Solved Im getting what looks like virus/adware

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  • Please know PCHF Management is aware of the issues we've been having and are working to have it resolved. We have PCHF server engineers working on the issue and will remove this notice once resolved. Thank you for your patience and for being a valued PCHF member!
Status
Not open for further replies.

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
Appreciate it :) Normally we don't have this issue but your PC seems to be trying to upload other files along with it, which is triggering a block.
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
Awesome :) It's late here but I'll look at your logs in-between work tomorrow. Sorry about all the hurdles but we'll get you taken care of :D
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
Awesome :) It's late here but I'll look at your logs in-between work tomorrow. Sorry about all the hurdles but we'll get you taken care of :D

Well if my files are trying to upload other stuff along with it wouldnt you say there might be something else t hat need sto be looked in to too? Also the malware pop ups and stuff have goten worse since that scan was done. At first it was just 1 or 2 of the same fake alert or pop up showing now theres all sorts of different ones
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
You have what's called Rogue alerts. Here's what you can do in the meantime:

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.

oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuEOwdc4_mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmEr8_ua1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400


Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"

7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400


After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"


Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post (or if you can't please upload to Google Drive and share link) :)

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon
mwb-jpg.481
to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  • If the dashboard is not already displayed select it.
  • Then select Update to get the latest definition database.

mwb1-jpg.482


  • Next we need to change a scanning option, select Settings on the main menu
  • Then Detection and Protection on the left.
  • Then select Scan for rootkits in the detection options, as well as the other two options already checked.

mwb2-jpg.483


Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.

mwb3-jpg.484


  • Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected

mwb5-jpg.489


A dialogue box may open and ask to restart the computer, if so select Yes

mwb7cc-jpg.486


Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.

mwb8aa-jpg.492


Please copy and paste the contents of the text file in your next post (or upload to Google Drive if unable and post link) :)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
I've almost got a first fix for you. However I do have a couple questions:

  • Are you running a cracked version of Windows or Office? The reason I ask is because I see a lot of GWX files.
  • Are you using Avast for anti-virus?
I await your response as well as the logs for MBAM and AdwCleaner :)
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
I've almost got a first fix for you. However I do have a couple questions:

  • Are you running a cracked version of Windows or Office? The reason I ask is because I see a lot of GWX files.
  • Are you using Avast for anti-virus?
I await your response as well as the logs for MBAM and AdwCleaner :)


Ill get those scans done after work, As for a cracked version or Windows orf Office, I dunno bu Id say Im 90% certain that Im not running a cracked version. As for Avast it definitely USE Dto be on the PC dont remember if it still is but Im 99% certain thats still there, Ill check in a few hours
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
In this case since you're unsure, I would honestly recommend you just do a clean install of Windows 10. Here's the easiest way to do it:

  1. Select the Start button, then select Settings > Update & Security > Recovery .
  2. Under Reset this PC, select Get started and then choose Remove everything

This will ensure no unwanted software is left over.
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-01-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\drpsu

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4353 octets] - [01/03/2021 18:29:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-01-2021
# Duration: 00:00:30
# OS: Windows 10 Pro
# Scanned: 1672
# Detected: 21


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack HKCU\Software\drpsu
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkMediaEspresso Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE84937-7BE0-4117-8233-DEB9AC0CDFA8}
Preinstalled.CyberLinkMediaEspresso Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DeviceDetector
Preinstalled.CyberLinkMediaEspresso Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}
Preinstalled.CyberLinkMediaEspresso Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E3739848-5329-48E3-8D28-5BBD6E8BE384}
Preinstalled.CyberLinkMediaEspresso Task C:\Windows\System32\Tasks\DEVICEDETECTOR
Preinstalled.LenovoLBAI Folder C:\Program Files (x86)\LENOVO\LBAI
Preinstalled.LenovoLBAI Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|RemoteControl10
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/21
Scan Time: 6:50 PM
Log File: 425003a2-7af1-11eb-976e-00c2c671cd06.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37649
License: Trial

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: Owner-PC\Owner

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309885
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 3 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.Spigot.Generic, HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mkodglccjkggchpdpiikgcjplniemdej, Quarantined, 8440, 530199, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej, Quarantined, 8440, 530199, , , , , ,
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MKODGLCCJKGGCHPDPIIKGCJPLNIEMDEJ, Quarantined, 8440, 530199, 1.0.37649, , ame, , ,

File: 11
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_free.yourtemplatefinder.com_0.localstorage, Quarantined, 373, 368613, 1.0.37649, , ame, , ED793943AB6AE40E95400CE999792ADF, 04D65DF798B7A75C04847CC6BCBF314C1D4CC4D5D9C6E4B9A66EAA719EB3807B
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_free.yourtemplatefinder.com_0.localstorage-journal, Quarantined, 373, 368613, 1.0.37649, , ame, , ,
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 8440, 530199, , , , , B9FC002873F554FA6A6F056487E4F8DB, 0E9F7E23F4B8022F4F50358F7E960A2B04F1036476CD5371F27E359B44F72C6B
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 8440, 530199, , , , , D976BE80FFC1AFFF4F8099C942C98136, 1BAAE80E48527E70075DCDCAD686AF5E17275CBB7EA18461C5D4157188EC3FCF
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej\000003.log, Quarantined, 8440, 530199, , , , , A124216219A171524D904EF1133AA8DD, 5DCD57725749FC53038685425AFCF86E69008AC2202F12328681A62270ADA7F6
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej\CURRENT, Quarantined, 8440, 530199, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej\LOCK, Quarantined, 8440, 530199, , , , , ,
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej\LOG, Quarantined, 8440, 530199, , , , , C42735BE079EA4DAD2664BAE59647A52, BD41E994A30ADE5401FECFB408C493B216E45FB9E39A192888D65F0C4955F511
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mkodglccjkggchpdpiikgcjplniemdej\MANIFEST-000001, Quarantined, 8440, 530199, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MKODGLCCJKGGCHPDPIIKGCJPLNIEMDEJ\1.4_0\CHROMERESTORE.JS, Quarantined, 8440, 530199, 1.0.37649, , ame, , 6F85D53053625DA783F81BF7CC7B79DF, 46F28DCE019D8BF1408027E19FECBE463BB4DCB1958758E59DC7F4B57B316491
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MKODGLCCJKGGCHPDPIIKGCJPLNIEMDEJ\1.4_0\BACKGROUND.JS, Quarantined, 8440, 774169, 1.0.37649, , ame, , E279CD0E85F41939C18E65E52914EC51, 9A92934AEFD9A850CCA0BFEA7BAFFE629ACD8E7B03340BDA042E082D6CB7D6EE

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
After doing all that Im still getting a few your pc is infected/at risk messages (including one from Macafee despite not having macafee on my pc... i notice the macafee pop up also says google chrome so maybe its a chrome extension?) Im doing a second MAlwarebytes scan since teh first one was just a quick scan of the memory, startup files and file systems etc etc. and only took 3 mins, this new one is scanning every drive in full has gone 30 mins so far but hasnt found anything yet. Ill let you know if it does
 
  • Like
Reactions: jmarket

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
heres the 2nd scan, it took 6 hours and found nothing but Im still getting virus detected pop ups galore

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/21
Scan Time: 6:58 PM
Log File: 6dc457ee-7af2-11eb-bc0b-00c2c671cd06.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37649
License: Trial

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: Owner-PC\Owner

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 740156
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 hr, 21 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
I would suggest taking my advice in this post due to the uncertainty of the legitimacy of your OS plus you said you don't use certain software but I see certain software running and installed. I'd much rather play it safe than sorry in this case :(
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
I would suggest taking my advice in this post due to the uncertainty of the legitimacy of your OS plus you said you don't use certain software but I see certain software running and installed. I'd much rather play it safe than sorry in this case :(


well I confirmed that I dont have a cracked version of Windows on that PC. As for the certain software I actually said I USED to have them on there but I dont think they still are but Im 99% certain theyre gone. Well after that discussion I was Avast was indeed still there so before doing the adw and malwarebytes scans I uninstalled Avast as well as some other old pre work files (from 2017) still on that PC such as minitool, ZHP, plus any other virus related programs like there was one called Rogue cleaner or something like that, after I got rid of all those I did malwarebytes and adw scans and well.. you know the results of those. So Id say that clean install of windows isnt necessary at the moment.... unless of course we're out of options?
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Owner (02-03-2021 16:42:21)
Running from C:\Users\Owner\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2021-03-02 00:11:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1014905426-3769363605-1701117676-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1014905426-3769363605-1701117676-503 - Limited - Disabled)
Guest (S-1-5-21-1014905426-3769363605-1701117676-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1014905426-3769363605-1701117676-1003 - Limited - Enabled)
Owner (S-1-5-21-1014905426-3769363605-1701117676-1001 - Administrator - Enabled) => C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-1014905426-3769363605-1701117676-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Amazon Music Importer (HKLM-x32\...\{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}) (Version: 3.1.0 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink DVD Menu Template Pack (HKLM-x32\...\{0C8EBB00-4909-459C-8347-B2068B7F0319}) (Version: 2.0 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3610 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 9.0.2410 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1203_33054 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2109i - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1202 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1018 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2325.01 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2408 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.)
DisplayLink Graphics Driver (HKLM\...\{5ABC05B8-3675-4C55-AF38-C5B0A88DA025}) (Version: 8.5.3365.0 - DisplayLink Corp.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
KeePass Password Safe 1.37 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.37 - Dominik Reichl)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Samsung ML-1865W Series (HKLM-x32\...\Samsung ML-1865W Series) (Version: - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
Trendnet USBKVM Switcher (HKLM-x32\...\Trendnet USBKVM Switcher_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

Packages:
=========
AV Cast -> C:\Program Files\WindowsApps\63429HDWProduction.AVCast_2018.1126.16.0_x64__vzjvkadhfn8tr [2018-11-28] (HDW Production)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.187.400.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.0.40.0_x64__a76a11dkgb644 [2021-03-01] (iHeartMedia.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-29] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-01] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0 [2021-02-21] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2015-08-11 15:32 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-18 13:57 - 2007-07-17 16:26 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2015-08-05 12:15 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2015-08-11 15:33 - 2012-04-23 14:03 - 000380928 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-08-11 15:33 - 2012-08-28 10:51 - 000155648 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 000098304 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 017694720 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-08-11 15:33 - 2012-07-17 12:36 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2015-08-05 12:15 - 2012-07-26 23:07 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2010-12-03 16:45 - 2010-12-03 16:45 - 000150624 _____ (CyberLink -> ) [File not signed] C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM.dll
2021-03-01 18:03 - 2021-03-01 18:03 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2019-01-08 17:31 - 000000845 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3AD575BF-2AB2-425A-84D8-3ADCB88F30B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9D37732-05BD-46C4-AE10-B5069CC5D3DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A4598AC-55C0-4933-A56A-DCC2100190C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA5DA722-9B64-437E-A786-B8DE61497B2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E8CB704-867E-4844-83FF-894BFFA50E82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{078ECCBE-2E4D-4DB8-857B-7D5BD6A56BC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DECE11E-D24D-4993-9DA2-7CE65446ADB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F489BABA-E255-448D-880D-D0A730B19F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2FC7D826-C05D-4BDD-832E-B72E8B4B0A42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50608695-6AAF-49F3-B577-EBD9765EE930}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5694F12C-76D5-4FB4-9720-2F249D3D68F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59ADB011-D9DA-4190-B44E-6B563D7B1320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA5BE2D4-0F31-498C-8934-912AA774A6AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96CCCC02-1466-4686-B024-B3712ED68015}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{375B3A70-0160-4DF6-970B-A89FF225ECCE}] => (Allow) LPort=5558
FirewallRules: [{7E54A6EE-FB66-4B87-AF21-0770E20C250E}] => (Allow) LPort=5556
FirewallRules: [{EC64A73F-9C15-4066-BBFC-80A58E246C2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F22331B4-691C-4F0C-8675-8A4BDF00E39D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{D4799C1E-4693-4F64-B855-4DA5749DE500}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC -> )
FirewallRules: [TCP Query User{4CB13AE9-7084-4A83-BC12-848522DF60E8}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC -> )
FirewallRules: [{6227C5EA-E5F9-4C60-8D66-32D77F2E16EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{E3A6ED74-81F5-446A-957D-10E530C43644}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{BDC72FFF-6BF5-4EA4-A1C9-87615CF8650F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B3F40DE2-8388-4CAE-8638-D6A2B4EFF453}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{0FB634A8-6EA7-43B2-A769-45454BE438C0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{38448C18-A688-49C7-8174-1B2BC24536EC}] => (Allow) LPort=54925
FirewallRules: [{E3D39E12-16A5-4746-8B99-19BD74822B66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B883ABCE-DF1A-4A0B-ABAE-8CA27CB83D1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4318DBDD-DDE1-463F-BCE7-258D6D028763}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{49A75FE9-C561-4677-8237-CBBBA6E4DDF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.06 GB) (Free:56.03 GB) (47%)

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead

Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Owner-PC.local. Addr 192.168.1.142

Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA FE80:0000:0000:0000:E817:E563:0AE0:1EE1

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:1409:8DA2:D26A:B94D

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F

Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:E817:E563:0AE0:1EE1


System errors:
=============
Error: (03/02/2021 12:48:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:36 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:33 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:30 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:27 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/02/2021 12:48:22 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (03/01/2021 06:43:09 PM) (Source: DCOM) (EventID: 10005) (User: Owner-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
================
Date: 2021-03-01 18:40:15
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2021-03-01 18:50:51
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.


==================== Memory info ===========================

BIOS: LENOVO FHKT48AUS 05/28/2014
Motherboard: LENOVO SHARKBAY
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 90%
Total physical RAM: 4002.3 MB
Available physical RAM: 378 MB
Total Virtual: 5602.3 MB
Available Virtual: 1578.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.06 GB) (Free:56.03 GB) NTFS
Drive f: (My Book) (Fixed) (Total:1862.98 GB) (Free:1763.82 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.3 GB) FAT32

\\?\Volume{bd82434a-ce60-11e4-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{71b5c2a1-0000-0000-0000-c0991d000000}\ () (Fixed) (Total:0.84 GB) (Free:0.4 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 71B5C2A1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0C)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37


theres cleary something in these FRST files that doesnt allow me to copy and paste them here if Ive been able to copy and paste everything else just fine lol
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
Good news is a lot of bad stuff is gone now. I will have a look at your logs tomorrow and will have a fix for you. This will be an easy fix but it will take a few steps to accomplish.
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
If a lot of the bad stuff is gone why don't the pop ups seem to have decreased lol
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,379
532
PCHF Bunker
pchelpforum.net
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.7 KB · Views: 4
Status
Not open for further replies.