PC locking up

**PeterOz** · 11-11-2023, 11:15 PM

instead of that snapshot please supply the speccy link and ps specs.
[HEADING=3]Can you Download and run and then post. Speccy - Free Download
To publish a Speccy profile to the Web:[/HEADING]
[HEADING=3]In Speccy, click File, and then click Publish Snapshot.[/HEADING]
In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.

Speccy publishes the profile and displays a second Publish Snapshot dialog box. You can open the URL in your default browser, copy it to the clipboard, or close the dialog box.

The last part of each URL is randomized, so only people you provide with the URL will be able to find your profile.

The information given in Speccy cannot be used by anyone to hack your system

Could you also include the power supply specs E.g Cooler Master 850W Gold V2 NOT E.g 850w

**jmarket** · 11-12-2023, 04:00 PM

http://speccy.piriform.com/results/Jc3xpQ85fuPzZmxOIFHhMCg

I am trying to find the power supply info. The way it is facing, I cant see the info.

**PeterOz** · 11-12-2023, 08:54 PM

At first glance
Step 1) You need to free up space on C drive you have only 22% free is below recommendation, 35% would be better.
Step 2) Uninstall Avast antivirus (can be reinstalled later if you wish) Windows has built in security that is better than 3rd party anti virus.
Step 3) Do you need java? If not uninstall.

**jmarket** · 11-12-2023, 09:09 PM

Originally posted by PeterOz

At first glance
Step 1) You need to free up space on C drive you have only 22% free is below recommendation, 35% would be better.
Step 2) Uninstall Avast antivirus (can be reinstalled later if you wish) Windows has built in security that is better than 3rd party anti virus.
Step 3) Do you need java? If not uninstall.

I am stuck in old school PC health, I remember it was always 20% free. I should have known though when windows grew in size, so should the free space.

I am so glad to see that I can get rid of Avast. I wasn’t sure about windows version.

Isn’t Java needed for browser based games? Or am I confusing that with the old flash?

**PeterOz** · 11-13-2023, 01:52 AM

If you are not sure about needing Java leave it for now.

**PeterOz** · 11-13-2023, 02:57 AM

Download MiniToolBox and save the file to the Desktop.

Close the browser and run the tool, check the following options;

List last 10 Event Viewer Errors
List Installed Programs
List Devices (Only Problems)
List Users, Partitions and Memory size

Click on Go.

Post the resulting log in your next reply for us as an attachment

**jmarket** · 11-13-2023, 05:30 AM

Here is the log. The 2 apps under Windows Defender has already been deleted.

**PeterOz** · 11-13-2023, 06:27 AM

What about the power supply information

**PeterOz** · 11-13-2023, 06:33 AM

Before we go any further, I will tag @Malnutrition to have a look.
Antivirus has detected malware or other potentially unwanted software.

**PeterOz** · 11-13-2023, 06:36 AM

Did Avast report a clean uninstall?
If not.

Avast Removal Tool | Download Avast Clear | Avast

https://www.avast.com/uninstall-utility#pc

**Malnutrition** · 11-13-2023, 10:23 AM

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post

**jmarket** · 11-14-2023, 03:46 AM

I still can not see which power supply I have. I know it is between 800w-900w and I usually bought Thermaltake.
Yes Avast reported a clean uninstall.

This FRST app is very cool. I have attached both files. What are you able to find with this app?

**Malnutrition** · 11-14-2023, 07:42 AM

Uninstall with Geek Uninstaller.

System Mechanic (HKLM...{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 19.5.0.1 - iolo Technologies, LLC)
Wondershare Helper Compact 2.5.2 (HKLM-x32...{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {867E9427-CFFD-43F0-9924-28758278BCB0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {CCD009B4-EC2B-46B8-B460-4493F100AEB5} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {0F7862A1-8A6A-4228-AED9-3D2B80D5180E} - System32\Tasks\{A04F52BA-62C2-4BE3-86D4-BE16C7093FDE} => C:\Program Files (x86)\Origin Games\Apex\r5apex.exe  (No File)
Task: {CE7B47F3-F7A0-4D53-A41D-795B47769C6C} - System32\Tasks\{AB11FBA2-A678-4577-98D0-A4DF906CC0FE} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe  (No File)
Task: {80C9BE5E-1EB0-406A-8C14-80712B29A927} - System32\Tasks\{BE093B32-7174-466C-8551-E41304629DD6} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe  (No File)
Task: {7C608E0F-4851-498D-8196-D8D7D2CE874D} - System32\Tasks\{BF1EABB1-DF87-4FCB-A1CA-1D9077E786C8} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe  (No File)
Task: {C7722128-F4F5-46D9-8842-66C786E82E70} - System32\Tasks\{CF20E479-9277-4D37-BBF1-DB21356480DE} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe  (No File)
Task: {5D9FA69E-F5B1-4D49-B2A8-AB41A5FF2AE5} - System32\Tasks\{ECAB7DF4-3925-4A22-99A0-1604961FE5AC} => C:\Program Files (x86)\LeeGT-Games\Golden Rails - Road to Klondike CE\GoldenRails_RoadToKlondike_CE.exe  (No File)
Task: {C75B8E0E-16B6-48E8-8431-38409EFF7508} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe  -LogonOrUnlock (No File)
Task: {1D0D2E16-B016-40A0-B920-EA52036C55AB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe  -Daily (No File)
Task: {AF7C0C4E-71C2-4EF2-A6A6-50266A8D2578} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {98A44AB1-71B4-4B3C-8634-1771C7BA7A57} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {0FD6F168-1E81-49BF-B351-EF2A67CC2009} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe  tray (No File)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1489974321-262691052-1310840580-1000\...\Run: [launcher] => C:\Program Files (x86)\Watcher of Realms\moontonlauncher.ex (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.124\Installer\chrmstp.exe [2023-11-09] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {F1AD9D2B-E13E-4150-B46E-BED156022F31} - System32\Tasks\{048A8EFA-45E1-4A04-AC6C-365549D4EF82} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\LeeGT-Games\Hiddenverse - Witchs Tales 2\Uninstall.exe" -d "C:\Program Files (x86)\LeeGT-Games\Hiddenverse - Witchs Tales 2\"
Task: {BB29457D-6997-45F2-833E-22E82A263F5C} - System32\Tasks\{0712E062-04BD-4F50-AF2D-518C9251781B} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a "E:\Downloads\HellHades.ArtifactExtractor.Installer.v1.0.0-1-g74341f4 (4).exe" -d E:\Downloads
Task: {F6FDBE15-1CD4-40E6-B469-6F42C2EF038F} - System32\Tasks\{38D145DB-C32A-4E83-9EB4-2CFE207CD5A3} => E:\Downloads\TheUnexpectedQuestCE\The Unexpected Quest CE.exe [317467903 2021-12-18] () [File not signed]
Task: {D20C6A24-02A8-4B60-B9B5-545F14C1866F} - System32\Tasks\{450FCDC3-F46C-4B3C-9746-3522B8F35FCC} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\stormy\AppData\Local\Temp\jre-8u201-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {DEEC2839-85CC-4AAC-B954-123F63DF0142} - System32\Tasks\iolo\ActiveMessenger => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -ammode
Task: {68875BC2-8EB5-40D4-8FA0-7CFF0F2C979C} - System32\Tasks\iolo\ActiveReporter => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -armode
Task: {4076D30F-03B9-4BFB-BC54-431CFA17DF10} - System32\Tasks\iolo\ActiveSync => C:\Program Files\iolo technologies\System Mechanic\activebridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -scheduler -asmode
Task: C:\WINDOWS\Tasks\{6B8323E3-EE61-F4C3-E2A8-4E260BF128ED}.job => C:\Users\stormy\AppData\Roaming\Lolor\SYNHEL~1.EXE
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [53904 2017-11-11] (AVAST Software s.r.o. -> The OpenVPN Project)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [88720 2020-04-24] (Avast Software s.r.o. -> Windows (R) Win 7 DDK provider)
2023-11-12 15:17 - 2018-05-12 14:48 - 000000000 ____D C:\Users\stormy\AppData\Local\AVAST Software
2023-11-12 15:17 - 2017-11-11 00:07 - 000000000 ____D C:\Users\stormy\AppData\Roaming\AVAST Software
2023-11-12 13:10 - 2023-06-26 19:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-11-12 13:10 - 2017-11-11 00:04 - 000000000 ____D C:\ProgramData\AVAST Software
C:\WINDOWS\System32\DRIVERS\aswTap.sys
C:\WINDOWS\System32\drivers\netfilter2.sys
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3612ADDC-4B26-46D3-A796-4C9EE274B6A2}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{3612ADDC-4B26-46D3-A796-4C9EE274B6A2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4AF2120-5483-4B9E-A871-7ADA06250438}: [DhcpNameServer] 8.8.8.8
S3 mracsvc; C:\Windows\System32\mracsvc.exe [23539928 2021-11-01] (LLC Mail.Ru -> LLC Mail.Ru)
S3 myacsvc; C:\WINDOWS\System32\myacsvc.exe [28678888 2023-09-28] (MY.GAMES B.V. -> MY.GAMES B.V.)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [22777400 2021-11-01] (LLC Mail.Ru -> LLC Mail.Ru)
C:\Windows\System32\mracsvc.exe
C:\WINDOWS\System32\myacsvc.exe
C:\WINDOWS\System32\drivers\mracdrv1.sys
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 idsvc; no ImagePath
2023-10-28 18:03 - 2023-10-28 18:03 - 000000000 ____D C:\Users\stormy\AppData\Local\iolo technologies
2023-10-28 18:02 - 2023-10-28 18:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\iolo
2023-10-28 18:01 - 2023-10-28 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iolo Technologies
2023-10-28 18:01 - 2023-10-28 18:01 - 000000000 ____D C:\Program Files\iolo technologies
2023-10-28 18:00 - 2023-10-28 18:03 - 000000000 ____D C:\ProgramData\iolo technologies
2018-03-18 01:14 - 2023-05-25 18:29 - 000000755 _____ () C:\Users\stormy\AppData\Roaming\SAS7_000.DAT
2018-03-16 19:58 - 2018-03-16 19:58 - 000000047 _____ () C:\Users\stormy\AppData\Roaming\WB.CFG
2021-06-29 18:41 - 2023-10-08 03:05 - 000081898 _____ () C:\Users\stormy\AppData\Local\PlariumPlay.log
2019-07-17 22:54 - 2019-07-17 22:54 - 000000218 _____ () C:\Users\stormy\AppData\Local\recently-used.xbel
2018-03-17 11:15 - 2023-01-21 13:55 - 000007619 _____ () C:\Users\stormy\AppData\Local\Resmon.ResmonCfg
2022-12-14 17:01 - 2022-12-14 17:01 - 000000076 _____ () C:\Users\stormy\AppData\Local\TempGameCenter.main.log
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{256dcec2-5c75-c860-0e63-9f46c10ced98}\localserver32 -> "C:\Users\stormy\AppData\Local\PlariumPlay\8.5.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{5f09f1a2-2411-9ca8-f9fc-deff0b5ff42a}\localserver32 -> "C:\Users\stormy\AppData\Local\PlariumPlay\8.5.0-0.0.1\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{eb1fdd5b-8f70-4b5a-b230-998a2dc19303}\localserver32 -> C:\Users\stormy\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe => No File
Toolbar: HKU\S-1-5-21-1489974321-262691052-1310840580-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{D7EE3166-7196-4CEB-ABA9-81D919BE47D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2BB53E33-B084-4199-8A65-F7EF3761EDB0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{47F66E92-4A62-470D-8F30-D54176770821}F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe] => (Allow) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [UDP Query User{F00C575A-DF3F-4D3F-B498-EA37247BD537}F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe] => (Allow) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [{0BF1CC91-724F-4ECC-8192-2A2FC07E003A}] => (Block) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [{CD20541A-2271-4E8B-8254-FC47D0A8F8A6}] => (Block) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [TCP Query User{B10FAB3C-85A4-48D5-A26B-725D79EEB0B8}C:\r.o.h.a.n_blood_feud\rohanclient.exe] => (Allow) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [UDP Query User{5394954C-F9E6-4C6E-A796-DD457B3E1A1E}C:\r.o.h.a.n_blood_feud\rohanclient.exe] => (Allow) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [{D553CB34-E61B-4D53-9E59-E32840657701}] => (Block) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [{932ECEDB-947C-4C23-B829-5C4C904AFA52}] => (Block) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [TCP Query User{34D543B2-AB82-4981-A966-3BA57495B3C1}C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe] => (Allow) C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe => No File
FirewallRules: [UDP Query User{988AEF1D-5799-4E2F-8106-A5150A79437C}C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe] => (Allow) C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe => No File
FirewallRules: [TCP Query User{E545E686-646E-4262-A227-B230CC9D6163}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{E8E1EC0C-B5FE-4730-BB75-9DCFF0DF76FD}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [{9B0A77B1-E2E6-4C7A-B7E4-2CCFEF519820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [{25F729E1-195C-436B-8A37-381F74EC3823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [TCP Query User{1933FA72-777C-4012-AC13-D3A05F814A0F}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe => No File
FirewallRules: [UDP Query User{B0D864C9-D623-4F9C-BE0E-7B8E826934FF}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe => No File
FirewallRules: [TCP Query User{243E565E-0036-4E50-9537-93B236B3ABDE}E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{73AB5C17-9B72-4588-9DC5-DB7E74D62520}E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP Query User{1204EFF5-04BD-49B7-A29E-18D7D950098A}C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe] => (Allow) C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe => No File
FirewallRules: [UDP Query User{5BBF3A13-5AA8-4AD1-9F69-1740D526EC03}C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe] => (Allow) C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe => No File
FirewallRules: [{63928384-9B85-4C5E-949E-91D085B5D570}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Employee A Demo\EmployeeA-demo_v1.2.0-market\EmployeeA.exe => No File
FirewallRules: [{70650560-E7AB-446D-87BA-25987A1CF7A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Employee A Demo\EmployeeA-demo_v1.2.0-market\EmployeeA.exe => No File
FirewallRules: [{655D71A4-553B-41DA-981E-82CC5815E47E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [{7A15A7D7-686A-41F4-9C4C-00BB7118F72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [TCP Query User{208A1499-0910-4807-B4CD-953126A7CE04}C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe => No File
FirewallRules: [UDP Query User{CCEC2084-1D7A-4A1D-920C-ED1CFE0B4148}C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe => No File
FirewallRules: [TCP Query User{BA5C05DD-8974-4B44-AD1D-245431A27CC9}C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe] => (Block) C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe => No File
FirewallRules: [UDP Query User{7BE1080A-13C9-4322-B630-03C251415BB5}C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe] => (Block) C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe => No File
FirewallRules: [TCP Query User{9475C08D-1AB9-4704-8790-6E47A618F14F}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{B4F91AAA-2040-476B-A5E1-8D1E0DFFCC7E}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP QUERY USER{C91799B7-AED3-4A4E-874E-20EFBFB1F007}E:\DOWNLOADS\UNUSUAL_FINDINGS\UNUSUAL_FINDINGS\UNUSUAL FINDINGS.EXE] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [UDP QUERY USER{4A2214C0-A1FF-47B0-A960-8393F221566C}E:\DOWNLOADS\UNUSUAL_FINDINGS\UNUSUAL_FINDINGS\UNUSUAL FINDINGS.EXE] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [TCP Query User{F1775305-C28F-4DD6-AF36-4D920D1BC348}E:\downloads\unusual_findings\unusual_findings\unusual findings.exe] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [UDP Query User{13C7B3A5-AB51-493F-8F98-8558D98E2B02}E:\downloads\unusual_findings\unusual_findings\unusual findings.exe] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [TCP Query User{9D8D7851-65D3-48B0-933E-CDFA09874408}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{AE05FEE9-1638-43E4-8527-AC5A29194F64}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP Query User{5BB9BA0D-4188-413C-8E3B-8855640F5D65}E:\downloads\factorytownidle\factory town idle\factory town idle.exe] => (Allow) E:\downloads\factorytownidle\factory town idle\factory town idle.exe => No File
FirewallRules: [UDP Query User{6391A94C-7BBD-4033-BCDE-71F3997A26C2}E:\downloads\factorytownidle\factory town idle\factory town idle.exe] => (Allow) E:\downloads\factorytownidle\factory town idle\factory town idle.exe => No File
AlternateDataStreams: C:\ProgramData\TEMP:03A39BFB [286]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
AlternateDataStreams: C:\ProgramData\TEMP:1AB4A9BA [286]
AlternateDataStreams: C:\ProgramData\TEMP:1C9D2BC6 [121]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:423BD573 [280]
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92 [276]
AlternateDataStreams: C:\ProgramData\TEMP:591267A3 [118]
AlternateDataStreams: C:\ProgramData\TEMP:751D6870 [117]
AlternateDataStreams: C:\ProgramData\TEMP:7F981AD1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:8855A119 [138]
AlternateDataStreams: C:\ProgramData\TEMP:89CC3B44 [368]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [148]
AlternateDataStreams: C:\ProgramData\TEMP:BB80A688 [132]
AlternateDataStreams: C:\ProgramData\TEMP:BBEA9471 [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8A40DC8 [286]
AlternateDataStreams: C:\ProgramData\TEMP:C8FBA764 [124]
AlternateDataStreams: C:\ProgramData\TEMP:D4D85847 [143]
AlternateDataStreams: C:\ProgramData\TEMP:DA12E82D [119]
AlternateDataStreams: C:\ProgramData\TEMP:E604EE00 [135]
AlternateDataStreams: C:\ProgramData\TEMP:FBD2878A [119]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
FirewallRules: [{2680ED6A-EDE9-4B2E-B714-8281C7FB3277}] => (Allow) LPort=51001
FirewallRules: [{72ED54FB-147C-4FD7-9CBD-24CCB9E10744}] => (Allow) LPort=80
FirewallRules: [{50826F1A-BAC7-4ACE-BBAF-87BED40D5593}] => (Allow) LPort=443
FirewallRules: [{C0116BC6-8E6B-46B6-A52E-05BE5CE15E64}] => (Allow) LPort=20010
FirewallRules: [{39149C78-DE58-499C-B893-0D7C961FC670}] => (Allow) LPort=3478
FirewallRules: [{922D4EA8-13D6-4A89-B159-04F11BD515FB}] => (Allow) LPort=7850
FirewallRules: [{47EBA1F4-B685-48C6-848F-23F6AEB5B9C4}] => (Allow) LPort=7852
FirewallRules: [{26D1FCBC-3B8D-4FC7-9675-63114EA92D6D}] => (Allow) LPort=7853
FirewallRules: [{EA679DAF-A652-42BC-BBFE-FD95F52A6764}] => (Allow) LPort=27022
FirewallRules: [{CD1F5DBA-E1E1-45DA-A2FD-AFBE10D0C60F}] => (Allow) LPort=6881
FirewallRules: [{DEAA2E4F-67F0-4A75-A317-46A9CFB4F6CC}] => (Allow) LPort=33333
FirewallRules: [{711E67DD-03A7-485C-AEB4-607B6175FB5E}] => (Allow) LPort=20443
FirewallRules: [{1BFB8ECC-43B6-4BF8-BBBC-EA9DE1EB5166}] => (Allow) LPort=8090
C:\Program Files\iolo technologies
C:\WINDOWS\system32\drivers\etc\hosts.ics
C:\Windows\system32\drivers\etc\hosts
Hosts:
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd:  bitsadmin /list /allusers
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Folder: C:\Windows\System32\Tasks
Reboot:
End::

Adware Cleaner

[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

Once everything above is completed, then re run FRST64.exe and provide fresh FRST and addition.txt logs.[/COLOR]

**jmarket** · 11-14-2023, 10:29 AM

Am I supposed to copy that code to FRST or adcleaner? I clicked fix once, expecting a dialogue box to come up so I could paste that code. Instead it fixed whatever is default I guess.

PC locking up

PC locking up

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment