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe (No File) Task: {5AC0398E-E54C-4D1B-A12B-201A9B524FA7} - System32\Tasks\{500554F9-8ED5-47B5-BD04-ADF231C5D431} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a "E:\Downloads\HellHades.ArtifactExtractor.Installer.v1.0.0-1-g74341f4 (1).exe" -d E:\Downloads Task: {79CB5222-D81F-4BA8-8BC2-A41EF84F379E} - System32\Tasks\{548D4558-3A1D-4BC2-A941-EE28CD113490} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\R.O.H.A.N_Blood_Feud\GoUninstRBF.exe Task: {B1C92DB1-97F0-4AFA-88F2-38BAA94A3956} - System32\Tasks\{58555AAD-F1D6-4C01-9C9A-AA684645BF42} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a "E:\Downloads\HellHades.ArtifactExtractor.Installer.v1.0.0-1-g74341f4 (6).exe" -d E:\Downloads Task: {7AB6E9F6-836A-4422-B262-C26CDC921C17} - System32\Tasks\{62B28AD1-2EA7-41B1-8257-982C1F13DC96} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe (No File) Task: {2043D5F2-FC37-4101-BDB1-29756CDD23F2} - System32\Tasks\{6E39AAF3-491C-4942-8473-73FB898A1597} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe (No File) Task: {5184B0ED-68D9-4E57-8AE1-9A8B8DC30E87} - System32\Tasks\{CC19241C-CB7C-464B-BC0F-7E86E149E4F5} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\GAMES\WordsWithGizmos\uninstall\uninstaller.exe Task: {8450A914-D2E0-4587-8F9B-C42E84F4DA33} - System32\Tasks\{F1432D80-9968-4831-84CD-CCE4777541E4} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files\Epic Games\Borderlands2\Binaries\Redist\BorderlandsInstaller.exe" -d "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64" Task: {7788CF43-79A7-4E19-92F8-60FC2BE94695} - System32\Tasks\{F5C92433-DD20-490C-8564-5640A3052C72} => C:\Windows\system32\pcalua.exe [53760 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> -a E:\Downloads\HellHades.ArtifactExtractor.Installer.v1.0.0-1-g74341f4.exe -d E:\Downloads Task: {C14AE301-1340-458A-88F6-7773E12520AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.) Task: {F3C88B2C-0F5A-4C39-BA77-DBCA8FCECE1F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [803968 2010-01-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {5C70C195-6D77-499C-99AB-FE2AF68CC799} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\stormy\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-11-14] (ESET, spol. s r.o. -> ESET) Task: {B1441697-2BA1-4AFC-A461-25CC3F86C4C5} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\stormy\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-11-14] (ESET, spol. s r.o. -> ESET) Task: {F99A6BAD-CC76-4D41-BC41-8E92544CFBA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-15] (Google Inc -> Google Inc.) Task: {3CB90849-AABB-40AE-B0B1-2EDB656F3110} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-15] (Google Inc -> Google Inc.) Task: {61150B93-4FBD-44B2-9593-67ACEF481445} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6899232 2021-05-24] (Nota,Inc. -> Nota Inc.) Task: {ABA85731-16D6-42E2-A0A5-8CB6DD978340} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6899232 2021-05-24] (Nota,Inc. -> Nota Inc.) Task: {F258AF33-87A0-4878-92BB-AB826C143F36} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676256 2023-11-07] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {84F48AD4-F591-484C-A1C3-0E42CA0C9614} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [723872 2023-11-07] (Mozilla Corporation -> Mozilla Foundation) Task: {B5CCEA22-F507-4049-9B9A-01D8861D12DD} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe [71680 2023-11-14] (Microsoft Windows -> Microsoft Corporation) -> url.dll,FileProtocolHandler "hxxps://start.roboform.com#updated=1691890176" Task: {8D29FEAE-6B57-49C9-B41B-998B44514727} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15262936 2018-06-30] (Goversoft LLC -> Goversoft LLC) Task: {C344C4DE-FB91-4E84-8868-0E9E68E01C0D} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> hxxps://start.roboform.com#updated=1671169595 Task: {6485C313-21BC-4BC5-85B2-D219D51E0AC6} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [156464 2023-08-12] (Siber Systems -> Siber Systems) CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\stormy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-11-15] S3 nlwt; system32\DRIVERS\nlwt.sys [X] S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X] S3 WireGuard; \SystemRoot\System32\drivers\wireguard.sys [X] C:\Windows\System32\Tasks\Mozilla C:\Windows\System32\Tasks\Microsoft\Windows\AvastAntiTrackPremium C:\Windows\System32\Tasks\ASUS C:\Windows\System32\Tasks\PrivaZer_SkipUAC C:\Windows\System32\Tasks\Open URL by RoboForm C:\Windows\System32\Tasks\Run RoboForm Process C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon C:\Windows\System32\Tasks\{081AB658-AFCE-4197-A2C0-347360638DFC} C:\Windows\System32\Tasks\{08C84F9C-4D8A-441A-A1FE-2F79CE4DC484} C:\Windows\System32\Tasks\{2BF06911-2770-4AAE-82AC-9F257664117B} C:\Windows\System32\Tasks\{2FEBF5CB-780D-41E6-9772-692864E4202E} C:\Windows\System32\Tasks\{38D0DEFD-924D-43DC-BEAC-CC202E948100} C:\Windows\System32\Tasks\{3C768A61-9195-462B-9941-FC587BD90956} C:\Windows\System32\Tasks\{45A06CD8-2672-4E04-B6CE-EAAFFDE904C5} C:\Windows\System32\Tasks\{500554F9-8ED5-47B5-BD04-ADF231C5D431} C:\Windows\System32\Tasks\{548D4558-3A1D-4BC2-A941-EE28CD113490} C:\Windows\System32\Tasks\{58555AAD-F1D6-4C01-9C9A-AA684645BF42} C:\Windows\System32\Tasks\{62B28AD1-2EA7-41B1-8257-982C1F13DC96} C:\Windows\System32\Tasks\{6B8323E3-EE61-F4C3-E2A8-4E260BF128ED} C:\Windows\System32\Tasks\{6E39AAF3-491C-4942-8473-73FB898A1597} C:\Windows\System32\Tasks\{CC19241C-CB7C-464B-BC0F-7E86E149E4F5} C:\Windows\System32\Tasks\{F1432D80-9968-4831-84CD-CCE4777541E4} C:\Windows\System32\Tasks\{F5C92433-DD20-490C-8564-5640A3052C72} C:\Windows\System32\Tasks\Adobe Acrobat Update Task C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: sfc /scannow cmd: winmgmt /salvagerepository cmd: winmgmt /verifyrepository CMD: powercfg.exe /setactive 381b4222-f694-41f0-9685-ff5bb260df2e CMD: sc stop sysmain CMD: sc config sysmain start= disabled CMD: sc stop DiagTrack CMD: sc config DiagTrack start= disabled CMD: sc stop dmwappushservice CMD: sc config dmwappushservice start= disabled CMD: sc stop WSearch CMD: sc config WSearch start= disabled CMD: sc stop lfsvc CMD: sc config lfsvc start= disabled CMD: del /s /q %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl CMD: echo "" > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl emptytemp: Reboot: End::
I suggest you remove telemetry with this tool. O&O Shutup Ten
Uninstall any useless to you apps with O&O App Buster Also, remove any unused programs with GeekUninstaller. Use Force mode to do it faster.
Disable Bitlocker Here is a link explaining why.
Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.
[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul][/COLOR]Comment
Comment