Solved My Windows 10 system seems infested with something odd

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Outcome to this point is not entirely unsatisfactory. Start menu pane pops up dimmed and disabled upon first use but is lit and enabled on each subsequent use. Cortana and the few left side buttons are still inoperable. I've downloaded a totally free small app to do Restarts or Sleeps, immediate or scheduled, and whatnot so I will not require that Power button in Start. It's a little awkward but I know as stated how to navigate to Settings. I can live with this. Problem is minor-ish. Maybe a solution awaits down the road.

[Edit: and again, I am rather convinced this is NOT malware-caused]
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
he site is in French so the download button is the same as the picture below..


4848




ZHP Diag Scan Click here to download.


1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.


















2. Click the Scanner button.
















When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
This may not be malware related, but there are drivers and other items that are left over from previous programs that may be interfearing with your machine. The idea behind getting these logs is to not only make sure that there is not any malware, its to also generally clean up your machine to make certain there are no software conflicts. Once you have me a log from either quick scan or ZHP diag then we can clean up all trash off of your machine then start exploring other areas.

You could alsojust run the Xspeed option with Quick Diag.


Capture.PNG
 
Last edited:

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Sure OK, I probably ought to have tried the quickdiag Xspeed thing but instead I am now doing ZHPDIAG. BTW, the options opened with all boxes checked and there is no "validate" button. I proceeded to Scan. I disabled virus protection for this ZHPDiag work but naught else. My PC is up with Normal startup, the usual doodads, and my browser is running during the scan. Ok it is done w/scan and taking forever "statistics writing". Soon I should upload the final report.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
ZHP continues "statistics writing", taking inordinate time but using 5 to 10% of my CPU so I presume it isn't hung. Results soon I hope!
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Ok, a log should appear on your desktop when its done. :)

Even after that a X-Speed scan from quick diag would be nice, but if it wont run then no big deal. :)
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Thanks for the heads-up Malnutrition. I think ZHP was finished writing log 18 minutes ago, when the file was created/mod'd, as it is NOT increasing in size, so here it is attached
 

Attachments

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Yeah that ZHP software deked me out! Apparently it was waiting for me to X-close its "browser" window ad; for when I closed that, then it announced "reporting finished". He-he - nasty!
 
Last edited:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Nice, this information will take some time to go over. So it will be possibly a few hours before I reply. I need to go over this carefully so i do not miss anything.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
No problem.

While I look over things, run this for me please.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.







The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Ok, ZHP cleaner left two text files on desktop (likely some redundancy), both are attached.

And I'll take this opportunity to remind you that if you tell a forum user to download special software that Defender might object to (for its intent to poke and prod much) that it might become necessary to go to the downloaded file's Properties box and tick the "Unblock" box in order for the download to be launch-able.
 

Attachments

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
ZHP Diag Fix.


ZHP Fix




  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • UnZip it to your desktop -- Tool Here if needed.... 7-Zip
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • If you see any Prompts like the one below, select Oui. = Yes in French.


  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.

Code:
Script Zhpfix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
O42 - Logiciel: Facebook Gameroom 1.21.6663.39782 - (.Facebook.) [HKLM] -- {68176DF0-3139-406A-955D-E90916FB9EE8}  =>.Facebook
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {D168AAD0-6686-47C1-B599-CDD4888B9D1A}  =>.Apple Inc.
C:\Program Files\Bonjour
C:\Program Files\HTC
C:\Windows\System32\drivers\ANDROIDUSB.sys
C:\Program Files\Common Files\AVG
C:\WINDOWS\System32\Tasks\AVG
C:\Users\talk2\AppData\Local\Facebook
O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities  =>.Hewlett Packard®
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4}  =>.Hewlett-Packard
O42 - Logiciel: MarketResearch - (.Hewlett-Packard.) [HKLM] -- {175F0111-2968-4935-8F70-33108C6A4DE3}  =>.Hewlett-Packard (Hidden)
HKLM\SOFTWARE\AVG  =>.AVG Software
HKLM\SOFTWARE\Yahoo  =>.Yahoo! Inc.
HKCU\SOFTWARE\AvastAdSDK  =>.Avast Software s.r.o
HKCU\SOFTWARE\AVG  =>.AVG Software
HKCU\SOFTWARE\Browser Cleanup  =>.Avast Software s.r.o
HKCU\SOFTWARE\Chromium  =>.Chromium
HKCU\SOFTWARE\Yahoo  =>.Yahoo! Inc.
HKCU\SOFTWARE\AppDataLow\Software\Yahoo  =>.Yahoo! Inc.
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\AvastAdSDK  =>.Avast Software s.r.o
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\AVG  =>.AVG Software
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\Browser Cleanup  =>.Avast Software s.r.o
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\Chromium  =>.Chromium
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\Facebook  =>.Facebook
HKU\S-1-5-21-632060980-672400531-471590194-1001\SOFTWARE\Yahoo  =>.Yahoo! Inc.
C:\Program Files\Yahoo! 
C:\ProgramData\AVG
C:\ProgramData\HTC
C:\Program Files\Common Files\AVG
C:\Users\talk2\AppData\Roaming\Yahoo!
C:\Users\talk2\AppData\Local\Avg
C:\Users\talk2\AppData\Local\Facebook
C:\Program Files\AVG
O87 - FAEL: "{F6951D83-0BFC-4510-9BC9-B63157F67166}" [In-None-P17-TRUE] .(...) -- C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (.not file.)  =>.SUP.Orphan
O87 - FAEL: "{A00CA56F-ECFE-4828-8F59-24DC2A1FA5B4}" [In-None-P6-TRUE] .(...) -- C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (.not file.)  =>.SUP.Orphan
O90 - PUC: "1110F57186925394F8073301C8A6D43E" [HKLM] . (.MarketResearch.)  =>.Market Research
O90 - PUC: "7ADB9507BD1EC2447B1A16449576024A" [HKLM] . (.HP Update.)  =>.Hewlett-Packard
O90 - PUC: "34180280D77760A4BB4517FBA01DBB07" [HKU] . (.IPTInstaller.)  =>.HTC Corporation
[MD5.96E897368CFF41E126E72FD5555D12D8] [WIS][2014/01/10 04:46:22] (.HTC.) -- C:\WINDOWS\Installer\28dc091d.msi   [614400]  =>.HTC
[MD5.85614BB500BFDA8DEC8381386F6192EA] [WIS][2018/03/31 01:10:43] (.Facebook - Facebook Gameroom 1.21.6663.39782.) -- C:\WINDOWS\Installer\62bf8a5.msi  [52593664]  =>.Facebook
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal  =>.SUP.CloudfrontNet
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_surveymyopinion.researchnow.com_0.localstorage  =>Adware.SearchNow
C:\Users\talk2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_surveymyopinion.researchnow.com_0.localstorage-journal  =>Adware.SearchNow
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
HijackThis.



1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Regarding SecurityCheck, the log is attached


SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 13.07.2019 06:23:44
Path starting: C:\Users\talk2\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ken&vicki
VersionXML: 6.63is-06.07.2019
___________________________________________________________________________

Windows 10(6.3.17763) (x86) Core Release: 1809 Lang: English(0409)
Installation date OS: 20.01.2019 08:42:23
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [1861.5 Gb] Used: [56.2 Gb] Free: [1805.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.615.17763.0 [+]
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled)
--------------------------- [ OtherUtilities ] ----------------------------
FileZilla Client 3.42.1 v.3.42.1 Warning! Download Update
Microsoft Office 365 - en-us v.16.0.11727.20230
VLC media player v.3.0.7.1
OpenOffice 4.1.6 v.4.16.9790
Microsoft Silverlight v.5.1.50918.0
-------------------------------- [ Arch ] ---------------------------------
7-Zip 18.06 v.18.06 Warning! Download Update
Uninstall old version and install new one.
--------------------------------- [ P2P ] ---------------------------------
Shareaza 2.7.9.0 v.2.7.9.0 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 211 v.8.0.2110.12
Java SE Development Kit 8 Update 201 v.8.0.2010.9 Warning! Download Update
Uninstall old version and install new one (jdk-8u211-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.6.1.25 Warning! Download Update
^Please use Apple Software Update tool.^
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 32 PPAPI v.32.0.0.223 [+]
Adobe Acrobat Reader DC v.19.012.20035
------------------------------- [ Browser ] -------------------------------
Google Chrome v.75.0.3770.100
Mozilla Firefox 60.0.2 (x86 en-US) v.60.0.2 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 60.8.0 (x86 en-US) v.60.8.0 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1906.3-0\MsMpEng.exe v.4.18.1906.3
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 

Attachments

Last edited by a moderator:

Rusty Rusty

PCHF Member
PCHF Member
PCHF Donator
Jul 6, 2019
65
8
68
Last but not least here is the HijackThis log attached. But I have more to say. I rebooted and the problem persists but it is still rather minor. I cannot utilize Cortana regardless of how I elect it to appear on the Taskbar. And it won't launch when clicked on in the Start menu pane to which it is pinned (system came that way). I don't know any other way to use/launch it since I don't find in within C: Program Files. Maybe it is in there within "Windows Apps" which is a folder to which I haven't even read permission, the owner being "Trusted Installer". I believe there is a method/protocol for me to take over ownership of that folder and get inside it but I am not sure the exact procedure and have no current interest. I rarely utilize Cortana as I know how to search my files and on the Internet, but on a rare occasion it has proven helpful. And in the Start menu the 5 buttons on the left beside my Programs list don't work, as I stated previously.
 

Attachments

Status
Not open for further replies.