• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved BAse Filtering Engine Access Denied Error 5

Status
Not open for further replies.
T

thiisnacc

PCHF Member
Apr 7, 2022
55
4
29
#1
So recently I have been fighting this (assumed) virus on my computer with no luck. I tried to repair the PC by granting 'Everyone' administrative permissions to the BFE service it worked partially but I couldnt turn my firewall back on even after doing that. I think My OS got corrupted as well. I tried to Factory Reset my computer but wanted to keep my files. That, too, worked partially. Now I am back to square one with it being turned off again along with the firewall. By the way I had avast on my computer before all of this. I would let avast run an offline scan that showed some files on my PC were "decompression bombs". I have since removed Avast and just rely on Windows Security.



Today, in safe mode, I typed in elevated cmd

Code: 
takeown /S mycomputername /U %username% /F %USERPROFILE% /R /SKIPSL. This worked.

 

I then tried cacls %USERPROFILE% /T /E /G %USERNAME%:F. This still gave Access Denied after.

 

I typed:

 

sc queryex bfe, It returned:

 

SERVICE_NAME: bfe

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

WIN32_EXIT_CODE : 5 (0x5)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 0

FLAGS :

 

It's Dependencies Says RPC and a host of other services depend on this service including Windows Firewall which is also malfunctioning (won't start).



Any help is appreciated.
 
Last edited by a moderator:
#2
Also:

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by User (administrator) on USER-PC (Dell Inc. Latitude E6420) (07-04-2022 11:23:57)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <25>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKU\S-1-5-21-2824228921-1266272492-1798908342-1000\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3540392 2022-04-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6C62D0AC-543D-40BA-905F-28548A1E30C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E5D8396-48D3-4C6A-970F-2F6E68B814D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A33FAEB-A02C-4BA1-9842-B1968E871A29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80FE780A-E9DC-437B-8A20-A30EB381883B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B96A7024-47B1-425E-A9D8-874CC35B63D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-03-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC862D59-E4C2-46D4-9804-8539BCE13817} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-03-30] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{dc8eb244-98c6-4869-851b-99f0edab5748}: [DhcpNameServer] 192.168.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-07]
Edge Extension: (Hippo Video: Video and Screen Recorder) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cijidiollmnkegoghpfobabpecdkeiah [2022-04-07]
Edge Extension: (MetaMask) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2022-03-11]
Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2022-03-07]
Edge Extension: (AdGuard AdBlocker) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2022-03-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-03-29] (Microsoft Corporation -> Microsoft Corporation)
S4 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S4 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [43520 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [65536 2007-02-11] (Microsoft Windows Hardware Compatibility Publisher -> O2Micro International)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [260096 2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> )
S4 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746736 2022-01-17] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag64.sys [27648 2020-07-30] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2020-07-30] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 cykbfltrService; C:\WINDOWS\System32\drivers\cykbfltr.sys [19968 2015-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
U5 mvumis; C:\WINDOWS\System32\drivers\mvumis.sys [63800 2019-12-07] (Microsoft Windows -> Marvell Semiconductor, Inc.)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2w7x64.sys [195768 2013-08-16] (O2Micro -> O2Micro)
S3 Ser2pl; C:\WINDOWS\System32\drivers\ser2pl64.sys [227248 2017-10-30] (WDKTestCert charles-yeh,131345514351795974 -> Prolific Technology Inc.)
S3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239648 2022-01-17] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249560 2022-01-17] (Oracle Corporation -> Oracle Corporation)
S1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1046416 2022-01-17] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl10f302d1; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2134960C-024E-452A-BD21-3692784F72D8}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-07 10:44 - 2022-04-07 10:44 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2022-04-06 14:15 - 2022-04-06 14:15 - 000007894 _____ C:\Users\User\Downloads\Per.zip
2022-04-06 11:39 - 2022-04-06 11:40 - 000015985 _____ C:\Users\User\Downloads\Addition.txt
2022-04-06 11:38 - 2022-04-07 11:24 - 000009661 _____ C:\Users\User\Downloads\FRST.txt
2022-04-06 11:37 - 2022-04-07 11:24 - 000000000 ____D C:\FRST
2022-04-06 11:35 - 2022-04-06 11:36 - 002365440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2022-04-06 10:59 - 2022-04-07 08:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-04-02 13:11 - 2022-04-02 13:11 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-04-02 12:46 - 2022-04-02 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-04-02 12:44 - 2022-04-02 13:16 - 000000000 ____D C:\Program Files\Microsoft Office
2022-04-02 12:44 - 2022-04-02 12:44 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-04-02 12:10 - 2022-04-02 12:10 - 000000368 _____ C:\Users\User\AppData\Roaming\SaraBat.bat
2022-04-02 11:52 - 2022-04-02 13:17 - 000000000 ____D C:\Users\User\AppData\Local\SaraResults
2022-04-02 10:01 - 2022-04-02 10:01 - 000000000 ____D C:\Users\User\AppData\Local\SaRALogs
2022-04-02 09:51 - 2022-04-02 13:20 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2022-04-02 09:51 - 2022-04-02 09:51 - 000000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2022-03-30 13:23 - 2022-03-30 13:23 - 000000000 ___HD C:\$WinREAgent
2022-03-28 19:27 - 2022-04-06 21:01 - 097517568 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-03-28 19:11 - 2022-03-28 19:27 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-03-28 16:32 - 2022-03-28 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2022-03-28 16:31 - 2022-03-28 16:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2022-03-28 16:30 - 2022-03-28 16:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2022-03-28 16:30 - 2022-03-28 16:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2022-03-28 16:23 - 2022-04-07 10:39 - 002025348 _____ C:\WINDOWS\ntbtlog.txt
2022-03-28 16:23 - 2022-03-28 16:23 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2022-03-27 20:07 - 2022-03-27 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-03-13 20:29 - 2022-03-24 16:50 - 000000000 ____D C:\Users\User\.VirtualBox
2022-03-10 18:43 - 2022-04-06 11:02 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2022-03-08 18:09 - 2022-03-08 18:10 - 000000000 ____D C:\Users\User\Downloads\Virtual Box and iso
2022-03-08 17:28 - 2022-03-24 14:14 - 000000000 ____D C:\ProgramData\VirtualBox
2022-03-08 17:27 - 2022-03-08 17:27 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2022-03-08 17:27 - 2022-03-08 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2022-03-08 17:27 - 2022-01-17 05:12 - 001046416 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxSup.sys
2022-03-08 17:27 - 2022-01-17 05:12 - 000188184 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2022-03-08 17:26 - 2022-03-08 17:26 - 000000000 ____D C:\Program Files\Oracle

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-07 08:08 - 2022-02-17 14:42 - 000000000 ____D C:\WINDOWS\INF
2022-04-07 08:08 - 2022-02-17 12:09 - 000839732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-07 08:04 - 2022-02-09 21:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-06 21:01 - 2022-02-17 14:36 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-04-06 17:59 - 2022-02-17 11:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-06 16:38 - 2022-02-03 10:48 - 000000133 _____ C:\Users\User\0
2022-04-06 14:17 - 2022-02-17 14:43 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-06 14:17 - 2022-02-17 11:53 - 000038755 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2022-04-06 14:17 - 2022-02-17 11:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-06 10:54 - 2022-02-17 14:43 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-06 10:54 - 2022-02-17 11:52 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-06 10:54 - 2022-02-17 11:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-05 09:10 - 2022-02-17 14:43 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-04 16:58 - 2022-02-17 12:32 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2824228921-1266272492-1798908342-1000
2022-04-04 16:58 - 2022-02-17 12:32 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2824228921-1266272492-1798908342-1000
2022-04-04 16:58 - 2022-02-17 12:02 - 000002380 ____C C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-02 20:23 - 2022-02-17 14:51 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-02 20:23 - 2022-02-17 14:51 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-02 13:16 - 2022-02-17 14:43 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-04-02 11:54 - 2022-02-17 11:52 - 000439016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-02 09:57 - 2019-08-16 20:49 - 000000000 ___DC C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2022-03-30 14:42 - 2022-02-17 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-28 16:34 - 2022-02-17 12:02 - 000000000 ____D C:\Users\Administrator
2022-03-28 16:31 - 2022-02-17 14:43 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-28 16:31 - 2022-01-31 17:53 - 000000000 ___RD C:\Users\Administrator\3D Objects
2022-03-28 16:31 - 2018-02-21 02:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-25 21:07 - 2022-02-17 12:33 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2022-03-25 21:07 - 2022-02-17 12:27 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2022-03-25 21:07 - 2022-02-17 12:27 - 000000000 ____D C:\ProgramData\Packages
2022-03-22 20:46 - 2022-02-17 14:43 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-15 17:12 - 2022-02-17 11:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 12:07 - 2022-02-19 20:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 11:01 - 2022-02-19 20:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 10:55 - 2022-02-19 20:06 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2022-04-02 12:10 - 2022-04-02 12:10 - 000000368 _____ () C:\Users\User\AppData\Roaming\SaraBat.bat
2022-04-02 12:10 - 2022-04-02 12:10 - 000196984 _____ (Microsoft Corporation) C:\Users\User\AppData\Roaming\SetupProd_Act.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

  • Addition.txt
    16 KB · Views: 2
Last edited by a moderator:
#3
Adware Cleaner

  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select
    Spcusrh.png


    Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
  • Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me


Can you move FRST to your desktop, and then boot into normal mode and run the tool please. Attach both logs, I’d rather not have it copy and pasted.



Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
Post the log created.



I am currently at work on lunch break. I’ll have a reply for you once I return home. 👍
 
  • Like
Reactions: thiisnacc
#4
Malnutrition said:
Adware Cleaner

  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select
    Spcusrh.png


    Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
  • Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me


Can you move FRST to your desktop, and then boot into normal mode and run the tool please. Attach both logs, I’d rather not have it copy and pasted.



Download and unzip farbar service scanner to your desktop, check all boxes and hit scan.
Post the log created.



I am currently at work on lunch break. I’ll have a reply for you once I return home. 👍
Click to expand...
1649357141948.png


Hello!

I got lost on the "make sure that every item listed in the different tabs is checked and click on" part. The Log FIles Tab says AdwCleaner.txt do I check that as well or do I leave everything else default in the other tabs?

1649357345258.png

1649357373411.png
 
#15
Ok.
Let's do this....
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Step2:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

Step 3:
ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open... attach the report in your next reply.


As far as adware cleaner, right click run as admin, if nothing is found then run the basic repair.

Capture.PNG
 

Attachments

  • fixlist.txt
    2.2 KB · Views: 15
Last edited:
  • Like
Reactions: thiisnacc
#16
Malnutrition said:
Ok.
Let's do this....
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Step2:
ZHP cleaner Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

Step 3:
ZHP Diag Scan Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open... attach the report in your next reply.


As far as adware cleaner, right click run as admin, if nothing is found then run the basic repair.

View attachment 9449
Click to expand...
Hi! So I have questions. Firstly:

When I did the FRST fix and restarted the file got deleted somehow. Id didn't delete it and I got this notice from One drive:

1649385520760.png


Why/How did that happen?

Secondly there's a ZHPCleaner and ZHPCleaner[R] would you like all two of those? I still have to do the ZHPDiag and the Adware Cleaner. Let me know when you're ready to stop and then pick up where we left off at a later time, please.
 
Last edited by a moderator:
#17
thiisnacc said:
When I did the FRST fix and restarted the file got deleted somehow. Id didn't delete it and I got this notice from One drive:
Click to expand...


You are running FRST from

Running from C:\Users\User\OneDrive\onedrive\Desktop

Can you move FRST to your desktop, I'm not sure about one drive....

Go ahead and post both logs from ZHP cleaner and move onto the next steps. :)
 
#19
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2 KB · Views: 19
#20
Malnutrition said:
You are running FRST from

Running from C:\Users\User\OneDrive\onedrive\Desktop

Can you move FRST to your desktop, I'm not sure about one drive....

Go ahead and post both logs from ZHP cleaner and move onto the next steps. :)
Click to expand...
My PC desktop and my OneDrive desktop have have the same contents inside of them. I think I used OneDrive as a back up storage. Perhaps thats why but I definitely have FRST and its logs stored on my desktop. I do not know how to separate it from One drive at the moment.

Is there some other way to attach besides url? If not:

file:///C:/Users/User/AppData/Roaming/ZHP/ZHPCleaner--07042022-22_22_59.html

file:///C:/Users/User/AppData/Roaming/ZHP/ZHPCleaner-[R]-07042022-22_30_09.html
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu