• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved PC locking up

Status
Not open for further replies.
Stormy

Stormy

PCHF Member
Nov 11, 2023
75
1
San Jose CA
#1
Hello

I am not sure this is the right thread for this but I do have win 10 and I did not see a general thread for issues. I have been having issues with my PC not responding or freezing. I can right click things running in the taskbar and choose "close window" But nothing happens and I have to do a hard reboot. I do not know if this is the cause but in my event viewer I see this multiple times:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user docshopetoplay\stormy SID (S-1-5-21-1489974321-262691052-1310840580-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

I have attached a snapshot of my PC specs from the App called Speccy. Any help you can give me is much appreciated.

my pc speccy 23.jpg
 
#2
instead of that snapshot please supply the speccy link and ps specs.

Can you Download and run and then post. https://www.ccleaner.com/speccy/download
To publish a Speccy profile to the Web:​

In Speccy, click File, and then click Publish Snapshot.​

In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.

Speccy publishes the profile and displays a second Publish Snapshot dialog box. You can open the URL in your default browser, copy it to the clipboard, or close the dialog box.

The last part of each URL is randomized, so only people you provide with the URL will be able to find your profile.

The information given in Speccy cannot be used by anyone to hack your system

Could you also include the power supply specs E.g Cooler Master 850W Gold V2 NOT E.g 850w
 
#4
At first glance
Step 1) You need to free up space on C drive you have only 22% free is below recommendation, 35% would be better.
Step 2) Uninstall Avast antivirus (can be reinstalled later if you wish) Windows has built in security that is better than 3rd party anti virus.
Step 3) Do you need java? If not uninstall.
 
#5
PeterOz said:
At first glance
Step 1) You need to free up space on C drive you have only 22% free is below recommendation, 35% would be better.
Step 2) Uninstall Avast antivirus (can be reinstalled later if you wish) Windows has built in security that is better than 3rd party anti virus.
Step 3) Do you need java? If not uninstall.
Click to expand...
I am stuck in old school PC health, I remember it was always 20% free. I should have known though when windows grew in size, so should the free space.

I am so glad to see that I can get rid of Avast. I wasn't sure about windows version.

Isn't Java needed for browser based games? Or am I confusing that with the old flash?
 
#7
Download MiniToolBox and save the file to the Desktop.

Close the browser and run the tool, check the following options;

List last 10 Event Viewer Errors
List Installed Programs
List Devices (Only Problems)
List Users, Partitions and Memory size

Click on Go.

Post the resulting log in your next reply for us as an attachment
 
#12
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post
 
#13
I still can not see which power supply I have. I know it is between 800w-900w and I usually bought Thermaltake.
Yes Avast reported a clean uninstall.

This FRST app is very cool. I have attached both files. What are you able to find with this app?
 

Attachments

  • FRST.txt
    55.5 KB · Views: 0
  • Addition.txt
    88 KB · Views: 0
#14
Uninstall with Geek Uninstaller.

System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 19.5.0.1 - iolo Technologies, LLC)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.


Code: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {867E9427-CFFD-43F0-9924-28758278BCB0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {CCD009B4-EC2B-46B8-B460-4493F100AEB5} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {0F7862A1-8A6A-4228-AED9-3D2B80D5180E} - System32\Tasks\{A04F52BA-62C2-4BE3-86D4-BE16C7093FDE} => C:\Program Files (x86)\Origin Games\Apex\r5apex.exe  (No File)
Task: {CE7B47F3-F7A0-4D53-A41D-795B47769C6C} - System32\Tasks\{AB11FBA2-A678-4577-98D0-A4DF906CC0FE} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe  (No File)
Task: {80C9BE5E-1EB0-406A-8C14-80712B29A927} - System32\Tasks\{BE093B32-7174-466C-8551-E41304629DD6} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe  (No File)
Task: {7C608E0F-4851-498D-8196-D8D7D2CE874D} - System32\Tasks\{BF1EABB1-DF87-4FCB-A1CA-1D9077E786C8} => C:\GAMES\Vacation Adventures - Park Ranger 7\parkRanger7.exe  (No File)
Task: {C7722128-F4F5-46D9-8842-66C786E82E70} - System32\Tasks\{CF20E479-9277-4D37-BBF1-DB21356480DE} => C:\GAMES\The Unexpected Quest Collectors Edition\TheUnexpectedQuestCE.exe  (No File)
Task: {5D9FA69E-F5B1-4D49-B2A8-AB41A5FF2AE5} - System32\Tasks\{ECAB7DF4-3925-4A22-99A0-1604961FE5AC} => C:\Program Files (x86)\LeeGT-Games\Golden Rails - Road to Klondike CE\GoldenRails_RoadToKlondike_CE.exe  (No File)
Task: {C75B8E0E-16B6-48E8-8431-38409EFF7508} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe  -LogonOrUnlock (No File)
Task: {1D0D2E16-B016-40A0-B920-EA52036C55AB} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe  -Daily (No File)
Task: {AF7C0C4E-71C2-4EF2-A6A6-50266A8D2578} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {98A44AB1-71B4-4B3C-8634-1771C7BA7A57} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {0FD6F168-1E81-49BF-B351-EF2A67CC2009} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe  tray (No File)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1489974321-262691052-1310840580-1000\...\Run: [launcher] => C:\Program Files (x86)\Watcher of Realms\moontonlauncher.ex (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.124\Installer\chrmstp.exe [2023-11-09] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {F1AD9D2B-E13E-4150-B46E-BED156022F31} - System32\Tasks\{048A8EFA-45E1-4A04-AC6C-365549D4EF82} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\LeeGT-Games\Hiddenverse - Witchs Tales 2\Uninstall.exe" -d "C:\Program Files (x86)\LeeGT-Games\Hiddenverse - Witchs Tales 2\"
Task: {BB29457D-6997-45F2-833E-22E82A263F5C} - System32\Tasks\{0712E062-04BD-4F50-AF2D-518C9251781B} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a "E:\Downloads\HellHades.ArtifactExtractor.Installer.v1.0.0-1-g74341f4 (4).exe" -d E:\Downloads
Task: {F6FDBE15-1CD4-40E6-B469-6F42C2EF038F} - System32\Tasks\{38D145DB-C32A-4E83-9EB4-2CFE207CD5A3} => E:\Downloads\TheUnexpectedQuestCE\The Unexpected Quest CE.exe [317467903 2021-12-18] () [File not signed]
Task: {D20C6A24-02A8-4B60-B9B5-545F14C1866F} - System32\Tasks\{450FCDC3-F46C-4B3C-9746-3522B8F35FCC} => C:\Windows\system32\pcalua.exe [53760 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\stormy\AppData\Local\Temp\jre-8u201-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {4ED9DFD6-8BE1-4253-AD06-1863F540F1B3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {DEEC2839-85CC-4AAC-B954-123F63DF0142} - System32\Tasks\iolo\ActiveMessenger => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -ammode
Task: {68875BC2-8EB5-40D4-8FA0-7CFF0F2C979C} - System32\Tasks\iolo\ActiveReporter => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -armode
Task: {4076D30F-03B9-4BFB-BC54-431CFA17DF10} - System32\Tasks\iolo\ActiveSync => C:\Program Files\iolo technologies\System Mechanic\activebridge.exe [565528 2023-10-28] (iolo technologies, LLC -> iolo technologies, LLC) -> -appexecutable systemmechanic.exe -scheduler -asmode
Task: C:\WINDOWS\Tasks\{6B8323E3-EE61-F4C3-E2A8-4E260BF128ED}.job => C:\Users\stormy\AppData\Roaming\Lolor\SYNHEL~1.EXE
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [53904 2017-11-11] (AVAST Software s.r.o. -> The OpenVPN Project)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [88720 2020-04-24] (Avast Software s.r.o. -> Windows (R) Win 7 DDK provider)
2023-11-12 15:17 - 2018-05-12 14:48 - 000000000 ____D C:\Users\stormy\AppData\Local\AVAST Software
2023-11-12 15:17 - 2017-11-11 00:07 - 000000000 ____D C:\Users\stormy\AppData\Roaming\AVAST Software
2023-11-12 13:10 - 2023-06-26 19:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-11-12 13:10 - 2017-11-11 00:04 - 000000000 ____D C:\ProgramData\AVAST Software
C:\WINDOWS\System32\DRIVERS\aswTap.sys
C:\WINDOWS\System32\drivers\netfilter2.sys
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3612ADDC-4B26-46D3-A796-4C9EE274B6A2}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{3612ADDC-4B26-46D3-A796-4C9EE274B6A2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4AF2120-5483-4B9E-A871-7ADA06250438}: [DhcpNameServer] 8.8.8.8
S3 mracsvc; C:\Windows\System32\mracsvc.exe [23539928 2021-11-01] (LLC Mail.Ru -> LLC Mail.Ru)
S3 myacsvc; C:\WINDOWS\System32\myacsvc.exe [28678888 2023-09-28] (MY.GAMES B.V. -> MY.GAMES B.V.)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [22777400 2021-11-01] (LLC Mail.Ru -> LLC Mail.Ru)
C:\Windows\System32\mracsvc.exe
C:\WINDOWS\System32\myacsvc.exe
C:\WINDOWS\System32\drivers\mracdrv1.sys
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 idsvc; no ImagePath
2023-10-28 18:03 - 2023-10-28 18:03 - 000000000 ____D C:\Users\stormy\AppData\Local\iolo technologies
2023-10-28 18:02 - 2023-10-28 18:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\iolo
2023-10-28 18:01 - 2023-10-28 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iolo Technologies
2023-10-28 18:01 - 2023-10-28 18:01 - 000000000 ____D C:\Program Files\iolo technologies
2023-10-28 18:00 - 2023-10-28 18:03 - 000000000 ____D C:\ProgramData\iolo technologies
2018-03-18 01:14 - 2023-05-25 18:29 - 000000755 _____ () C:\Users\stormy\AppData\Roaming\SAS7_000.DAT
2018-03-16 19:58 - 2018-03-16 19:58 - 000000047 _____ () C:\Users\stormy\AppData\Roaming\WB.CFG
2021-06-29 18:41 - 2023-10-08 03:05 - 000081898 _____ () C:\Users\stormy\AppData\Local\PlariumPlay.log
2019-07-17 22:54 - 2019-07-17 22:54 - 000000218 _____ () C:\Users\stormy\AppData\Local\recently-used.xbel
2018-03-17 11:15 - 2023-01-21 13:55 - 000007619 _____ () C:\Users\stormy\AppData\Local\Resmon.ResmonCfg
2022-12-14 17:01 - 2022-12-14 17:01 - 000000076 _____ () C:\Users\stormy\AppData\Local\TempGameCenter.main.log
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{256dcec2-5c75-c860-0e63-9f46c10ced98}\localserver32 -> "C:\Users\stormy\AppData\Local\PlariumPlay\8.5.0-0.0.0\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{5f09f1a2-2411-9ca8-f9fc-deff0b5ff42a}\localserver32 -> "C:\Users\stormy\AppData\Local\PlariumPlay\8.5.0-0.0.1\dotnet\info\PlariumPlayInfo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1489974321-262691052-1310840580-1000_Classes\CLSID\{eb1fdd5b-8f70-4b5a-b230-998a2dc19303}\localserver32 -> C:\Users\stormy\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe => No File
Toolbar: HKU\S-1-5-21-1489974321-262691052-1310840580-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{D7EE3166-7196-4CEB-ABA9-81D919BE47D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2BB53E33-B084-4199-8A65-F7EF3761EDB0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{47F66E92-4A62-470D-8F30-D54176770821}F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe] => (Allow) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [UDP Query User{F00C575A-DF3F-4D3F-B498-EA37247BD537}F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe] => (Allow) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [{0BF1CC91-724F-4ECC-8192-2A2FC07E003A}] => (Block) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [{CD20541A-2271-4E8B-8254-FC47D0A8F8A6}] => (Block) F:\mygames\skyforge mycom\bin32\gamecenterlight\gamecenter@mail.ru.exe => No File
FirewallRules: [TCP Query User{B10FAB3C-85A4-48D5-A26B-725D79EEB0B8}C:\r.o.h.a.n_blood_feud\rohanclient.exe] => (Allow) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [UDP Query User{5394954C-F9E6-4C6E-A796-DD457B3E1A1E}C:\r.o.h.a.n_blood_feud\rohanclient.exe] => (Allow) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [{D553CB34-E61B-4D53-9E59-E32840657701}] => (Block) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [{932ECEDB-947C-4C23-B829-5C4C904AFA52}] => (Block) C:\r.o.h.a.n_blood_feud\rohanclient.exe => No File
FirewallRules: [TCP Query User{34D543B2-AB82-4981-A966-3BA57495B3C1}C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe] => (Allow) C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe => No File
FirewallRules: [UDP Query User{988AEF1D-5799-4E2F-8106-A5150A79437C}C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe] => (Allow) C:\games\kingdom- rush vengeance rz\kingdom rush vengeance.exe => No File
FirewallRules: [TCP Query User{E545E686-646E-4262-A227-B230CC9D6163}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{E8E1EC0C-B5FE-4730-BB75-9DCFF0DF76FD}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [{9B0A77B1-E2E6-4C7A-B7E4-2CCFEF519820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [{25F729E1-195C-436B-8A37-381F74EC3823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [TCP Query User{1933FA72-777C-4012-AC13-D3A05F814A0F}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe => No File
FirewallRules: [UDP Query User{B0D864C9-D623-4F9C-BE0E-7B8E826934FF}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe => No File
FirewallRules: [TCP Query User{243E565E-0036-4E50-9537-93B236B3ABDE}E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{73AB5C17-9B72-4588-9DC5-DB7E74D62520}E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP Query User{1204EFF5-04BD-49B7-A29E-18D7D950098A}C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe] => (Allow) C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe => No File
FirewallRules: [UDP Query User{5BBF3A13-5AA8-4AD1-9F69-1740D526EC03}C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe] => (Allow) C:\users\stormy\appdata\local\plarium\plariumplay\6.9.0-0.0.0\plariumplay.exe => No File
FirewallRules: [{63928384-9B85-4C5E-949E-91D085B5D570}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Employee A Demo\EmployeeA-demo_v1.2.0-market\EmployeeA.exe => No File
FirewallRules: [{70650560-E7AB-446D-87BA-25987A1CF7A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Employee A Demo\EmployeeA-demo_v1.2.0-market\EmployeeA.exe => No File
FirewallRules: [{655D71A4-553B-41DA-981E-82CC5815E47E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [{7A15A7D7-686A-41F4-9C4C-00BB7118F72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [TCP Query User{208A1499-0910-4807-B4CD-953126A7CE04}C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe => No File
FirewallRules: [UDP Query User{CCEC2084-1D7A-4A1D-920C-ED1CFE0B4148}C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\stormy\appdata\roaming\mjusbsp\magicjack.exe => No File
FirewallRules: [TCP Query User{BA5C05DD-8974-4B44-AD1D-245431A27CC9}C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe] => (Block) C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe => No File
FirewallRules: [UDP Query User{7BE1080A-13C9-4322-B630-03C251415BB5}C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe] => (Block) C:\users\stormy\appdata\local\temp\ixp000.tmp\100_hidden_mice.exe => No File
FirewallRules: [TCP Query User{9475C08D-1AB9-4704-8790-6E47A618F14F}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{B4F91AAA-2040-476B-A5E1-8D1E0DFFCC7E}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP QUERY USER{C91799B7-AED3-4A4E-874E-20EFBFB1F007}E:\DOWNLOADS\UNUSUAL_FINDINGS\UNUSUAL_FINDINGS\UNUSUAL FINDINGS.EXE] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [UDP QUERY USER{4A2214C0-A1FF-47B0-A960-8393F221566C}E:\DOWNLOADS\UNUSUAL_FINDINGS\UNUSUAL_FINDINGS\UNUSUAL FINDINGS.EXE] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [TCP Query User{F1775305-C28F-4DD6-AF36-4D920D1BC348}E:\downloads\unusual_findings\unusual_findings\unusual findings.exe] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [UDP Query User{13C7B3A5-AB51-493F-8F98-8558D98E2B02}E:\downloads\unusual_findings\unusual_findings\unusual findings.exe] => (Allow) E:\downloads\unusual_findings\unusual_findings\unusual findings.exe => No File
FirewallRules: [TCP Query User{9D8D7851-65D3-48B0-933E-CDFA09874408}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [UDP Query User{AE05FEE9-1638-43E4-8527-AC5A29194F64}E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe] => (Allow) E:\downloads\heroofthekingdomthelosttales2 (1)\hero of the kingdom the lost tales 2\hero of the kingdom the lost tales 2.exe => No File
FirewallRules: [TCP Query User{5BB9BA0D-4188-413C-8E3B-8855640F5D65}E:\downloads\factorytownidle\factory town idle\factory town idle.exe] => (Allow) E:\downloads\factorytownidle\factory town idle\factory town idle.exe => No File
FirewallRules: [UDP Query User{6391A94C-7BBD-4033-BCDE-71F3997A26C2}E:\downloads\factorytownidle\factory town idle\factory town idle.exe] => (Allow) E:\downloads\factorytownidle\factory town idle\factory town idle.exe => No File
AlternateDataStreams: C:\ProgramData\TEMP:03A39BFB [286]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
AlternateDataStreams: C:\ProgramData\TEMP:1AB4A9BA [286]
AlternateDataStreams: C:\ProgramData\TEMP:1C9D2BC6 [121]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:423BD573 [280]
AlternateDataStreams: C:\ProgramData\TEMP:53F09A92 [276]
AlternateDataStreams: C:\ProgramData\TEMP:591267A3 [118]
AlternateDataStreams: C:\ProgramData\TEMP:751D6870 [117]
AlternateDataStreams: C:\ProgramData\TEMP:7F981AD1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:8855A119 [138]
AlternateDataStreams: C:\ProgramData\TEMP:89CC3B44 [368]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [148]
AlternateDataStreams: C:\ProgramData\TEMP:BB80A688 [132]
AlternateDataStreams: C:\ProgramData\TEMP:BBEA9471 [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8A40DC8 [286]
AlternateDataStreams: C:\ProgramData\TEMP:C8FBA764 [124]
AlternateDataStreams: C:\ProgramData\TEMP:D4D85847 [143]
AlternateDataStreams: C:\ProgramData\TEMP:DA12E82D [119]
AlternateDataStreams: C:\ProgramData\TEMP:E604EE00 [135]
AlternateDataStreams: C:\ProgramData\TEMP:FBD2878A [119]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
FirewallRules: [{2680ED6A-EDE9-4B2E-B714-8281C7FB3277}] => (Allow) LPort=51001
FirewallRules: [{72ED54FB-147C-4FD7-9CBD-24CCB9E10744}] => (Allow) LPort=80
FirewallRules: [{50826F1A-BAC7-4ACE-BBAF-87BED40D5593}] => (Allow) LPort=443
FirewallRules: [{C0116BC6-8E6B-46B6-A52E-05BE5CE15E64}] => (Allow) LPort=20010
FirewallRules: [{39149C78-DE58-499C-B893-0D7C961FC670}] => (Allow) LPort=3478
FirewallRules: [{922D4EA8-13D6-4A89-B159-04F11BD515FB}] => (Allow) LPort=7850
FirewallRules: [{47EBA1F4-B685-48C6-848F-23F6AEB5B9C4}] => (Allow) LPort=7852
FirewallRules: [{26D1FCBC-3B8D-4FC7-9675-63114EA92D6D}] => (Allow) LPort=7853
FirewallRules: [{EA679DAF-A652-42BC-BBFE-FD95F52A6764}] => (Allow) LPort=27022
FirewallRules: [{CD1F5DBA-E1E1-45DA-A2FD-AFBE10D0C60F}] => (Allow) LPort=6881
FirewallRules: [{DEAA2E4F-67F0-4A75-A317-46A9CFB4F6CC}] => (Allow) LPort=33333
FirewallRules: [{711E67DD-03A7-485C-AEB4-607B6175FB5E}] => (Allow) LPort=20443
FirewallRules: [{1BFB8ECC-43B6-4BF8-BBBC-EA9DE1EB5166}] => (Allow) LPort=8090
C:\Program Files\iolo technologies
C:\WINDOWS\system32\drivers\etc\hosts.ics
C:\Windows\system32\drivers\etc\hosts
Hosts:
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd:  bitsadmin /list /allusers
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Folder: C:\Windows\System32\Tasks
Reboot:
End::
Adware Cleaner


  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me



Once everything above is completed, then re run FRST64.exe and provide fresh FRST and addition.txt logs.
 
#15
Am I supposed to copy that code to FRST or adcleaner? I clicked fix once, expecting a dialogue box to come up so I could paste that code. Instead it fixed whatever is default I guess.
 

Attachments

  • Fixlog.txt
    182.7 KB · Views: 0
#17
As far as pasting the code goes, you did exactly what was asked. The program works from the clipboard.

How is the machine running?

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.
 
#19
Ok, we have removed a whole slew of garbage from this machine. I am currently at work, so I will check over the logs when I get home.

Please run this for me. I am sure more garbage will be removed by this tool. And once I get home I’ll provide another fix for you after checking the logs.




Make sure and disable your antivirus/defender prior to the scan.


  • Download ESET Online Scanner from herea nd save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Click Get started.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue
  • You will now be offered a trial version of ESET Internet Security.Click continue
  • On the next screen, you can leave feedback about the program if you wish.
  • Select Delete application's data on closing, if you are short of disk space or do not wish to retain the program for future use.
  • If you left feedback, click Submit and continue. If not, Close without feedback.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.
 
#20
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.


Code: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
DeleteKey: HKLM\SOFTWARE\499c114e-8890-5040-9c02-24abe7d3ebe9
DeleteKey: HKCU\SOFTWARE\iWinArcade
DeleteKey: HKU\.DEFAULT\SOFTWARE\iWinArcade
DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\iWinArcade
DeleteKey: HKU\.DEFAULT\Software\ByteFence
DeleteKey: HKU\S-1-5-18\Software\ByteFence
DeleteKey: HKLM64\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
DeleteKey: HKU\.DEFAULT\Software\ByteFence
DeleteKey: HKU\S-1-5-18\Software\ByteFence
DeleteKey: HKCU\Software\undefined
DeleteKey: HKLM64\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
DeleteKey: HKLM\SOFTWARE\499c114e-8890-5040-9c02-24abe7d3ebe9
DeleteKey: HKLM\SOFTWARE\WOW6432Node\IObit
DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer
DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer Manager
DeleteKey: HKCU\SOFTWARE\TeamViewer
DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\TeamViewer
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Wondershare
DeleteKey: HKCU\SOFTWARE\Wondershare
DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Wondershare
DeleteKey: HKLM\SOFTWARE\ComodoGroup
DeleteKey: HKLM\SOFTWARE\WOW6432Node\ComodoGroup
DeleteKey: HKLM\SOFTWARE\ZmnGlobalSDK
DeleteKey: HKCU\SOFTWARE\Avast Software
DeleteKey: HKCU\SOFTWARE\Browser Cleanup
DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software
DeleteKey: HKU\.DEFAULT\SOFTWARE\Browser Cleanup
DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Avast Software
DeleteKey: HKU\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Browser Cleanup
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cdloader
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|PlariumPlay
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|launcher
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cdloader
DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|PlariumPlay
DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|launcher
DeleteValue: HKEY_USERS\S-1-5-21-1489974321-262691052-1310840580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SunJavaUpdateSched
C:\ProgramData\IObit
C:\Users\stormy\AppData\Roaming\IObit
C:\Users\stormy\AppData\LocalLow\IObit
C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys
C:\Program Files (x86)\TeamViewer
C:\Program Files (x86)\TeamViewer Manager 9
C:\Users\stormy\AppData\Roaming\TeamViewer
C:\Users\stormy\AppData\Roaming\TeamViewer Manager
C:\WINDOWS\System32\drivers\teamviewervpn.sys
C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys
C:\Program Files (x86)\Common Files\Wondershare
C:\Users\stormy\AppData\Roaming\Wondershare
C:\Users\stormy\AppData\Local\Wondershare
C:\Program Files (x86)\AVAST Software
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
C:\Users\stormy\AppData\Roaming\Avast Tuneup
C:\Program Files\Avast Software\Cleanup\TuneupUI.exe
C:\WINDOWS\Installer\42bc65e4.msi
C:\ProgramData\Trymedia
C:\Users\stormy\AppData\Local\amulet
C:\ProgramData\Trymedia
C:\Users\stormy\AppData\Local\amulet
C:\WINDOWS\System32\drivers\wireguard.sys
C:\WINDOWS\System32\drivers\nlwt.sys
C:\Windows\System32\Tasks\Games
Reboot:
End::

ZHP cleaner Scan.


Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu