Requested By Oh My!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mark59, Oct 18, 2024.

  1. mark59

    mark59 MajorGeek

    I did a Windows Update on my Windows 11 Home PC and after the re-start I wasn’t able to login. I got back into the machine by keep turning the PC on and off. When I got back into it I ran a repair in Safe Mode. Because I think it was the Windows Update that caused the problem I currently have Updates paused.

    I was advised to download and run an application called MiniToolBox with the following options checked:
    • List Last 10 Event Viewer Errors
    • List Installed Programs
    • List Problematic Devices
    • List Users, Partitions and Memory size
    I then submitted the generated report (which I attach for your information) and was told my PC has numerous problems.

    I was surprised to learn I have numerous problems as this PC is only about a year old and I have taken care to look after it.

    Anyway I would like to find out what is really wrong with the PC; have the issues resolved; and will have to unpause Updates and I take my chances.
     

    Attached Files:

    • MTB.txt
      File size:
      21.3 KB
      Views:
      2
    mark59, Oct 18, 2024
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome back to the Major Geeks Malware Forum.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Oct 18, 2024
    #2
  3. mark59

    mark59 MajorGeek

    Please find attached the requested reports.
     

    Attached Files:

    mark59, Oct 18, 2024
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    I would prefer to remove some programs to streamline your system. Please do these things.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller

    --------------------

    I recommend uninstalling the below listed program(s) from your computer.

    • Right click on Revo Uninstaller and select Run as administrator
    • From the list of programs highlight the listed program(s), or anything similar, then select Uninstall
    Code:
    App Explorer
Glary Utilities 6.16
SpywareBlaster 6.0 
SUPERAntiSpyware
CCleaner
    • If the program's uninstaller appears, work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once you are finished removing all programs click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\Windows\Logs\CBS
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [EnableMmx] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136] 
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> DefaultScope {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • The tool will create a zipped folder in the same location from where FRST was run with today's date. Upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Programs uninstall?
    • Fixlog
    • Download link
     
    Oh My!, Oct 18, 2024
    #4
  5. mark59

    mark59 MajorGeek

    Thank you for getting back to me.

    Before I remove those programs from my computer can you please advise why you recommend their removal?

    Thanks!
     
    mark59, Oct 18, 2024
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Windows Update issues can be quite difficult to diagnose and repair. The cleaner the system the better. You can reinstall them once we resolve your issue if you'd like.
     
    Oh My!, Oct 18, 2024
    #6
  7. mark59

    mark59 MajorGeek

    Ok thank you for your reply. I cannot do the requested things today (Sunday); however, I'm on holiday from work for a week so I hope to be able to focus on this from tomorrow (Monday) onwards.
     
    mark59, Oct 20, 2024
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    No problem, thank you for the update.
     
    Oh My!, Oct 20, 2024
    #8
  9. mark59

    mark59 MajorGeek

    The following programs were uninstalled using Revo Unistaller:
    • Glary Utilities 6.16
    • SpywareBlaster 6.0
    • SUPERAntiSpyware
    • CCleaner
    App Explorer was not uninstalled because Revo Uninstaller did not list it.

    Below is pasted the text from Fixlog.txt.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
    Ran by markc (21-10-2024 12:46:11) Run:1
    Running from C:\Users\markc\Desktop
    Loaded Profiles: markc & Craig & Jessica
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    Zip: C:\Windows\Logs\CBS
    HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
    HKLM\Software\Policies\...\system: [PublishUserActivities] 0
    HKLM\Software\Policies\...\system: [UploadUserActivities] 0
    HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
    HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
    HKLM\Software\Policies\...\system: [EnableMmx] 0
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
    SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> DefaultScope {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
    SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    ================== Zip: ===================
    C:\Windows\Logs\CBS -> copied successfully to C:\Users\markc\Desktop\21.10.2024_12.47.22.zip
    =========== Zip: End ===========
    "HKLM\Software\Policies\Microsoft\Windows\System\\EnableActivityFeed" => removed successfully
    "HKLM\Software\Policies\Microsoft\Windows\System\\PublishUserActivities" => removed successfully
    "HKLM\Software\Policies\Microsoft\Windows\System\\UploadUserActivities" => removed successfully
    "HKLM\Software\Policies\Microsoft\Windows\System\\AllowClipboardHistory" => removed successfully
    "HKLM\Software\Policies\Microsoft\Windows\System\\AllowCrossDeviceClipboard" => removed successfully
    "HKLM\Software\Policies\Microsoft\Windows\System\\EnableMmx" => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully
    C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
    "HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{475A399D-1A63-407C-BAA2-162C53BC9214} => removed successfully

    ========= sfc /scannow =========


    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.

    Verification 0% complete.
    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 84% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.


    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.22621.2792

    Image Version: 10.0.22631.4112

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 13:03:14 ====

    The link at GoFile for the zipped folder is:

    https://gofile.io/d/86YpuT
     
    mark59, Oct 21, 2024
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the update.

    The zip file was empty.

    Can you manually check to see if there are contents inside the C:\Windows\Logs\CBS folder? If so, please zip the folder, upload it to GoFile, and post the download link.
     
    Oh My!, Oct 21, 2024
    #10
  11. mark59

    mark59 MajorGeek

    I wonder what went wrong. The zip folder was not empty on my Desktop, I've just checked.

    I have manually checked for contents inside the C:\Windows\Logs\CBS folder and there is. I have zipped the folder, uploaded it to GoFile and here is the link: https://gofile.io/d/xKm1Kj

    I do hope you get what you're looking for this time.
     
    mark59, Oct 21, 2024
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    I was hoping to get older log information but this report is for only today.

    Did you run Windows Update today? If not, please run it and let me know what happens.
     
    Oh My!, Oct 21, 2024
    #12
  13. mark59

    mark59 MajorGeek

    I know nothing about logs. I was only able to get what you asked me to provide. I wish it had been of use to you in diagnosing things.

    No, I did not run Windows Update today. I have had Windows Update paused since my problem. It was Windows Update that caused it so I have been reluctant to run it again.

    Is there any precautions I can take or do anything in anticipation of Windows Update resulting in the same problem, i.e. preventing me from logging in to any user account after the PC restarted following a Windows Update?
     
    mark59, Oct 21, 2024
    #13
  14. Oh My!

    Oh My! Malware Expert Staff Member

    You have no control over what logs are produced and/or kept.

    If Windows Update fails, it is designed to revert back to the original configuration. In the last Fixlist we created a System Restore Point as a safety net. This is one of the ways we can deal with something going wrong.

    Please attempt Windows Update until you are informed there are no more updates available. If you are stopped short of that, zip the C:\Windows\Logs\CBS folder, upload it to GoFile, and post the download link.

    Just as a point of clarification, what you originally uploaded as the CBS zip folder was not that. Rather, it was a 21.10.2024_12.47.22.zip file.
     
    Oh My!, Oct 22, 2024
    #14
  15. mark59

    mark59 MajorGeek

    OK, I shall run Windows Update until I am informed that no more updates are available.

    It was the dated zip file that you did ask for in post #4.

     
    mark59, Oct 22, 2024
    #15
  16. mark59

    mark59 MajorGeek

    I have run Windows Update until it has informed me that there are no more updates available.
     
    mark59, Oct 22, 2024
    #16
  17. mark59

    mark59 MajorGeek

    Is there any other actions that I need to take?

    If I have missed any instructions I apologise.

    As far as I can tell I have done everything asked.
     
    mark59, Oct 24, 2024
    #17
  18. Oh My!

    Oh My! Malware Expert Staff Member

    My apologies, thanks for checking in.

    Are you having any issues other than previous issue with Windows Update?
     
    Oh My!, Oct 24, 2024
    #18
  19. mark59

    mark59 MajorGeek

    No, I have no other issues.
     
    mark59, Oct 24, 2024
    #19
  20. Oh My!

    Oh My! Malware Expert Staff Member

    Great.

    If you choose to reinstall the uninstalled programs I would caution against any program/option to modify the registry. In my opinion it is too sensitive an area to allow an automated process to manipulate entries/settings.
     
    Oh My!, Oct 24, 2024
    #20
  21. mark59

    mark59 MajorGeek

    I may well re-install them. I originally installed them from recommendations on this forum. I only use the freeware versions so they probably have less functionality. I use them manually and do not have any of them set-up to carry out functions automatically. I know programs like CCleaner and Glary Utilities have options to "repair" or defrag the Registry. I NEVER use those functions. I know to leave the Registry well alone. I am not very knowledgeable about computer science and information technology. So my messing with Registry would be akin to me going into an operating theatre and start doing surgery (to put that in context I am not a doctor).

    I mainly use SUPERAntiSpyware to check downloaded items for malware (I also use Microsoft Defender and Malwarebytes). I am a belt and braces guy. I am aware waiting to check them after downloading could be too late so I also run the URL for the download through on website, whose name escapes just now, prior to downloading.

    I have no real idea what the use of SpywareBlaster is so perhaps I shouldn't re-install that.

    I use CCleaner and Glary Utilities to try to keep my PC clean and prevent any 'junk' from building up.

    Thank you for your help. It is always first rate help and you always get me back where I want to be. Thank you for helping me and for giving your time.:)
     
    mark59, Oct 24, 2024
    #21
  22. Oh My!

    Oh My! Malware Expert Staff Member

    My pleasure.
     
    Oh My!, Oct 24, 2024
    #22
    mark59 likes this.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds