Solved Can't open Command Prompt & Other issue
- Thread starter khval94
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Changing the services to default may kill the wifi.....
You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.
You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.
Open notepad, and copy and paste the content of the codebox below into an open notepad.
Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
GroupPolicy-x32: Restriction ? <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
C:\WINDOWS\SysWOW64\Amazon
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
SetDefaultFilePermissions: C:\windows\system32\consent.exe
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.
I ran the all-in-one tool last night before seeing this message. I entered the code you suggested, ran FSRT, and rebooted.Changing the services to default may kill the wifi.....
You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.
Still can't run cmd prompt as admin
Attach all logs from this point...Post the fix log from FRST.
Download Autologger to your desktop.
Also, run this tool and post the log. This time do not copy and paste it, attach it, as it is rather long.
Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
Download Autologger to your desktop.
- Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
- Right click Autologger and run as admin. (Xp user double click)
- AVZ4 will open and scan your machine, allow this to complete.
- Upload Collectionlog.zip to your next reply.
Also, run this tool and post the log. This time do not copy and paste it, attach it, as it is rather long.
Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (22-03-2022 09:08:44) Run:4
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
GroupPolicy-x32: Restriction ? <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
C:\WINDOWS\SysWOW64\Amazon
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
SetDefaultFilePermissions: C:\windows\system32\consent.exe
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79D487FF-A063-4A2F-BA37-9FDDFE380E24}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C61CEB76-8A69-4D76-98A0-E8A690B01591}" => removed successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => removed successfully
C:\WINDOWS\SysWOW64\Amazon => moved successfully
"C:\Windows\System32\cmd.exe" => Default permissions restored successfully.
"C:\windows\system32\consent.exe" => Default permissions restored successfully.
========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========
Deleted file - C:\Users\khval\AppData\Local\temp\.ses
Deleted file - C:\Users\khval\AppData\Local\temp\7896-10720-9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-12984-10.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4060-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4412-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5044-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5976-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-6072-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7100-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7564-8.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7916-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-8988-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-10848-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-11040-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12540-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12848-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-13008-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-7228-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9200-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9472-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\HPSA_Uninstall_20220322-082712.txt
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverlay.ico
Deleted file - C:\Users\khval\AppData\Local\temp\StructuredQuery.log
Deleted file - C:\Users\khval\AppData\Local\temp\~DFF691582FC4B647F0.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\~DFFF2A9B2DC013C307.TMP
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\Application_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\AppxErrorReport_B1F833E4-3DA1-0006-F775-F8B1A13DD801.txt => moved successfully
C:\Windows\Temp\FusionRestarter-expand.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\System_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
=========== EmptyTemp: ==========
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11809102 B
Java, Flash, Steam htmlcache => 2409 B
Windows/system/drivers => 4084 B
Edge => 9813213 B
Chrome => 717168 B
Brave => 272335540 B
Firefox => 15451756 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2370 B
NetworkService => 40272 B
khval => 3279811 B
Kristian => 3293027 B
RecycleBin => 1544998 B
EmptyTemp: => 305 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:09:33 ====
Ran by khval (22-03-2022 09:08:44) Run:4
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
GroupPolicy-x32: Restriction ? <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
C:\WINDOWS\SysWOW64\Amazon
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
SetDefaultFilePermissions: C:\windows\system32\consent.exe
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79D487FF-A063-4A2F-BA37-9FDDFE380E24}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C61CEB76-8A69-4D76-98A0-E8A690B01591}" => removed successfully
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => removed successfully
C:\WINDOWS\SysWOW64\Amazon => moved successfully
"C:\Windows\System32\cmd.exe" => Default permissions restored successfully.
"C:\windows\system32\consent.exe" => Default permissions restored successfully.
========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========
Deleted file - C:\Users\khval\AppData\Local\temp\.ses
Deleted file - C:\Users\khval\AppData\Local\temp\7896-10720-9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-12984-10.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4060-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-4412-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5044-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-5976-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-6072-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7100-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7564-8.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-7916-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7896-8988-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-10848-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-11040-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12540-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-12848-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-13008-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-7228-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9200-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9796-9472-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\HPSA_Uninstall_20220322-082712.txt
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverlay.ico
Deleted file - C:\Users\khval\AppData\Local\temp\StructuredQuery.log
Deleted file - C:\Users\khval\AppData\Local\temp\~DFF691582FC4B647F0.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\~DFFF2A9B2DC013C307.TMP
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\Application_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\AppxErrorReport_B1F833E4-3DA1-0006-F775-F8B1A13DD801.txt => moved successfully
C:\Windows\Temp\FusionRestarter-expand.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\System_B1F833E4-3DA1-0006-F775-F8B1A13DD801.evtx => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
=========== EmptyTemp: ==========
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11809102 B
Java, Flash, Steam htmlcache => 2409 B
Windows/system/drivers => 4084 B
Edge => 9813213 B
Chrome => 717168 B
Brave => 272335540 B
Firefox => 15451756 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2370 B
NetworkService => 40272 B
khval => 3279811 B
Kristian => 3293027 B
RecycleBin => 1544998 B
EmptyTemp: => 305 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:09:33 ====
@khval94 Temporarily disable user account control.
Step 1: Type control panel in the search bar of Windows 10 and click this app in the result to open it.
Step 2: Go to User Accounts > Change User Account Control settings.
Step 3: Drag the slider control to Never notify and click OK to apply the change.
Step 1: Type netplwiz in the search bar of Windows 10 and click this app in the result to open it.
Step 2:Make sure your account is selected.
Step 3: Select properties option.
Step 4: Select Group Membership.
Step 5: Click Administrator.
Step 6: Click Apply
Step 7: Reboot when prompted and check the issue.
Note: You may need to do this from the other admin account you created, you might not be able to apply these changes to yourself.
1. Right-click your computer desktop and then go to New > Shortcut.
2. Type cmd.exe in the box that is below Type cmd.exe and then click Next.
After this setting, you can run Command Prompt as administrator by double-clicking this shortcut.
You can uninstall RogueKiller and Zemana with GeekUninstaller.
Open notepad, and copy and paste the content of the codebox below into an open notepad.
Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.
Step 1: Type control panel in the search bar of Windows 10 and click this app in the result to open it.
Step 2: Go to User Accounts > Change User Account Control settings.
Step 3: Drag the slider control to Never notify and click OK to apply the change.
Step 1: Type netplwiz in the search bar of Windows 10 and click this app in the result to open it.
Step 2:Make sure your account is selected.
Step 3: Select properties option.
Step 4: Select Group Membership.
Step 5: Click Administrator.
Step 6: Click Apply
Step 7: Reboot when prompted and check the issue.
Note: You may need to do this from the other admin account you created, you might not be able to apply these changes to yourself.
1. Right-click your computer desktop and then go to New > Shortcut.
2. Type cmd.exe in the box that is below Type cmd.exe and then click Next.
- Right-click the shortcut you have created and then select Properties.
- Go to Security > Advanced.
- Select Run as administrator and click OK.
- Click Apply and OK to save the change.
After this setting, you can run Command Prompt as administrator by double-clicking this shortcut.
You can uninstall RogueKiller and Zemana with GeekUninstaller.
Open notepad, and copy and paste the content of the codebox below into an open notepad.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Zemana
C:\Program Files\RogueKiller
C:\Users\khval\AppData\Roaming\uTorrent Web
C:\Program Files (x86)\TotalAV
C:\Program Files\mcafee
C:\Program Files (x86)\Lavasoft
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Malwarebytes
C:\$AV_AVG
C:\WINDOWS\ZAM.krnl.trace
C:\WINDOWS\System32\avgremoverx.exe
C:\Users\khval\AppData\Local\BitTorrentHelper
C:\Users\khval\AppData\Local\mbam
C:\Users\khval\AppData\Local\Zemana
C:\Program Files\Common files\AVG
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D59EC2BD37A"
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleaner Smart Cleaning"
DeleteValue:[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"AVGUI.exe"
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK]
[-HKLM\Software\AVG]
[-HKLM\Software\Malwarebytes]
[-HKLM\Software\TrendMicro]
[-HKLM\Software\ZmnGlobalSDK]
[-HKLM\Software\WOW6432Node\Amazon]
[-HKLM\Software\WOW6432Node\Lavasoft]
[-HKLM\Software\WOW6432Node\TrendMicro]
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:Save it to your desktop, name it fixlist.txt
Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.
Last edited:
I moved this back to windows 10. I am out of ideas.
Other than a repair install.
www.tenforums.com
Other than a repair install.
Repair Install Windows 10 with an In-place Upgrade
How to Do a Repair Install of Windows 10 with an In-place Upgrade
www.tenforums.com
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (23-03-2022 09:40:26) Run:5
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Zemana
C:\Program Files\RogueKiller
C:\Users\khval\AppData\Roaming\uTorrent Web
C:\Program Files (x86)\TotalAV
C:\Program Files\mcafee
C:\Program Files (x86)\Lavasoft
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Malwarebytes
C:\$AV_AVG
C:\WINDOWS\ZAM.krnl.trace
C:\WINDOWS\System32\avgremoverx.exe
C:\Users\khval\AppData\Local\BitTorrentHelper
C:\Users\khval\AppData\Local\mbam
C:\Users\khval\AppData\Local\Zemana
C:\Program Files\Common files\AVG
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D59EC2BD37A"
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleaner Smart Cleaning"
DeleteValue:[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"AVGUI.exe"
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK]
[-HKLM\Software\AVG]
[-HKLM\Software\Malwarebytes]
[-HKLM\Software\TrendMicro]
[-HKLM\Software\ZmnGlobalSDK]
[-HKLM\Software\WOW6432Node\Amazon]
[-HKLM\Software\WOW6432Node\Lavasoft]
[-HKLM\Software\WOW6432Node\TrendMicro]
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Zemana => moved successfully
C:\Program Files\RogueKiller => moved successfully
"C:\Users\khval\AppData\Roaming\uTorrent Web" => not found
"C:\Program Files (x86)\TotalAV" => not found
"C:\Program Files\mcafee" => not found
"C:\Program Files (x86)\Lavasoft" => not found
"C:\Program Files\AVG" => not found
C:\Program Files\Common Files\AVG => moved successfully
"C:\Program Files\Malwarebytes" => not found
C:\$AV_AVG => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\WINDOWS\System32\avgremoverx.exe => moved successfully
C:\Users\khval\AppData\Local\BitTorrentHelper => moved successfully
C:\Users\khval\AppData\Local\mbam => moved successfully
C:\Users\khval\AppData\Local\Zemana => moved successfully
"C:\Program Files\Common files\AVG" => not found
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D59EC2BD37A"" => not found
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"CCleaner Smart Cleaning"" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"AVGUI.exe"" => not found
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\AVG => removed successfully
HKLM\Software\Malwarebytes => removed successfully
HKLM\Software\TrendMicro => removed successfully
HKLM\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\WOW6432Node\Amazon => removed successfully
HKLM\Software\WOW6432Node\Lavasoft => removed successfully
HKLM\Software\WOW6432Node\TrendMicro => removed successfully
========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========
Deleted file - C:\Users\khval\AppData\Local\temp\.ses
Deleted file - C:\Users\khval\AppData\Local\temp\8488-12640-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8132-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8136-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\khval\AppData\Local\temp\khval.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\Kristian.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\LibraryConfigurationS.xml
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverlay.ico
Deleted file - C:\Users\khval\AppData\Local\temp\QBEasyUpgrader29.log
Deleted file - C:\Users\khval\AppData\Local\temp\QBSearchIndexerError.txt
Deleted file - C:\Users\khval\AppData\Local\temp\wctABB9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\~DF1AF6037F000E9E44.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647972571758142700_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647972571759143300_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\wctAC27.tmp => moved successfully
C:\Windows\Temp\wctB475.tmp => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9604362 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4084 B
Edge => 0 B
Chrome => 0 B
Brave => 412579049 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5060 B
khval => 240985 B
Kristian => 240985 B
RecycleBin => 0 B
EmptyTemp: => 403.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:40:46 ====
I'll try running the repair install and get back to you this evening.
Can I remove any of the other tools we downloaded during this process? I really appreciate all your efforts!
The whole reason I was trying to run cmd prompt as admin was to remove microsoft edge from my computer in the first place. Any suggestions for how to remove this without cmd prompt..? Also, do you know what's going on with the search bar not being able to open now?
Ran by khval (23-03-2022 09:40:26) Run:5
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Zemana
C:\Program Files\RogueKiller
C:\Users\khval\AppData\Roaming\uTorrent Web
C:\Program Files (x86)\TotalAV
C:\Program Files\mcafee
C:\Program Files (x86)\Lavasoft
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
C:\Program Files\Malwarebytes
C:\$AV_AVG
C:\WINDOWS\ZAM.krnl.trace
C:\WINDOWS\System32\avgremoverx.exe
C:\Users\khval\AppData\Local\BitTorrentHelper
C:\Users\khval\AppData\Local\mbam
C:\Users\khval\AppData\Local\Zemana
C:\Program Files\Common files\AVG
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D59EC2BD37A"
DeleteValue:[HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"CCleaner Smart Cleaning"
DeleteValue:[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"AVGUI.exe"
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana]
[-HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK]
[-HKLM\Software\AVG]
[-HKLM\Software\Malwarebytes]
[-HKLM\Software\TrendMicro]
[-HKLM\Software\ZmnGlobalSDK]
[-HKLM\Software\WOW6432Node\Amazon]
[-HKLM\Software\WOW6432Node\Lavasoft]
[-HKLM\Software\WOW6432Node\TrendMicro]
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Zemana => moved successfully
C:\Program Files\RogueKiller => moved successfully
"C:\Users\khval\AppData\Roaming\uTorrent Web" => not found
"C:\Program Files (x86)\TotalAV" => not found
"C:\Program Files\mcafee" => not found
"C:\Program Files (x86)\Lavasoft" => not found
"C:\Program Files\AVG" => not found
C:\Program Files\Common Files\AVG => moved successfully
"C:\Program Files\Malwarebytes" => not found
C:\$AV_AVG => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\WINDOWS\System32\avgremoverx.exe => moved successfully
C:\Users\khval\AppData\Local\BitTorrentHelper => moved successfully
C:\Users\khval\AppData\Local\mbam => moved successfully
C:\Users\khval\AppData\Local\Zemana => moved successfully
"C:\Program Files\Common files\AVG" => not found
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"CCleanerBrowserAutoLaunch_9DCAA999358A6B6ADFA24D59EC2BD37A"" => not found
"HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"CCleaner Smart Cleaning"" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"AVGUI.exe"" => not found
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Adlice Software => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\AvastAdSDK => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Lavasoft => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Zemana => removed successfully
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\AVG => removed successfully
HKLM\Software\Malwarebytes => removed successfully
HKLM\Software\TrendMicro => removed successfully
HKLM\Software\ZmnGlobalSDK => removed successfully
HKLM\Software\WOW6432Node\Amazon => removed successfully
HKLM\Software\WOW6432Node\Lavasoft => removed successfully
HKLM\Software\WOW6432Node\TrendMicro => removed successfully
========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========
Deleted file - C:\Users\khval\AppData\Local\temp\.ses
Deleted file - C:\Users\khval\AppData\Local\temp\8488-12640-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8132-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8488-8136-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\khval\AppData\Local\temp\khval.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\Kristian.bmp
Deleted file - C:\Users\khval\AppData\Local\temp\LibraryConfigurationS.xml
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverlay.ico
Deleted file - C:\Users\khval\AppData\Local\temp\QBEasyUpgrader29.log
Deleted file - C:\Users\khval\AppData\Local\temp\QBSearchIndexerError.txt
Deleted file - C:\Users\khval\AppData\Local\temp\wctABB9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\~DF1AF6037F000E9E44.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647972571758142700_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647972571759143300_73D069AD-E12A-44B8-9E3B-7399869EC26F.log
Deleted file - C:\Users\khval\AppData\Local\temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\wctAC27.tmp => moved successfully
C:\Windows\Temp\wctB475.tmp => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9604362 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4084 B
Edge => 0 B
Chrome => 0 B
Brave => 412579049 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5060 B
khval => 240985 B
Kristian => 240985 B
RecycleBin => 0 B
EmptyTemp: => 403.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:40:46 ====
I'll try running the repair install and get back to you this evening.
Can I remove any of the other tools we downloaded during this process? I really appreciate all your efforts!
The whole reason I was trying to run cmd prompt as admin was to remove microsoft edge from my computer in the first place. Any suggestions for how to remove this without cmd prompt..? Also, do you know what's going on with the search bar not being able to open now?
OK Mal, it looks like the option to select Run as Admin was in Properties > Shortcut >advanced, not Security > Advanced. I was able to select and Apply, and now the shortcut runs as Admin!!
Thank you so much!
Could you please advise on anything else I need to do to make sure my computer is running safely? Do you have any recommendations for protecting my computer from further infections/mishaps?
Thank you so much!
Could you please advise on anything else I need to do to make sure my computer is running safely? Do you have any recommendations for protecting my computer from further infections/mishaps?
Not sure. With everything that is going on, I’d do the repair. But this tool may be able to help.
FixWin
While there were several tutorials and how-to’s already available on the Internet to deal with such annoyances, FixWin as a single utility was conceptualized, to fix some of the common annoyances which may be faced by a Windows user.
www.techspot.com
You can delete anything you wish to delete.
I can make a detailed reply when I return home about security.
Optimize your internet connection.
Click here for instructions.
suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.
Also, keep your browsing private with these tools:
Self Destructing Cookies.
Self Destructing Cookies Chrome.
Some items to keep you safe on the internet.
VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.
Let us know if windows search is still an issue.
Click here for instructions.
suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.
Also, keep your browsing private with these tools:
Self Destructing Cookies.
Self Destructing Cookies Chrome.
Some items to keep you safe on the internet.
VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.
Let us know if windows search is still an issue.
- Status