Net Speed Suspiciously Cut In Half

Good Day,

Recently my net speed has been quite slow. Web pages have been opening very slowly. I contacted my ISP and they found indications that there may be something wrong with my router, so, they sent me a brand new upgraded version. Yet, my speeds did not change. Other devices on my network seem to run fairly quickly, but my own personal computer does not.
When I tried downloading MGtools the first time, Windows Defender detected HackTool:Win32/GameHack!MTB and automatically prevented the download. The second time, I was able to have Windows Defender ignore that detection and go through with the download. After doing all the other scans, I scanned with MGtools and I fell asleep halfway through. When I woke up, there was nothing on my screen so I looked for the MGtools zip file and upon opening it, I saw that there were very few txt files present and hijackthis.txt was not there. So, I ran MGtools again and I think I got a proper scan this time.
I changed my ethernet cable in case that was my issue and ran speed tests with speedtest.net and fast.com before and after working through all the scans and there was no change in speeds.
If someone could look over my logs to rule out any malware as the culprit for my issue, I would be greatly appreciative. Thank you for any assistance that you can offer.

 

Here are the requested reports.

 

Yes, my issue started well before WARP was installed.
Also, yes, I used to have Avira on my system but I thought that I had gotten rid of all its remnants after it was uninstalled.



Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (02-08-2025 18:30:24) Run:1
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
cmd: ipconfig /all
cmd: ping google.com
cmd: ping 142.250.72.142
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
cmd: type "C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat"
Folder: C:\Users\Micheal\Desktop\hosts\Hoschtzs
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
cmd: sc stop DPS
C:\WINDOWS\system32\SRU\SRUDB.dat
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
Restore point was successfully created.
Processes closed successfully.

========= ipconfig /all =========


Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-TC8N8O8
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 34-97-F6-BB-3E-D3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2603:7081:40:9467::1300(Preferred)
Lease Obtained. . . . . . . . . . : Saturday, August 2, 2025 1:39:47 AM
Lease Expires . . . . . . . . . . : Wednesday, August 6, 2025 7:33:41 PM
IPv6 Address. . . . . . . . . . . : 2603:7081:40:9467:1083:e121:c8a8:90bc(Preferred)
Temporary IPv6 Address. . . . . . : 2603:7081:40:9467:35b7:fab:d2db:df57(Preferred)
Link-local IPv6 Address . . . . . : fe80::1b03:c326:a467:6d51%7(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 2, 2025 1:39:46 AM
Lease Expires . . . . . . . . . . : Sunday, August 3, 2025 6:25:31 AM
Default Gateway . . . . . . . . . : fe80::2c67:beff:fe42:d45d%7
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 53778422
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-B4-67-DB-34-97-F6-BB-3E-D3
DNS Servers . . . . . . . . . . . : 2603:7081:40:9467::1
8.8.8.8
8.8.4.4
2603:7081:40:9467::1
NetBIOS over Tcpip. . . . . . . . : Disabled
Connection-specific DNS Suffix Search List :
lan
lan

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
Physical Address. . . . . . . . . : B0-C0-90-92-F7-A7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : B0-C0-90-92-F7-A7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
Physical Address. . . . . . . . . : B2-C0-90-92-F7-A7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes


========= End of CMD: =========


========= ping google.com =========


Pinging google.com [2607:f8b0:4006:80b::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:80b::200e: time=47ms
Reply from 2607:f8b0:4006:80b::200e: time=44ms
Reply from 2607:f8b0:4006:80b::200e: time=45ms
Reply from 2607:f8b0:4006:80b::200e: time=45ms

Ping statistics for 2607:f8b0:4006:80b::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 47ms, Average = 45ms


========= End of CMD: =========


========= ping 142.250.72.142 =========


Pinging 142.250.72.142 with 32 bytes of data:
Reply from 142.250.72.142: bytes=32 time=96ms TTL=113
Reply from 142.250.72.142: bytes=32 time=92ms TTL=113
Reply from 142.250.72.142: bytes=32 time=93ms TTL=113
Reply from 142.250.72.142: bytes=32 time=93ms TTL=113

Ping statistics for 142.250.72.142:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 96ms, Average = 93ms


========= End of CMD: =========


========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========

0

========= End of CMD: =========


========= type "C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat" =========

@echo off
cls
goto toggleRename
:toggleRename
If Not %winbootdir%'==' Set HostsOff=%windir%\NOHOSTS
If %OS%'==Windows_NT' Set HostsOff=%SystemRoot%\system32\drivers\etc\NOHOSTS
If %HostsOff%'==' goto noIdeaOfOS

If Not %winbootdir%'==' Set HostsOn=%windir%\HOSTS
If %OS%'==Windows_NT' Set HostsOn=%SystemRoot%\system32\drivers\etc\HOSTS
If %HostsOn%'==' goto noIdeaOfOS

If Not Exist %HostsOff% goto deActivate
goto Activate
goto end

:deActivate
color 4F
if not exist %HostsOn% goto noHostsFile
ren %HostsOn% NOHOSTS
echo.
echo ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
echo ▌ ┌───┐▐
echo ▌ HOSTS FILE BLOCKING IS NOW DE-ACTIVATED │ X │▐
echo ▌ └───┘▐
echo. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
echo.
echo. Advertising will be visible; Parasite protection off!
echo Renamed from HOSTS to NOHOSTS
echo.
goto end

:Activate
color 1F
if not exist %HostsOff% goto noHostsFile
ren %HostsOff% HOSTS
echo.
echo ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
echo ▌ ┌───┐▐
echo ▌ HOSTS FILE BLOCKING IS NOW ACTIVATED │ √ │▐
echo ▌ └───┘▐
echo. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
echo.
echo. Advertising will be hidden; Parasite protection on!
echo Renamed from NOHOSTS to HOSTS
echo.
goto end

:noIdeaOfOS
echo Sorry Unsupported OS.
goto end

:noHostsFile
cls
echo.
echo ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
echo ▌ ┌───┐▐
echo ▌ ERROR NO HOST FILES FOUND ! │ ! │▐
echo ▌ └───┘▐
echo. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
echo .
echo Couldn't find "HOSTS" or "NOHOSTS" in the folder
echo.
echo please check that the HOSTS file is in this folder
echo thanks..
:end
set HostsOff=
set HostsOn=
pause
exit


========= End of CMD: =========


========================= Folder: C:\Users\Micheal\Desktop\hosts\Hoschtzs ========================

2021-03-06 05:09 - 2022-03-20 16:00 - 000334861 ____A [9DC23CE4E0678AECD80CD553F4996A88] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\HOSTS
2020-05-02 23:57 - 2022-03-20 16:00 - 000000843 ____A [48419210A37C1A52F6968D44626231D4] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\License.txt
2019-05-08 11:25 - 2022-03-20 16:00 - 000001611 ____A [300C7E9F39C11421C0B1BB6933E17EF0] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\mvps.bat
2020-05-02 23:57 - 2022-03-20 16:00 - 000001457 ____A [8B57A8FB5D7BB0F952669F88F61402D2] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\PrivacyPolicy.txt
2020-05-03 00:00 - 2022-03-20 16:00 - 000006436 ____A [A361CE7B2A9723470A214FEA8C419A47] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\readme.txt
2022-03-20 16:13 - 2022-03-20 16:14 - 000002058 ____A [5EA8CB1D16CEEBD39ED9C3E721CD29EF] () C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat

====== End of Folder: ======

"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Monitoring" => removed successfully
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => not found

========= sc stop DPS =========


SERVICE_NAME: DPS
TYPE : 30 WIN32
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0x1388


========= End of CMD: =========

Could not move "C:\WINDOWS\system32\SRU\SRUDB.dat" => Scheduled to move on reboot.

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



========= End of CMD: =========


========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

The operation completed successfully.



========= End of Reg: =========

C:\Firewall.reg => moved successfully

========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files but was unable to fix some of them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /CheckHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.6159

The component store is repairable.
The operation completed successfully.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 154560735 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 358547238 B
Windows/system/drivers => 9167438 B
Edge => 0 B
Chrome => 594761220 B
Firefox => 993089859 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 197 B
NetworkService => 772251 B
Micheal => 102730364 B

RecycleBin => 143305981 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-08-2025 19:10:22)

C:\WINDOWS\system32\SRU\SRUDB.dat => moved successfully

==== End of Fixlog 19:10:22 ====



The system summary file that is on my desktop is listed as SystemSummary.nfo and I am unable to upload said file type.

 

Do you want me to try changing the .nfo extension to something else?

 

https://gofile.io/d/32q0Et

 

Network Adapters have been successfully uninstalled and reinstalled. Net access is a plus and net speeds are improved.




Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (02-08-2025 22:15:49) Run:2
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Zip: C:\Windows\Logs\CBS
End::
*****************

================== Zip: ===================
C:\Windows\Logs\CBS -> copied successfully to C:\Users\Micheal\Desktop\02.08.2025_22.15.49.zip
=========== Zip: End ===========

==== End of Fixlog 22:15:51 ====


https://gofile.io/d/sxblOS


https://gofile.io/d/5AdVPR

 

In comparison to all other devices on my network, regarding net speed, my pc is now on par. Any speed loss from here on out will have to be addressed with my ISP.

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (03-08-2025 18:16:19) Run:3
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\Windows\System32\config\COMPONENTS
DeleteKey: HKEY_USERS\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\AvastAdSDK
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
FW: Avira Security (Disabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
StartPowershell:
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -DisableIOAVProtection $false
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "Real-Time Protection" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 0 -PropertyType DWORD -Force
start-service WinDefend
start-service WdNisSvc
Get-MpComputerStatus
EndPowershell:
cmd: DISM /Online /Cleanup-Image /RestoreHealth
End::
*****************

Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
C:\Windows\System32\config\COMPONENTS -> copied successfully to C:\Users\Micheal\Desktop\03.08.2025_18.17.15.zip
=========== Zip: End ===========
HKEY_USERS\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\AvastAdSDK => removed successfully
"AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}" => removed successfully
"FW: Avira Security (Disabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}" => removed successfully
"FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}" => removed successfully

========= Powershell: =========



Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender


Name Property
---- --------
Real-Time Protection

DisableBehaviorMonitoring : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Defender\Real-Time Protection
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Defender
PSChildName : Real-Time Protection
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry


DisableOnAccessProtection : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Defender\Real-Time Protection
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Defender
PSChildName : Real-Time Protection
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry


DisableScanOnRealtimeEnable : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Window
s Defender\Real-Time Protection
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Window
s Defender
PSChildName : Real-Time Protection
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry


DisableAntiSpyware : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
Defender
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
PSChildName : Windows Defender
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry


AMEngineVersion : 1.1.25060.6
AMProductVersion : 4.18.25060.7
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.25060.7
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 8/3/2025 1:56:11 AM
AntispywareSignatureVersion : 1.433.257.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 8/3/2025 1:56:12 AM
AntivirusSignatureVersion : 1.433.257.0
BehaviorMonitorEnabled : True
ComputerID : E43714F8-7639-41AC-A3AF-548AC6FFA394
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 3/27/2023 4:34:47 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.25060.6
NISSignatureAge : 0
NISSignatureLastUpdated : 8/3/2025 1:56:12 AM
NISSignatureVersion : 1.433.257.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 1
QuickScanEndTime : 8/2/2025 8:59:46 AM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.433.239.0
QuickScanStartTime : 8/2/2025 8:52:11 AM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : Supported
TDTMode : cm
TDTSiloType : E
TDTStatus : Enabled
TDTTelemetry : Disabled
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :




========= End of Powershell: =========


========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.6159


[== 3.8% ]

[== 3.8% ]

[== 3.9% ]

[== 4.1% ]

[== 4.2% ]

[===========================60.2%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 18:56:28 ====



https://gofile.io/d/sbRzaq

 

When I try to Run the requested command ( sfc /scannow ), I hit Enter and see a quick flash of a command prompt window on my screen that goes away immediately then does nothing.



Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (03-08-2025 21:39:58) Run:4
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\components\CanonicalData\Deployments\avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_1d37a43bbfe1dc9c
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKEY_LOCAL_MACHINE\components\CanonicalData\Deployments\avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_1d37a43bbfe1dc9c" => not found
"HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c" => not found
"HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41" => not found
"HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a" => not found
"HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d" => not found


The system needed a reboot.

==== End of Fixlog 21:40:57 ====

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (03-08-2025 22:20:24) Run:5
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
CMD: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
DeleteKey: HKEY_LOCAL_MACHINE\components\CanonicalData\Deployments\avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_1d37a43bbfe1dc9c
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a
DeleteKey: HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d
End::
*****************

Restore point was successfully created.
Processes closed successfully.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.



========= End of CMD: =========

HKEY_LOCAL_MACHINE\components\CanonicalData\Deployments\avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_1d37a43bbfe1dc9c => removed successfully
HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c => removed successfully
HKEY_LOCAL_MACHINE\components\DerivedData\Components\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41 => removed successfully
HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a => removed successfully
HKEY_LOCAL_MACHINE\components\DerivedData\VersionedIndex\10.0.19041.6151 (WinBuild.160101.0800)\ComponentFamilies\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d => removed successfully


The system needed a reboot.

==== End of Fixlog 22:21:48 ====



The sfc /scannow is still not working.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (03-08-2025 22:55:51) Run:6
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Zip: C:\Windows\System32\config\COMPONENTS
End::
*****************

================== Zip: ===================
C:\Windows\System32\config\COMPONENTS -> copied successfully to C:\Users\Micheal\Desktop\03.08.2025_22.55.51.zip
=========== Zip: End ===========

==== End of Fixlog 22:55:57 ====



https://gofile.io/d/0Twr2n

 

Thank you. Have a good night.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (04-08-2025 18:55:29) Run:7
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Zip: C:\Windows\Logs\CBS
End::
*****************

================== Zip: ===================
C:\Windows\Logs\CBS -> copied successfully to C:\Users\Micheal\Desktop\04.08.2025_18.55.29.zip
=========== Zip: End ===========

==== End of Fixlog 18:55:33 ====



https://gofile.io/d/xli0Sh

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2025
Ran by Bear (04-08-2025 20:56:02) Run:8
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: sfc /scannow
End::
*****************


========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.



========= End of CMD: =========


==== End of Fixlog 21:16:06 ====

 

No. Thank you so much for your help in this matter. It has given me much peace of mind to know that malware was not to blame.