Had A Bit Of A Scare. Am I Ok Now?

SEGA · Jun 16, 2023

Hi there. You guys have helped me so much in the past.

So recently I was unable to access certain websites. My computer would just say 'connection issues'. I didn't think much of it, until I tried to access Zophar (for spc music files). The laptop wouldn't allow access saying connection failed, whereas my phone would. I tried to update Superantispyware, and it wouldn't connect, neither wwas I allowed access to the website.

This freaked me out, so I ran malwarebytes and Adwcleaner. Malwarebytes came up with some results and although I don't seem able to save a log on the free version, I did take a screenshot which I attached here. Trojandropper, remote bot, stuff that looked pretty nasty. Thankfully Malware was able to wipe them and after a restart I was able to access SAA. I ran AdwCleaner also, the results of which are below.

My question's are: 1. how could these have got onto my laptop? I know how they 'could' have, but have these been popping up recently in particular spots? Certain websites or downloads from something like [popular rom site] for example?

2. Am I relatively safe now? Or should I run some extra stuff just to be sure?

3. Is there any particular steps I should take to avoid this in the future?

4. I'm unable to run windows defender. It says disabled by system administrator...but as you probably guessed that happens to be me and I've done no such thing directly. Is this something like SAA that disables it (i don't have AVG or anything like that)

I realise that the answers might crossover, but would appreciate your advice.

Thanks

Oh My! · Jun 16, 2023

Greetings and welcome back to the MajorGeeks Malware Forum.

Before answering your questions it is necessary to evaluate the current state of your system. Please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important

If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen

2 Notepad documents should now be open on your desktop.

Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

FRST.txt

Addition.txt

SEGA · Jun 18, 2023

Hello. Thanks for yourwillingness to help. I still trust MG more than anyone else lol

I ran as administrator, here are the files you asked for

Oh My! · Jun 19, 2023

We are happy you are back. Thank you for your patience.

It is hard to answer some of your questions until we gather some additional information.

The screen shot is not attached.

I noticed you modified your operating system, presumably designed to remain with the Windows 8.1 Operating System? Is that correct?

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File) 
Task: {BE1E7C59-C299-4B90-B4B7-69F37635841E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe  (No File) 
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File 
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File) 
Task: {BE1E7C59-C299-4B90-B4B7-69F37635841E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe  (No File) 
U4 USOSVC; no ImagePath 
U4 WaasMedicSvc; no ImagePath 
SearchScopes: HKU\S-1-5-21-179275616-4026186286-2020079577-1001 -> DefaultScope {BFF50885-F55B-4749-866E-36F6E62F215B} URL =
SearchScopes: HKU\S-1-5-21-179275616-4026186286-2020079577-1001 -> {BFF50885-F55B-4749-866E-36F6E62F215B} URL =
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
Zip: C:\ProgramData\Malwarebytes\MBAMService\Quarantine
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

The tool will create a zipped folder on your Desktop with today's date, example: 02.17.2022_13.24.50.zip. Please attach the file to your reply.

Type the following in the Search Field
Code:
chromehtml
Click the Search Registry button

A Search.txt document will open and will be saved on the Desktop

Copy and paste the contents of that document your reply

===================================================

Farbar Service Scanner

--------------------

Please note: Any security warning you may receive is a false positive detection

Please download Farbar Service Scanner and save it to your Desktop

Right click on FSS.exe and select Run as administrator

Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

Press Scan

Please copy and paste the contents of the FSS.txt report in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Keeping 8.1?

Fixlog

Attached .zip file

Search.txt

FSS.txt

SEGA · Jun 21, 2023

Hi, sorry I didn't realise I had to paste the contetns of some files.
I was unable to run Farbar Service Scanner due to SmartGlass blocking it (no idea what this is)

My laptop is refurbished from Dell, it already had windows 8.1 installed when I acquired it. No idea if it had something else previously. I think MS has a free upgrade to Windows 10, but should I do that?

Here are the ones you asked for:

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2023
Ran by troy (21-06-2023 12:53:59) Run:1
Running from C:\Users\troy\Desktop
Loaded Profiles: troy
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
Task: {BE1E7C59-C299-4B90-B4B7-69F37635841E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe (No File)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
Task: {BE1E7C59-C299-4B90-B4B7-69F37635841E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe (No File)
U4 USOSVC; no ImagePath
U4 WaasMedicSvc; no ImagePath
SearchScopes: HKU\S-1-5-21-179275616-4026186286-2020079577-1001 -> DefaultScope {BFF50885-F55B-4749-866E-36F6E62F215B} URL =
SearchScopes: HKU\S-1-5-21-179275616-4026186286-2020079577-1001 -> {BFF50885-F55B-4749-866E-36F6E62F215B} URL =
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
Zip: C:\ProgramData\Malwarebytes\MBAMService\Quarantine
End::
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE1E7C59-C299-4B90-B4B7-69F37635841E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1E7C59-C299-4B90-B4B7-69F37635841E}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22}" => removed successfully
C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500" => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1E7C59-C299-4B90-B4B7-69F37635841E}" => not found
"C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7F299F9-FEB0-46CA-B93B-3C9DC20EBB22}" => not found
"C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft OneDrive Auto Update Task-S-1-5-21-179275616-4026186286-2020079577-500" => not found
HKLM\System\CurrentControlSet\Services\USOSVC => removed successfully
USOSVC => service removed successfully
HKLM\System\CurrentControlSet\Services\WaasMedicSvc => removed successfully
WaasMedicSvc => service removed successfully
"HKU\S-1-5-21-179275616-4026186286-2020079577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-179275616-4026186286-2020079577-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFF50885-F55B-4749-866E-36F6E62F215B} => removed successfully
========= Set-MpPreference -DisableRealtimeMonitoring $false =========
Set-MpPreference : The 'Set-MpPreference' command was found in the module 'Defender', but the module could not be
loaded. For more information, run 'Import-Module Defender'.
At C:\FRST\tmp.ps1:1 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $false
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-MpPreference:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
========= End of Powershell: =========
========= Get-MpComputerStatus =========
Get-MpComputerStatus : The 'Get-MpComputerStatus' command was found in the module 'Defender', but the module could not
be loaded. For more information, run 'Import-Module Defender'.
At C:\FRST\tmp.ps1:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpComputerStatus:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
========= End of Powershell: =========
================== Zip: ===================
C:\ProgramData\Malwarebytes\MBAMService\Quarantine -> Size=zero byte
=========== Zip: End ===========
The system needed a reboot.
==== End of Fixlog 12:54:08 ====

SEGA · Jun 21, 2023

SearchReg.txt (no file created called just search.txt)

Farbar Recovery Scan Tool (x64) Version: 20-06-2023
Ran by troy (21-06-2023 12:57:47)
Running from C:\Users\troy\Desktop
Boot Mode: Normal
================== Search Registry: "chromehtml" ===========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".pdf"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".svg"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"snews"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromeHTML_http"="0"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromeHTML_https"="0"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromeHTML_mailto"="0"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromeHTML_.pdf"="0"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromeHTML_.webp"="0"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.webp\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\.htm]
""="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\.html]
""="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\.shtml]
""="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\.xht]
""="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\.xhtml]
""="ChromeHTML"
[HKEY_USERS\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Classes\ChromeHTML]
====== End of Search ======

Oh My! · Jun 21, 2023

I would highly recommend you upgrade to Windows 10. If you would like to do that see the below instructions. If you have any questions regarding an upgrade please don't hesitate to ask.

===================================================

Windows 10 In-Place Upgrade Using Windows Media Creation Tool

--------------

Note: Though this process should not affect your files I highly recommend backing up your data files (documents, photos, music, etc.) prior to starting the process. This process will take some time to complete.

Navigate to Microsoft's Download Windows 10 page

Click Update now

Click Save File and save it to your Desktop

Right click on the Windows10Upgrade icon and select Run as administrator

Click Accept on the license terms screen

Select Upgrade this PC now and click Next

Once the process completes click Accept

On the Ready to install screen confirm Install Widows 10 and Keep personal files and apps are checked. If not, click Change what to keep and include those 2 <<<Important<<<

Click Install

Once completed you will be greeted with a Welcome Back message. Close the browser window and you should be back at your Desktop as it was prior to the process

Report the results in your reply

===================================================

Things I would like to see in your next reply.

Results?

SEGA · Jun 21, 2023

Hello, I got a message saying the app cannot run on my laptop.

Surely it can?

Oh My! · Jun 21, 2023

I am disappointed but not surprised. There are a number of settings we need to reverse. Please run a new FRST scan so that we can work on the most current information. Attach both reports to your reply.

SEGA · Jun 22, 2023

Windows defender automatically updated and ran after I resarted my laptop. Came up with more viruses that it removed. after this I ran FRST again like you said.

Oh My! · Jun 22, 2023

Thank you for the information.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable from and save it to your Desktop

Right click on the folder and select Extract All..., then click Extract

Double click on the RevoUninstaller-Portable folder

Right click on RevoUPort and select Run as administrator

Click OK on the License Agreement

From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Code:
OPSWAT
If the program's uninstaller appears work through the steps to remove the program(s)

Be sure the Advanced option is selected then click Scan

For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion

Once done click Finish

Reboot your computer

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Please download the attached file and save it in the same location as FRST.exe <<< Important

Right click on FRST and select Run as administrator

Click Fix and once completed your computer will reboot

The tool will create a log on the desktop called Fixlog.txt

Copy and paste the contents of the report in your reply. If it is too large please attach it.

Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.

Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

OPSWAT uninstalled?

Fixlog

SEGA · Jun 23, 2023

Hello, I did as asked, OPSWAT Client uninstalled and selected all + deleted all the associations that popped up with it.
Reset, put fixlist txt on desktop with FRST64.exe, then ran as admin and just pressed fix.
Laptop reset. Upon booting up, a blue screen message from microsoft appeared saying Windows 8.1 was no longer supported and I should update to Windows 11. I clicked on 'remind me later'.

Here are the results of the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2023
Ran by troy (23-06-2023 20:54:18) Run:2
Running from C:\Users\troy\Desktop
Loaded Profiles: troy
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-179275616-4026186286-2020079577-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-179275616-4026186286-2020079577-1001\...\MountPoints2: {3910dffd-7c5c-11eb-8252-806e6f6e6963} - "D:\Autorun.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
S4 SU10Guard; C:\Windows\Y891NREA60\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
HKU\S-1-5-21-179275616-4026186286-2020079577-1001\...\ChromeHTML: -> <==== ATTENTION
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKU\S-1-5-21-179275616-4026186286-2020079577-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKU\S-1-5-21-179275616-4026186286-2020079577-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3910dffd-7c5c-11eb-8252-806e6f6e6963} => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dismHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EOSNOTIFY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstallAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MUSNOTIFICATIONUX.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\remsh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIHClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateAssistant.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPFC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UsoClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaaSMedic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaasMedicAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\System\CurrentControlSet\Services\SU10Guard => removed successfully
SU10Guard => service removed successfully
HKU\S-1-5-21-179275616-4026186286-2020079577-1001_Classes\ChromeHTML => removed successfully
The system needed a reboot.
==== End of Fixlog 20:54:25 ====

Oh My! · Jun 23, 2023

Excellent work, my friend.

Your system does not support Windows 11 so we will once again try the steps from Post #7. Let me know if we are able to update your system. If not, provide the error information.

SEGA · Jun 26, 2023

Hello, I still get the same error message, that windows 10 app cannot run on this laptop. Maybe the specs are really that low on it? Online it says you must have free disk space, which I have, and it won't run on ARM systems?

but it's not even starting the installation and then stopping midway, it just won't start the installer at all, which makes me wonder why...

Oh My! · Jun 26, 2023

Greetings.

Let's try to gather some report information.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST will do it for you
Code:
Start::
Zip: C:\$Windows.~BT\Sources\panther\setupact.log;C:\$Windows.~BT\Sources\panther\miglog.xml;
Zip: C:\$Windows.~BT\sources\panther\setupapi\setupapi.dev.log;C:\$Windows.~BT\sources\panther\setupapi\setupapi.app.log;
Zip: C:\Windows\memory.dmp
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

3 separate .zip files should be placed on your Desktop. Upload each file to GoFile, WeTransfer, or the file hosting site of your choice and post the download links in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Fixlist

3 Download links

SEGA · Jun 30, 2023

Hi there, sorry for not replying earlier.
I did run FRST as administrator and copied the text, but no zip files were created. I have attached the fixlog.txt

Oh My! · Jun 30, 2023

Thank you.

Please attempt this.

===================================================

Compatibility Mode

--------------------

Right click on the Windows10Upgrade icon (referring to Post #7) then select Properties

Click on the Compatibility tab

Under Compatibility Mode place a check mark in the Run this program in compatibility mode for:

Select your operating system (example Windows 8)

Click Apply, then OK

Right click on the Windows10Upgrade icon and select Run as administrator

Report the results

===================================================

Things I would like to see in your next reply.

Results?

SEGA · Jun 30, 2023

I did as you suggested, it said it was already set to windows 8 for compatability, but I selected it again and applied it.

The exact same thing happened. "this app will not run on this PC"

Maybe my laptop specs are too outdated. At least the viruses seem to be gone. Perhaps I shouldn't buy refurbished from Dell anymore lol

Oh My! · Jun 30, 2023

If you are OK with 8.1 we can leave things as they are. There may be other things we can try but it is up to you.

LJR · Dec 11, 2023

It may or may not help. I had two computers that ran Win 8.1 (32 bit) flawlessly for well over five years, but when I tried to "upgrade" to Win 10, I simply got a message from each saying "This computer can't be ugraded to Win 10."

While a true PITA, I backed up ALL of my important files and data. With crossed fingers, I carefully kept the hard drives safe, and instead installed new, unused SSD's. With a CLEAN INSTALL, (and using the previous Win 8 Pro license keys) they installed Win 10 perfectly. (Apparently, it's the "upgrade" from a 32 bit system to Win 10's 64 bit that was the problem?)

Depending upon the memory amount, (both had 4 GB, the max allowed) and processor type/speed, Win 10 may be a viable option despite the headaches involved. (Of the two computers I moved to Win 10, an AMD "Phenom 64 Quad-Core" seems to be at least as good as an i5 4th Generation (all I have to compare it with.) On the other hand (and I wasn't sure it would even allow a clean install) An Intel Pentium-based "Dual-Core" (NOT Core-Duo; BIG difference) did in fact allow Win 10 to run, but was too S-L-O-W to be usable, so I'm trying to reinstall Win 8.1 and just not use it on the Internet.

The biggest "problem" with Win 8.1 is no further support or security patches by Microsoft, and other software vendors will also no longer provide support for such an"obsolete" OS as well. (That especially applies to most of the computer manufacturers, such as Lenovo, Dell, etc.) Lenovo, at least, still lists drivers on a "as-is" and unsupported basis for many of their older systems, [including the Pentium dual-core K210 that originally came with VISTA. They list drivers for Win 7, that apparently also worked with Win 8.1.)

Had A Bit Of A Scare. Am I Ok Now?

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

SEGA Private E-2

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

Attached Files:

SEGA Private E-2

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

SEGA Private E-2

Attached Files:

Oh My! Malware Expert Staff Member

SEGA Private E-2

Oh My! Malware Expert Staff Member

LJR Private First Class