computer startup slow, fan running at all times, below optimal performance..

**Malnutrition** · 09-03-2024, 05:33 PM

Alright, give me a few to look this over.

**khval94** · 09-03-2024, 05:38 PM

Hey Mal, long time no see!

I also ran Malwarebytes AdwCleaner. Here’s the log for that scan and quarantine:
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.4.2.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 03-04-2024[/HEADING]
[HEADING=1]Database: 2024-03-04.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 09-03-2024[/HEADING]
[HEADING=1]Duration: 00:00:39[/HEADING]
[HEADING=1]OS: Windows 11 (Build 22631.4037)[/HEADING]
[HEADING=1]Cleaned: 12[/HEADING]
[HEADING=1]Awaiting reboot:1[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run |HPSEU_Host_Launcher
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Classes\CLSID{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Needs Reboot Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT

[+] Delete Tracing Keys
[+] Reset Winsock

***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT

AdwCleaner[S00].txt - [6846 octets] - [18/01/2022 12:11:40]
AdwCleaner[C00].txt - [7135 octets] - [18/01/2022 12:13:30]
AdwCleaner[S01].txt - [3117 octets] - [03/09/2024 11:28:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

**Malnutrition** · 09-03-2024, 06:33 PM

[HEADING=1][COLOR=rgb(243, 121, 52)]A couple of questions:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Do you use or want to use bitlocker?
Did you disable updates?
Do you use OneDrive? — You can remove it if not with the AppBuster program listed below.
Do you still have Voodoo Shield installed?
C:\WINDOWS\System32\DRIVERS\vsscanner.sys

f not there are leftovers from the program still running, I will take care of that on my second fix.

[HEADING=2][COLOR=rgb(243, 121, 52)]Suggestions for later:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]
[HEADING=2][/HEADING]
I am going to remove all update restrictions, and any other anomaly to ensure a good clean up process, you can use these tools below to add anything you want back.

I just ask that you wait until we are done to use [COLOR=rgb(243, 121, 52)]EdgeBlocker-Update-Blocker_ShutUp-Ten, although not recommended to disable updates I understand.

EdgeBlocker
Update Blocker.
O&O ShutUpTen

I suggest SystemNinja In place of CCleaner, as CCleaner has become a bit bulky with running processes etc…

[HEADING=2][COLOR=rgb(243, 121, 52)]Program Removal[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Uninstall these with Geek Uninstaller: (After the FRST fix the hidden items should be visible to uninstall)

CCleaner Update Helper (HKLM-x32...{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden
HP Customer Experience Enhancements (HKLM-x32...{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Registration Service (HKLM-x32...{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 100.0.2 - Mozilla)

With O&O App Buster Remove these items. At the Minimum,.

[COLOR=rgb(243, 121, 52)]I’d really go thru the list and remove anything you are not using! MS installs a lot of crap that is un-needed.

5A894077.McAfeeSecurity → C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0 _x64__wafk5atnkzcwy [2024-04-22] (McAfee LLC.)
HP CoolSense → C:\Program Files\WindowsApps\AD2F1837.HPCoolSense_1.0.6.0_x64 __v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP PC Hardware Diagnostics Windows → C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnostics Windows_1.8.1.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Privacy Settings → C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.4 2.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Support Assistant → C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14 .42.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP System Event Utility → C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1. 3.20.0_x64__v10z8vjag6ke6 [2024-04-19] (HP Inc.)

[HEADING=2][COLOR=rgb(243, 121, 52)]FRST Fix[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Copy the content of the code box below.
[COLOR=rgb(243, 121, 52)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[ICODE] Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Task: {99CBD18C-8340-47E6-9689-0074EC64B6D2} - System32\Tasks\AMHelper => "C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe" /UPDATE (No File) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) Task: {767A9276-EE1B-4139-B86C-3E3C61CAD625} - System32\Tasks\Microsoft\Windows\UpdateOrchestrato r\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File) Task: {AFF02678-BBE8-446A-A292-93B59CAFE01A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrato r\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File) Task: {5524F5C0-F853-4288-9DD0-E454025D17BB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrato r\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File) Task: {B2A07C9A-E5CE-4F58-9F2B-A1ECCF19597B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrato r\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrato r\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {5850DF9E-C54B-4AD0-84F5-8BD81678D529} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1 d998b9d5109660 => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File) Task: {65EC7BA0-1D8A-4A84-B170-EB7E833B0D70} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File) Task: {F0FD26F3-D080-40D1-BE96-FD2C2909D980} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\Scheduled Reports.Scheduler.exe (No File) IFEO\EOSnotify.exe: [Debugger] / IFEO\InstallAgent.exe: [Debugger] / IFEO\MusNotification.exe: [Debugger] / IFEO\MusNotificationUx.exe: [Debugger] / IFEO\remsh.exe: [Debugger] / IFEO\SihClient.exe: [Debugger] / IFEO\UpdateAssistant.exe: [Debugger] / IFEO\upfc.exe: [Debugger] / IFEO\UsoClient.exe: [Debugger] / IFEO\WaaSMedic.exe: [Debugger] / IFEO\WaasMedicAgent.exe: [Debugger] / IFEO\Windows10Upgrade.exe: [Debugger] / IFEO\Windows10UpgraderApp.exe: [Debugger] / HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUp date: Restriction <==== ATTENTION Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{0e48ef0e-80c2-4576-a7e7-80de026ef422}: [NameServer] 198.101.242.72,23.253.163.53 Tcpip\..\Interfaces\{6a51abae-bb7c-4605-a0ad-23f625f9d4c1}: [NameServer] 198.101.242.72,23.253.163.53 Tcpip\..\Interfaces\{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [NameServer] 198.101.242.72,23.253.163.53 Tcpip\..\Interfaces\{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [DhcpNameServer] 40.23.1.13 Tcpip\..\Interfaces\{af5867c7-6a1d-4ef0-a9be-79014e895dec}: [NameServer] 198.101.242.72,23.253.163.53 Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [NameServer] 198.101.242.72,23.253.163.53,10.0.0.1 Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [DhcpDomain] hsd1.co.comcast.net Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [NameServer] 198.101.242.72,23.253.163.53,10.0.0.1 Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [DhcpDomain] hsd1.co.comcast.net HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File BHO: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File FirewallRules: [{35B93676-9AAA-4848-B682-1B8DC8B2B69F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe => No File C:\WINDOWS\system32\drivers\etc\hosts C:\WINDOWS\system32\drivers\etc\hosts.ics Hosts: FirewallRules: [{8633D58E-4EF9-4EFA-8388-865ED351A98F}] => (Allow) LPort=5357 ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions CMD: NETSH winsock reset catalog CMD: NETSH int ipv4 reset reset.log CMD: NETSH int ipv6 reset reset.log CMD: ipconfig /release CMD: ipconfig /renew CMD: ipconfig /flushdns CMD: ipconfig /registerdns CMD: netsh winhttp reset proxy C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Windows\Temp\*.* CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" emptytemp: Reboot: End::[/ICODE]

[HEADING=2][COLOR=rgb(243, 121, 52)]Make certain to run the FRST fix prior to running this:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

[HEADING=2][COLOR=rgb(243, 121, 52)]In your followup reply:[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Please answer the questions:
Attach Fix Log and ZHP log.[/color][/color][/COLOR][/color][/COLOR][/color][/COLOR][/color][/color]

**khval94** · 09-03-2024, 07:22 PM

Answers:

No need for bitlocker (don’t remember installing it..)
I don’t recall if I disabled updates. I vaguely remember doing that in a previous fix but I can’t be certain.
Removed Onedrive (hate it anyway!)
I do not have Voodoo Shield installed.

Actions:

FRST fix
ZHP scan and log
Remove suggested programs and many more with Geek Uninstaller and O&O

My own question:

I tried to remove 3D viewer and Cortana. I had selected remove from computer at first, but received the attached error message for both. Once I switched to remove from all users, it pumped through removing the programs, but these two were no longer on the list. Is this something I need to be concerned with or fix otherwise?

**Malnutrition** · 09-03-2024, 07:32 PM

I’d maybe try and remove the 3D viewer item after a reboot or two. I will link you to a program that will disable Cortana, you can not uninstall it or it may break functionality of the machine. I’ll look over the logs, how are things now, any improvement so far?

**khval94** · 09-03-2024, 08:02 PM

fan usage has subsided a bit. bootup was a little quicker but processing time and program loading is still lagging!

**khval94** · 09-03-2024, 08:21 PM

update: after second reboot things are definitely speeding up!

**Malnutrition** · 09-03-2024, 08:30 PM

[HEADING=1][COLOR=rgb(243, 121, 52)]FRST Fix[/COLOR][/HEADING][COLOR=rgb(243, 121, 52)]

Copy the content of the code box below.
[COLOR=rgb(243, 121, 52)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
O43 - CFD: 08/12/2019 - [] D -- C:\Users\khval\AppData\Local\D211B1.tmpd
O43 - CFD: 05/08/2020 - [] D -- C:\Users\khval\AppData\Local\D21345.tmpd
O43 - CFD: 05/10/2019 - [] D -- C:\Users\khval\AppData\Local\D21500.tmpd
O43 - CFD: 20/10/2019 - [] D -- C:\Users\khval\AppData\Local\D21690.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D216B7.tmpd
O43 - CFD: 04/04/2020 - [] D -- C:\Users\khval\AppData\Local\D2173E.tmpd
O43 - CFD: 07/09/2019 - [] D -- C:\Users\khval\AppData\Local\D219A0.tmpd
O43 - CFD: 06/08/2020 - [] D -- C:\Users\khval\AppData\Local\D21A09.tmpd
O43 - CFD: 22/12/2020 - [] D -- C:\Users\khval\AppData\Local\D21B08.tmpd
O43 - CFD: 30/11/2019 - [] D -- C:\Users\khval\AppData\Local\D21C5B.tmpd
O43 - CFD: 31/07/2020 - [] D -- C:\Users\khval\AppData\Local\D21C97.tmpd
O43 - CFD: 11/08/2019 - [] D -- C:\Users\khval\AppData\Local\D21CE.tmpd
O43 - CFD: 30/08/2019 - [] D -- C:\Users\khval\AppData\Local\D21D26.tmpd
O43 - CFD: 05/10/2019 - [] D -- C:\Users\khval\AppData\Local\D21D81.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D21DC2.tmpd
O43 - CFD: 15/12/2019 - [] D -- C:\Users\khval\AppData\Local\D21F7E.tmpd
O43 - CFD: 07/08/2020 - [] D -- C:\Users\khval\AppData\Local\D22070.tmpd
O43 - CFD: 20/10/2019 - [] D -- C:\Users\khval\AppData\Local\D22108.tmpd
O43 - CFD: 29/08/2019 - [] D -- C:\Users\khval\AppData\Local\D22156.tmpd
O43 - CFD: 26/12/2020 - [] D -- C:\Users\khval\AppData\Local\D223E4.tmpd
O43 - CFD: 10/10/2019 - [] D -- C:\Users\khval\AppData\Local\D225D7.tmpd
O43 - CFD: 04/09/2019 - [] D -- C:\Users\khval\AppData\Local\D22810.tmpd
O43 - CFD: 07/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2290B.tmpd
O43 - CFD: 11/08/2019 - [] D -- C:\Users\khval\AppData\Local\D22A6A.tmpd
O43 - CFD: 20/12/2020 - [] D -- C:\Users\khval\AppData\Local\D22A80.tmpd
O43 - CFD: 15/12/2019 - [] D -- C:\Users\khval\AppData\Local\D22AF7.tmpd
O43 - CFD: 23/08/2019 - [] D -- C:\Users\khval\AppData\Local\D22B6.tmpd
O43 - CFD: 13/12/2020 - [] D -- C:\Users\khval\AppData\Local\D22D0D.tmpd
O43 - CFD: 22/08/2019 - [] D -- C:\Users\khval\AppData\Local\D22D1D.tmpd
O43 - CFD: 15/09/2019 - [] D -- C:\Users\khval\AppData\Local\D22F27.tmpd
O43 - CFD: 28/09/2019 - [] D -- C:\Users\khval\AppData\Local\D23201.tmpd
O43 - CFD: 11/08/2020 - [] D -- C:\Users\khval\AppData\Local\D237FA.tmpd
O43 - CFD: 10/01/2021 - [] D -- C:\Users\khval\AppData\Local\D23893.tmpd
O43 - CFD: 10/11/2019 - [] D -- C:\Users\khval\AppData\Local\D238C8.tmpd
O43 - CFD: 20/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2394E.tmpd
O43 - CFD: 16/11/2019 - [] D -- C:\Users\khval\AppData\Local\D23BAC.tmpd
O43 - CFD: 11/08/2019 - [] D -- C:\Users\khval\AppData\Local\D23C97.tmpd
O43 - CFD: 30/08/2019 - [] D -- C:\Users\khval\AppData\Local\D23EE8.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D23F76.tmpd
O43 - CFD: 11/09/2019 - [] D -- C:\Users\khval\AppData\Local\D23FAE.tmpd
O43 - CFD: 25/08/2019 - [] D -- C:\Users\khval\AppData\Local\D240BF.tmpd
O43 - CFD: 18/09/2019 - [] D -- C:\Users\khval\AppData\Local\D241BF.tmpd
O43 - CFD: 26/12/2020 - [] D -- C:\Users\khval\AppData\Local\D24201.tmpd
O43 - CFD: 14/01/2021 - [] D -- C:\Users\khval\AppData\Local\D24331.tmpd
O43 - CFD: 08/08/2019 - [] D -- C:\Users\khval\AppData\Local\D24435.tmpd
O43 - CFD: 03/09/2019 - [] D -- C:\Users\khval\AppData\Local\D24637.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D24679.tmpd
O43 - CFD: 19/08/2019 - [] D -- C:\Users\khval\AppData\Local\D247AC.tmpd
O43 - CFD: 09/08/2020 - [] D -- C:\Users\khval\AppData\Local\D247E8.tmpd
O43 - CFD: 23/08/2019 - [] D -- C:\Users\khval\AppData\Local\D247F5.tmpd
O43 - CFD: 31/07/2020 - [] D -- C:\Users\khval\AppData\Local\D24A10.tmpd
O43 - CFD: 03/09/2019 - [] D -- C:\Users\khval\AppData\Local\D24C94.tmpd
O43 - CFD: 13/12/2019 - [] D -- C:\Users\khval\AppData\Local\D24E29.tmpd
O43 - CFD: 23/12/2019 - [] D -- C:\Users\khval\AppData\Local\D24E74.tmpd
O43 - CFD: 27/10/2019 - [] D -- C:\Users\khval\AppData\Local\D24F5E.tmpd
O43 - CFD: 07/12/2020 - [] D -- C:\Users\khval\AppData\Local\D24F77.tmpd
O43 - CFD: 22/10/2019 - [] D -- C:\Users\khval\AppData\Local\D25438.tmpd
O43 - CFD: 29/11/2019 - [] D -- C:\Users\khval\AppData\Local\D254A6.tmpd
O43 - CFD: 19/07/2020 - [] D -- C:\Users\khval\AppData\Local\D2568C.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D256F3.tmpd
O43 - CFD: 13/08/2019 - [] D -- C:\Users\khval\AppData\Local\D257D7.tmpd
O43 - CFD: 22/08/2019 - [] D -- C:\Users\khval\AppData\Local\D25984.tmpd
O43 - CFD: 13/04/2020 - [] D -- C:\Users\khval\AppData\Local\D25C54.tmpd
O43 - CFD: 07/08/2019 - [] D -- C:\Users\khval\AppData\Local\D25D6B.tmpd
O43 - CFD: 28/08/2019 - [] D -- C:\Users\khval\AppData\Local\D25E12.tmpd
O43 - CFD: 20/08/2019 - [] D -- C:\Users\khval\AppData\Local\D25F8B.tmpd
O43 - CFD: 03/08/2020 - [] D -- C:\Users\khval\AppData\Local\D25FAC.tmpd
O43 - CFD: 17/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2604E.tmpd
O43 - CFD: 27/10/2019 - [] D -- C:\Users\khval\AppData\Local\D263DA.tmpd
O43 - CFD: 12/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2642C.tmpd
O43 - CFD: 25/09/2019 - [] D -- C:\Users\khval\AppData\Local\D264BE.tmpd
O43 - CFD: 25/09/2019 - [] D -- C:\Users\khval\AppData\Local\D266A1.tmpd
O43 - CFD: 16/12/2019 - [] D -- C:\Users\khval\AppData\Local\D26876.tmpd
O43 - CFD: 09/11/2019 - [] D -- C:\Users\khval\AppData\Local\D2697C.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D269D.tmpd
O43 - CFD: 01/08/2020 - [] D -- C:\Users\khval\AppData\Local\D26A69.tmpd
O43 - CFD: 16/05/2020 - [] D -- C:\Users\khval\AppData\Local\D26CB2.tmpd
O43 - CFD: 17/09/2019 - [] D -- C:\Users\khval\AppData\Local\D27005.tmpd
O43 - CFD: 27/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2730B.tmpd
O43 - CFD: 13/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2776C.tmpd
O43 - CFD: 30/12/2020 - [] D -- C:\Users\khval\AppData\Local\D27813.tmpd
O43 - CFD: 25/08/2019 - [] D -- C:\Users\khval\AppData\Local\D27868.tmpd
O43 - CFD: 24/09/2019 - [] D -- C:\Users\khval\AppData\Local\D27A04.tmpd
O43 - CFD: 22/10/2019 - [] D -- C:\Users\khval\AppData\Local\D27A08.tmpd
O43 - CFD: 06/09/2019 - [] D -- C:\Users\khval\AppData\Local\D27AC5.tmpd
O43 - CFD: 19/08/2019 - [] D -- C:\Users\khval\AppData\Local\D27E57.tmpd
O43 - CFD: 20/10/2019 - [] D -- C:\Users\khval\AppData\Local\D27F76.tmpd
O43 - CFD: 30/07/2020 - [] D -- C:\Users\khval\AppData\Local\D27FF1.tmpd
O43 - CFD: 30/12/2020 - [] D -- C:\Users\khval\AppData\Local\D28102.tmpd
O43 - CFD: 26/09/2019 - [] D -- C:\Users\khval\AppData\Local\D281B9.tmpd
O43 - CFD: 12/12/2019 - [] D -- C:\Users\khval\AppData\Local\D281D5.tmpd
O43 - CFD: 03/11/2019 - [] D -- C:\Users\khval\AppData\Local\D281DA.tmpd
O43 - CFD: 28/09/2019 - [] D -- C:\Users\khval\AppData\Local\D282FB.tmpd
O43 - CFD: 09/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2833D.tmpd
O43 - CFD: 15/09/2019 - [] D -- C:\Users\khval\AppData\Local\D28495.tmpd
O43 - CFD: 14/12/2019 - [] D -- C:\Users\khval\AppData\Local\D284B1.tmpd
O43 - CFD: 26/09/2019 - [] D -- C:\Users\khval\AppData\Local\D284E6.tmpd
O43 - CFD: 03/09/2019 - [] D -- C:\Users\khval\AppData\Local\D287B7.tmpd
O43 - CFD: 09/10/2019 - [] D -- C:\Users\khval\AppData\Local\D28961.tmpd
O43 - CFD: 02/09/2019 - [] D -- C:\Users\khval\AppData\Local\D28BF8.tmpd
O43 - CFD: 24/10/2019 - [] D -- C:\Users\khval\AppData\Local\D28C85.tmpd
O43 - CFD: 09/08/2020 - [] D -- C:\Users\khval\AppData\Local\D28E02.tmpd
O43 - CFD: 05/01/2020 - [] D -- C:\Users\khval\AppData\Local\D28E08.tmpd
O43 - CFD: 15/09/2019 - [] D -- C:\Users\khval\AppData\Local\D28EB0.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D28FFE.tmpd
O43 - CFD: 23/12/2019 - [] D -- C:\Users\khval\AppData\Local\D29033.tmpd
O43 - CFD: 14/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2907C.tmpd
O43 - CFD: 08/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2922F.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D29504.tmpd
O43 - CFD: 27/09/2019 - [] D -- C:\Users\khval\AppData\Local\D29569.tmpd
O43 - CFD: 04/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2973C.tmpd
O43 - CFD: 09/08/2020 - [] D -- C:\Users\khval\AppData\Local\D297E3.tmpd
O43 - CFD: 04/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2987E.tmpd
O43 - CFD: 08/12/2019 - [] D -- C:\Users\khval\AppData\Local\D298CF.tmpd
O43 - CFD: 17/08/2019 - [] D -- C:\Users\khval\AppData\Local\D298FB.tmpd
O43 - CFD: 02/01/2021 - [] D -- C:\Users\khval\AppData\Local\D29C14.tmpd
O43 - CFD: 20/09/2019 - [] D -- C:\Users\khval\AppData\Local\D29E6D.tmpd
O43 - CFD: 27/12/2020 - [] D -- C:\Users\khval\AppData\Local\D29E8D.tmpd
O43 - CFD: 12/01/2021 - [] D -- C:\Users\khval\AppData\Local\D29F72.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D29F8E.tmpd
O43 - CFD: 09/11/2019 - [] D -- C:\Users\khval\AppData\Local\D29FD5.tmpd
O43 - CFD: 11/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2A0EC.tmpd
O43 - CFD: 16/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2A12C.tmpd
O43 - CFD: 15/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2A211.tmpd
O43 - CFD: 14/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A452.tmpd
O43 - CFD: 07/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A4A4.tmpd
O43 - CFD: 23/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A526.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A5AB.tmpd
O43 - CFD: 18/07/2020 - [] D -- C:\Users\khval\AppData\Local\D2A6D9.tmpd
O43 - CFD: 14/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A71C.tmpd
O43 - CFD: 30/11/2019 - [] D -- C:\Users\khval\AppData\Local\D2A7F2.tmpd
O43 - CFD: 04/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2A9D8.tmpd
O43 - CFD: 13/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2AB2.tmpd
O43 - CFD: 09/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2AC23.tmpd
O43 - CFD: 02/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2AD11.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2AD18.tmpd
O43 - CFD: 10/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2AECA.tmpd
O43 - CFD: 14/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2AF06.tmpd
O43 - CFD: 12/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2B0F7.tmpd
O43 - CFD: 02/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2B2A8.tmpd
O43 - CFD: 19/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2B425.tmpd
O43 - CFD: 05/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2B83C.tmpd
O43 - CFD: 13/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2B942.tmpd
O43 - CFD: 05/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2B9D7.tmpd
O43 - CFD: 26/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2BBC7.tmpd
O43 - CFD: 28/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2BBD9.tmpd
O43 - CFD: 12/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2BD9D.tmpd
O43 - CFD: 15/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2BF40.tmpd
O43 - CFD: 08/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2C19D.tmpd
O43 - CFD: 22/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2C25E.tmpd
O43 - CFD: 16/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2C3C8.tmpd
O43 - CFD: 19/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2C7B2.tmpd
O43 - CFD: 20/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2CF1.tmpd
O43 - CFD: 10/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2CFF8.tmpd
O43 - CFD: 15/01/2020 - [] D -- C:\Users\khval\AppData\Local\D2D17A.tmpd
O43 - CFD: 05/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2D1E0.tmpd
O43 - CFD: 25/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2D34C.tmpd
O43 - CFD: 25/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2D4E.tmpd
O43 - CFD: 23/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2DAB7.tmpd
O43 - CFD: 20/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2DAC7.tmpd
O43 - CFD: 11/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2DB49.tmpd
O43 - CFD: 15/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2DCA4.tmpd
O43 - CFD: 10/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2DE67.tmpd
O43 - CFD: 21/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2DFCB.tmpd
O43 - CFD: 07/12/2020 - [] D -- C:\Users\khval\AppData\Local\D2DFFF.tmpd
O43 - CFD: 07/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2E1CC.tmpd
O43 - CFD: 29/01/2020 - [] D -- C:\Users\khval\AppData\Local\D2E402.tmpd
O43 - CFD: 07/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2E456.tmpd
O43 - CFD: 28/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2E4C6.tmpd
O43 - CFD: 07/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2E567.tmpd
O43 - CFD: 22/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2E5B3.tmpd
O43 - CFD: 25/11/2019 - [] D -- C:\Users\khval\AppData\Local\D2E972.tmpd
O43 - CFD: 10/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2E9FE.tmpd
O43 - CFD: 28/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2EC4E.tmpd
O43 - CFD: 21/12/2020 - [] D -- C:\Users\khval\AppData\Local\D2ECEE.tmpd
O43 - CFD: 14/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2ED10.tmpd
O43 - CFD: 08/09/2020 - [] D -- C:\Users\khval\AppData\Local\D2ED1D.tmpd
O43 - CFD: 13/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2ED79.tmpd
O43 - CFD: 26/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2EDA6.tmpd
O43 - CFD: 02/08/2020 - [] D -- C:\Users\khval\AppData\Local\D2EF76.tmpd
O43 - CFD: 19/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2F011.tmpd
O43 - CFD: 13/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2F019.tmpd
O43 - CFD: 20/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2F05E.tmpd
O43 - CFD: 12/08/2019 - [0] D -- C:\Users\khval\AppData\Local\D2F06F.tmpd
O43 - CFD: 07/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2F0BB.tmpd
O43 - CFD: 21/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2F254.tmpd
O43 - CFD: 30/12/2020 - [] D -- C:\Users\khval\AppData\Local\D2F404.tmpd
O43 - CFD: 30/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2F73.tmpd
O43 - CFD: 14/09/2019 - [] D -- C:\Users\khval\AppData\Local\D2FB52.tmpd
O43 - CFD: 20/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2FBA1.tmpd
O43 - CFD: 20/10/2019 - [] D -- C:\Users\khval\AppData\Local\D2FDD5.tmpd
O43 - CFD: 09/12/2019 - [] D -- C:\Users\khval\AppData\Local\D2FF6E.tmpd
O43 - CFD: 12/08/2019 - [] D -- C:\Users\khval\AppData\Local\D2FFE4.tmpd
C:\Users\khval\AppData\Local\Backup
C:\Users\khval\AppData\Local\Google\Update
Unlock: C:\WINDOWS\System32\drivers\vsscanner.sys
C:\WINDOWS\System32\drivers\vsscanner.sys
S3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29752 2018-06-25] (Microsoft Windows Hardware Compatibility Publisher -> VoodooSoft, LLC)
DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\AvastAdSDK

Startbatch:
powershell Disable-WindowsOptionalFeature -Online -FeatureName "HypervisorPlatform"
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HvHost" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmickvpexchange" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicguestinterface" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicshutdown" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicheartbeat" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicvmsession" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicrdv" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmictimesync" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicvss" /v "Start" /t REG_DWORD /d "4" /f
schtasks /change /tn "CCleanerCrashReporting" /disable
schtasks /change /tn "CCleanerSkipUAC" /disable
schtasks /change /tn "CCleaner Update" /disable
schtasks /change /tn "Firefox Default Browser Agent 308046B0AF4A39CB" /disable
schtasks /change /tn "Firefox Background Update S-1-5-21-2544099675-2571443181-3956208610-1001 308046B0AF4A39CB" /disable
schtasks /change /tn "Adobe Acrobat Update Task" /disable
schtasks /change /tn "CCleanerSkipUAC" /disable
schtasks /change /tn "CCleaner Update" /disable
schtasks /change /tn "GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core" /disable
schtasks /change /tn "GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA" /disable
sc stop XboxGipSvc
sc config XboxGipSvc start= disabled
sc stop XboxNetApiSvc
sc config XboxNetApiSvc start= disabled
sc stop Rasman
sc config Rasman start= disabled
sc stop Remoteaccess
sc config Remoteaccess start= disabled
sc stop Rasauto
sc config Rasauto start= disabled
sc stop XblGameSave
sc config XblGameSave start= disabled
sc stop XblAuthManager
sc config XblAuthManager start= disabled
sc stop BDESVC
sc config BDESVC start= disabled
sc stop CCleanerPerformanceOptimizerService
sc config CCleanerPerformanceOptimizerService start= manual
sc stop HpTouchpointAnalyticsService
sc config HpTouchpointAnalyticsService start= manual
sc stop HPSysInfoCap
sc config HPSysInfoCap Service start= manual
sc stop HPDiagsCap
sc config HPDiagsCap Service start= manual
sc stop HPAppHelperCap
sc config HPAppHelperCap Service start= manual
sc stop Bonjour Service
sc config Bonjour Service start= manual
sc stop AdobeARMservice
sc config AdobeARMservice start= manual
sc stop sysmain
sc config sysmain start= disabled
sc stop DiagTrack
sc config DiagTrack start= disabled
sc stop dmwappushservice
sc config dmwappushservice start= disabled
sc stop WSearch
sc config WSearch start= disabled
sc stop lfsvc
sc config lfsvc start= disabled
manage-bde -off C:
manage-bde -off D:
powercfg -h off
Endbatch:

emptytemp:
Reboot:
End::

[/COLOR][/color]

**khval94** · 09-03-2024, 08:39 PM

here is the fixlog

**Malnutrition** · 09-03-2024, 08:41 PM

[COLOR=rgb(243, 121, 52)]Anymore issues?

Security Check Scan.

Download Security Check to your desktop.
[ul]
[li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please [COLOR=rgb(243, 121, 52)]Copy and paste that log here in your next post.[/li][li]There will be items listed in red when you post this log, those items need to be updated.[/li][/ul]

You can disable Cortana and pretty much all spyware-Bs from MS with this tool.

https://www.w10privacy.de/english-home/[/COLOR][/COLOR]

**khval94** · 09-03-2024, 08:46 PM

It would appear not! Wow thank you Malnurished wizard!

SecurityCheck by glax24 & Severnyj v.1.4.0.58 [15.08.24]
WebSite: www.safezone.cc
DateLog: 03.09.2024 14:43:15
Path starting: C:\Users\khval\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: khval
VersionXML: 12.52is-24.08.2024

Windows 11 Core (x64) Release: 23H2 (10.0.22631.4037) Lang: English(0409)
Installation date OS: 08.06.2023 16:28:00
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 19, Office19HomeStudent2019R_Retail edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.3 Gb] Used: [119.5 Gb] Free: [810.8 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 4)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
McAfee VirusScan (enabled)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.1.8.123 v.5.1.8.123
-------------------------- [ SecurityUtilities ] --------------------------
RogueKiller version 15.8.2.0 v.15.8.2.0
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 v.14.38.33130.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 v.14.30.30704.0 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.045.0227.0004 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom Workplace v.6.0.11 (39959) Warning! Download Update
Telegram Desktop v.5.1.7 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
Audacity 3.6.1 v.3.6.1
VLC media player v.3.0.8 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat (64-bit) v.24.003.20054
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.129.0.1 Warning! Download Update
Brave v.128.1.69.162
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1314
C:\Program Files\RogueKiller\RogueKiller64.exe v.15.8.2.0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe v.4.18.24070.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe v.4.18.24070.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Google Video Support Plugin v.19.12.1000.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

**Malnutrition** · 09-03-2024, 08:50 PM

Update All items in red by clicking on the links provided, or use this tool.

I suggest UblockOrigin

Download KpRM Click Here
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

[COLOR=rgb(243, 121, 52)]I will mark this as solved. (y)(y)(y)[/COLOR]

**khval94** · 09-03-2024, 09:05 PM

Thank you so very much! You’re a life saver. :giggle:

I see uBlock Origin is for chrome which i don’t use. Is there a comprable option for Brave?

**Malnutrition** · 09-03-2024, 09:21 PM

Glad to help, I’m happy that your machine is running correctly now!! (y)

I believe Brave has a built in ad blocker.
As far a I know, I’m gonna be honest, I do not use brave so I have no idea.
But you have options..

[ul]
[li]AdMuncher blocks ads on all browsers.[/li][li]Or Alternate or Adguard DNS server.[/li][li]Follow this guide to set your DNS server.[/li][/ul]

computer startup slow, fan running at all times, below optimal performance..

computer startup slow, fan running at all times, below optimal performance..

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment