[SOLVED] Windows 10 (Version 21H1, OS Build 19043.1110) DISM Error 2, Windows Update Error

S

sandarpanmukherjee

Active member
Joined
Jul 24, 2022
Posts
26
So the issues started when I noticed Windows Update not being able to start. I am also unable to install a few packages through the Ubuntu Bash terminal (Windows Subsystem for Linux) I looked up a few solutions and stumbled upon the DISM commands. All DISM commands return the following error:

Error: 2

An error occurred while attempting to start the servicing process for the image located at C:\.
For more information, review the log file.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

Before doing a clean install I wanted to see if the problem can be fixed.

Things I have tried so far:

1. DISM commands
2. sfc /scannow - No errors reported
3. Windows 10 in place repair using ISO image - Fails with a message - Windows 10 update failed
4. Running the DISM commands in safe mode - No luck
5. Malwarebytes Scan - No malware found
6. Turn off Windows Defender and retry DISM commands - Same errors
7. Try to manually start Windows Update from Services.msc - Unsuccessful

So I am attaching the FRST logs and DISM logs. Any help would be greatly appreciated.

Thanks
 

Attachments

Hi.

Welcome to Sysnative Forums.
EPFGbk7.gif


I am a Security Analyst and a Windows Update Trainee, and I will be assisting you regarding your computer's issues. Since I'm still in training, my fixes have to be approved by a qualified Update Expert, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Currently reviewing your logs and I'll be back to you as soon as I am ready.
 
Hi, again.

Since the computer seems infected, having μTorrent installed, several security programs running, and a remnant of StopUpdates10 program (SU10Guard.exe), I recommend to first clean the machine and then check the updates issue.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
Good. (y)

First move the FRST tool from D:\Downloads on to your Desktop.

These are my first comments/instructions regarding your FRST logs:

1. P2P program

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2 below.

2. Uninstall programs

You have old versions of Java and Malwarebytes. If you really need Java, it's a security risk to have it out of date and you need to install the latest version at the end of this procedure. As to Malwarebytes, I'll give you instructions later to install the latest version.

As to the several security programs you have/had installed:

You have Microsoft Defender enabled, as well as Malwarebytes as an antimalware solution. In addition, I can also see Sophos Virus Removal Tool and signs of AVG Antivirus and Spybot - Search and Destroy. I understand your intention to have opinions from several security platforms, but have in mind that sometimes installing more than one of those programs may conflict with each other and cause the following:
  • False positives: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Low performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
To uninstall these programs:
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code: 
µTorrent*
Java 8 Update 271
Malwarebytes version 4.4.10.144
Sophos Virus Removal Tool
  • Select the above program and click Uninstall.
  • Restart the computer.
To uninstall AVG remnants use the AVG clear here: Install AVG on your PC, Mac | AVG installation files


3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`20hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]
HKLM\...\.scr: screen.view => "C:\Program Files (x86)\Lakes\Screen View\Screen_View.exe"  "%1" <==== ATTENTION
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\Software\Classes\.scr: EAGLESCR =>  <==== ATTENTION
BHO: No Name -> {E81D3BD4-0E3E-4B58-BEC1-F3791DAA11A8} -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{5031B173-3970-49DE-A572-C1CB0AD0825D}] => (Block) F:0\origin\battlefield 1\bf1.exe => No File
FirewallRules: [{9DC0CE2C-F6A7-4BDA-BB0F-93EA379021C7}] => (Block) F:0\origin\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{8D75E305-FF92-426F-B98B-589E755324E6}F:0\origin\battlefield 1\bf1.exe] => (Allow) F:0\origin\battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{97B9E40B-4945-472F-9B37-0A8693CD448D}F:0\origin\battlefield 1\bf1.exe] => (Allow) F:0\origin\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{FA0983B8-7CFB-4BB7-BA33-D4734DDB7E4B}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{14B071E8-6A78-41C8-A2EB-B80EA2B73947}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6FDCA458-4CEC-40C8-AA68-BB98F4B5D78D}C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => No File
FirewallRules: [TCP Query User{28E825E8-824F-4FBF-8374-E9A680919D45}C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => No File
FirewallRules: [{631E95A4-0ACD-458E-BC5A-8766C82DE6E7}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{F8225E4C-5ACB-4C75-84D2-D1A5FD6F59AA}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{4124B9AA-7A29-45FA-B38C-4DBA7524532C}] => (Allow) D:\Program Files\Nox\bin\Nox.exe => No File
FirewallRules: [UDP Query User{4F044547-47FC-42F6-9345-68ECAB4EC3B9}C:\users\sandarpan.pc2\downloads\anydesk (2).exe] => (Allow) C:\users\sandarpan.pc2\downloads\anydesk (2).exe => No File
FirewallRules: [TCP Query User{0C25FE03-68EF-4240-9C57-728DBA94B5C7}C:\users\sandarpan.pc2\downloads\anydesk (2).exe] => (Allow) C:\users\sandarpan.pc2\downloads\anydesk (2).exe => No File
FirewallRules: [UDP Query User{B34D6317-6506-4BA0-B850-DF7CD2A93A82}C:\users\sandarpan.pc2\downloads\anydesk.exe] => (Allow) C:\users\sandarpan.pc2\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{DF5FB02D-2A38-496B-A8FF-EAD9A20FAA9D}C:\users\sandarpan.pc2\downloads\anydesk.exe] => (Allow) C:\users\sandarpan.pc2\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{8AE7C3C2-3386-42BD-8933-6C73F3A6BB45}C:\program files\jetbrains\pycharm community edition 2020.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2020.1.1\bin\pycharm64.exe => No File
FirewallRules: [TCP Query User{04B4C9F0-B7E5-4929-AB0C-EDD75FD57993}C:\program files\jetbrains\pycharm community edition 2020.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2020.1.1\bin\pycharm64.exe => No File
FirewallRules: [UDP Query User{E6AEF13A-1826-4A38-8A71-679E214AFD24}K:\origin\fifa 19 demo\fifa19_demo.exe] => (Allow) K:\origin\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [TCP Query User{7A6E7969-5DF0-45BE-90F0-49DAE3D5A4C8}K:\origin\fifa 19 demo\fifa19_demo.exe] => (Allow) K:\origin\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [UDP Query User{50FA50E7-F105-44B6-86DC-1247A6A61A44}C:\program files\txgameassistant\appmarket\gamedownload.exe] => (Allow) C:\program files\txgameassistant\appmarket\gamedownload.exe => No File
FirewallRules: [TCP Query User{F7DB6A2B-3835-47FA-B6C5-6C4EDB9E6DE8}C:\program files\txgameassistant\appmarket\gamedownload.exe] => (Allow) C:\program files\txgameassistant\appmarket\gamedownload.exe => No File
FirewallRules: [{14088D11-093D-4A3A-8C87-73B69A50E4AE}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortifws.exe => No File
FirewallRules: [{89A8BFBE-2B35-4E2B-80D0-956CC75D0EF1}] => (Allow) C:\Program Files\Fortinet\FortiClient\fortiesnac.exe => No File
FirewallRules: [{E3CB361F-3276-477D-942D-5FAF07F13D09}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{34A455EB-45D2-4010-AACB-0872B2196AF9}] => (Allow) C:\Program Files\Fortinet\FortiClient\ipsec.exe => No File
FirewallRules: [{007A68C8-80DF-485B-85F4-5F9A78F8781E}] => (Allow) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe => No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
2017-04-10 00:51 - 2015-06-17 06:03 - 000489536 _____ (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2922945391-2041331830-2144407415-1000\...\Policies\Explorer: [] 
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {2D7E67F4-1430-4995-80B5-AD5A10256681} - System32\Tasks\Net fix => C:\Users\Sandarpan.PC2\Desktop\network.bat (No File)
Task: {5DD457C8-C665-40A3-AE3D-5BDB9B290BE5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5753752 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {6AAACC2C-A4C1-4789-A82C-FF25F5B266C6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A0BA1941-7314-4FC0-9A31-722FA591C525} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6193080 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-17] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SU10Guard; C:\Windows\L1HGDU145E\SU10Guard.exe [72032 2021-07-06] (Greatis Software LLC -> Greatis Software, LLC)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Windows\L1HGDU145E
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

In your next reply please post:
  1. What you decided about the torrent program
  2. If uninstalling the recommended programs ran smoothly
  3. The fixlog.txt
 
Hi,

1. I removed uTorrent
2. Uninstalling the programs ran smoothly but FRST kept freezing after I started Fixing
3. I have attached the fixlog.txt

Thanks
 

Attachments

FRST may look like it is freezing, but actually it is running. It is better to let it run, and take its time to the end. I see that you ran the fix 3 times and possibly the not found indication in some items is because of this.

Moving on.

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
Thanks for letting me know. Here it is Sunday night too, 8:00 P.M. right now.
 
1. AdwCleaner report (attached)

2. Malwarebytes report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/27/22
Scan Time: 6:12 AM
Log File: fecc6bba-0d44-11ed-afbc-f46d04582e6d.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57791
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: Sandarpan\Sandarpan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 466155
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 54 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Malware.AI.4254053121, D:\DOWNLOADS\REAPER _+LICENSE.ZIP, No Action By User, 1000000, -40914175, 1.0.57791, E60001E8A8CB78D2FD8FB301, dds, 01876283, 9DF959BBC70BD436BE9EE76E12837644, 01B5BDF5AE079F6F65068BFA858CF0C3EDA240A9CB5A5449DA04CFB18A69F12F
Generic.Malware/Suspicious, C:\PROGRAM FILES\BIAS FX APPLICATION (64BIT)\POSITIVEGRID_KEYGEN.EXE, No Action By User, 0, 392686, 1.0.57791, , shuriken, , 7D814D87BC568764B74D40DE3E75AE30, 1E7CD0B61516812D4A965D689346FC966631435E5E72B4AE5DA35D5E5A94AAA5
Generic.Malware/Suspicious, C:\PROGRAM FILES\BIAS PEDAL (64BIT)\POSITIVEGRID_KEYGEN.EXE, No Action By User, 0, 392686, 1.0.57791, , shuriken, , 7D814D87BC568764B74D40DE3E75AE30, 1E7CD0B61516812D4A965D689346FC966631435E5E72B4AE5DA35D5E5A94AAA5

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

Hi.

The detected items are bad, related to cracked programs.

C:\PROGRAM FILES\BIAS FX APPLICATION (64BIT)\POSITIVEGRID_KEYGEN.EXE
D:\DOWNLOADS\REAPER _+LICENSE.ZIP
C:\PROGRAM FILES\BIAS PEDAL (64BIT)\POSITIVEGRID_KEYGEN.EXE

At the beginning of this thread I asked you to remove all cracked/pirated programs. It's the legal part, on one hand, but on the other hand it is the computer's health and security. Having cracked/pirated programs is the best and easiest way to infect your computer and there isn't a reason to clean it now if you keep these programs. Besides, my next fixes will remove keygens and illegal licenses.

Let me know if you don't agree with this, and I'll close this thread.

However, if you agree to continue, and you haven't got a legal license for BIAS programs and REAPER, please uninstall them. Also, uninstall any other program not legally activated.

After that:

1. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

2. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner.exe and select Run as Administrator.
  • When the tool opens, click Computer Scan.
  • Click Yes to allow the tool run.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • After downloading updates, ESET will begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Disable the feature and click on Save and continue.
  • On the next screen, you can leave feedback about the program if you wish. If you left feedback, click Submit and continue. If not, Close the application.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


In your next reply, please post:
  1. The Malwarebytes report
  2. The eset.txt
 
Hi,

I don't have those programs installed. Those are the keygens only. Should I delete those files? Also, I don't understand what you mean by Run Malwarebytes (Clean Mode).

Thanks
 
Hello.

These are included in your Installed programs list:

BIAS AMP 2 Pack (64bit) (HKLM\...\{635E6FB2-D35B-4564-BCB1-BE246F38BE89}) (Version: 2.1.2.1163 - PositiveGrid)
BIAS FX 2 Desktop (64bit) (HKLM\...\BIAS FX 2 Elite (64bit)_is1) (Version: 2.1.0.4530 - Positive Grid & Team V.R)
BIAS FX Plugins Pack (64bit) (HKLM\...\{54E9CEC9-EF5B-4704-9497-33C93D510FD9}) (Version: 1.6.2.3448 - PositiveGrid)
BIAS Pedal Plugins Pack (64bit) (HKLM\...\{8E2B5CFC-09CA-4A29-A89A-03F8E17368D3}) (Version: 2.3.1.5390 - PositiveGrid)
REAPER (x64) (HKLM\...\REAPER) (Version: - )

If the programs are legally activated, then you will keep them. If the detected items are only keygens which are not used to activate the programs, Malwarebytes will delete them in the next scan. The first time we ran Malwarebytes only to scan the computer. Now, we will run it to delete the detections. That's why the title in my instructions is Malwarebytes (Clean mode).
 
Last edited:
1. Malwarebytes report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/27/22
Scan Time: 8:22 PM
Log File: aeba94ea-0dbb-11ed-bf83-f46d04582e6d.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57817
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: Sandarpan\Sandarpan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 442490
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 31 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

ESET report follows
 
It's been over 12 hours and ESET hasn't finished scanning. Should I continue?

Also. now Windows Updates is showing the pending updates, something it was not doing before.
 
Hi.

Unfortunately, sometimes it takes so long. I gather that it is time for it to finish the scan.
 
Finally after 13hrs 4 min and 6 seconds:

28-Jul-22 10:32:30 AM
Files scanned: 1234324
Detected files: 80
Cleaned files: 80
Total scan time 13:04:06
Scan status: Finished
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1F003D80-1465032385-1400-0FDF-F46D04582E6D\knsaE8A4.tmpfs.vir a variant of Win32/Adware.ConvertAd.AHW application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1F003D80-1465032385-1400-0FDF-F46D04582E6D\rnspFDBB.exe.vir a variant of Win32/Adware.ConvertAd.AHZ.gen application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1F003D80-1465032385-1400-0FDF-F46D04582E6D\Uninstall.exe.vir Win32/Adware.ConvertAd.AEY application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1F003D80-1465032385-1400-0FDF-F46D04582E6D\vnsuD0DD.tmp.vir multiple detections,Win32/Adware.ConvertAd.AKJ application,Win32/Adware.ConvertAd.AEY application,a variant of Win32/Adware.ConvertAd.AHW application,a variant of Win32/Adware.ConvertAd.AIB application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Drivers\MPCBase_32.sys.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.sys.vir Win64/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_32.sys.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_64.sys.vir Win64/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_xp_32.sys.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Exe\ADC_qd00000.exe.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcm90.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\AdbWinApi.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\AdcManager.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\AndriodServer.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\CeBase.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\CrashReport.exe.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\msvcm90.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Support.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\Utility.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\xadb.exe.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\MPC Cleaner\XSkin.dll.vir a variant of Win32/MPCCleaner.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Users\Sandarpan\AppData\Roaming\YSPackage\Uninstall.exe.vir Win32/Adware.ConvertAd.AEY application cleaned by deleting

C:\AdwCleaner\FileQuarantine\C\Users\Sandarpan\AppData\Roaming\YSPackage\YSPackage.exe.vir multiple detections,Win32/Adware.ConvertAd.AKJ application,Win32/Adware.ConvertAd.AEY application,a variant of Win32/Adware.ConvertAd.AHW application,a variant of Win32/Adware.ConvertAd.AIB application cleaned by deleting

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Sandarpan\AppData\Roaming\cpuminer\sgminer\sgminer.exe.vir a variant of Win32/CoinMiner.BY potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\25\OneSystemCare\CleanupConsole.exe#B552BE0987FC8019 a variant of Win32/UwS.SystemHealer.H application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\25\OneSystemCare\qketmm.dll#6F17D53F85991A14 a variant of Win32/Adware.Adposhel.BS application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\63\WhiteClick\Start.exe#DACC2B6C3D6A7082 a variant of MSIL/Adware.FotopApps.A application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\63\WhiteClick\WebClient.dll#E5F38CE902937DF9 a variant of MSIL/Adware.FotopApps.A application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\63\WhiteClick\WhiteClick.dll#72DA8AEB9A653B16 a variant of MSIL/Adware.FotopApps.A application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\91\Voyasollam\Inchdonsing.exe#1CF5986AC161AB4F a variant of Win64/Toolbar.Linkury.R potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\91\Voyasollam\Runlex.dll#F4FC0C2E69AD7B7B Win32/Toolbar.Linkury.BF potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\91\Voyasollam\Zameco.exe#76198653528FA2CB a variant of Win32/Toolbar.Linkury.BH potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\v1\20190130.205519\97\ScheduledUpdate#768125DA146C6951 XML/TrojanDownloader.Agent.L trojan cleaned by deleting

C:\FRST\Quarantine\C\WINDOWS\L1HGDU145E\YR527EAGJB.cfg Win32/DelShad.B trojan cleaned by deleting

C:\FRST\Quarantine\C\WINDOWS\erzotjzszr.erz.xBAD a variant of Win32/Adware.Zdengo.BYS application cleaned by deleting

C:\Users\Sandarpan.PC2\AppData\Local\GoogleChromeUserData\Default\Extensions\pcdijodbggbnlncjddbagblondldjfpp\1.0.0.0_0\background.js JS/Adware.Revizer.F application cleaned by deleting

C:\Users\Sandarpan.PC2\AppData\Local\GoogleChromeUserData\Default\Extensions\pcdijodbggbnlncjddbagblondldjfpp\1.0.0.0_0\m_inc.js JS/Adware.Revizer.F application cleaned by deleting

C:\Users\Sandarpan.PC2\OneDrive - M. N. Dastur & Company Pvt Ltd\D Data\Data\Sandarpan Mukherjee\Data\Pocket Tanks Deluxe\desktop.ini Win32/VB.NEI worm cleaned by deleting

C:\Users\Sandarpan.PC2\OneDrive - M. N. Dastur & Company Pvt Ltd\D Data\Data\Sandarpan Mukherjee\Data\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting

D:\AppDAta bacup 190715\Users\Sandarpan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\MoneyControl Business News.gadget\content.html JS/WidgetBox.A potentially unwanted application cleaned by deleting

D:\AppDAta bacup 190715\Users\Sandarpan\AppData\Local\Microsoft\Windows Sidebar\Gadgets\MoneyControl Business News.gadget\settings.xml JS/WidgetBox.A potentially unwanted application cleaned by deleting

D:\D Data\Data\Sandarpan Mukherjee\Data\Pocket Tanks Deluxe\desktop.ini Win32/VB.NEI worm cleaned by deleting

D:\D Data\Data\Sandarpan Mukherjee\Data\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting

D:\Documents Backup 190715\Assassin's Creed Brotherhood All Versions +12 ~HoG 32bit\Assassin's Creed Brotherhood All Versions +12 ~HoG.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting

D:\Documents Backup 190715\Downloads\Assassins Creed Brotherhood v1.0 - 1.2 6 Trainer [.Dude.]\Assassins Creed Brotherhood v1.0 - 1.2 +6 Trainer [.Dude.]\ACBTrainer.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting

D:\Documents Backup 190715\Downloads\Programs\Core-Temp-setup.exe a variant of Win32/Complitly.A potentially unwanted application cleaned by deleting

D:\Documents Backup 190715\Downloads\Programs\DownloadSetup (26).exe Win32/InstallMate.Gen potentially unwanted application cleaned by deleting

D:\Documents Backup 190715\Downloads\Programs\DownloadSetup (50).exe Win32/InstalleRex.C potentially unwanted application cleaned by deleting

D:\Documents Backup 190715\Downloads\Programs\ppsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted

D:\Documents Backup 190715\Downloads\Programs\utorrent.exe a variant of Win32/uTorrent.D potentially unwanted application cleaned by deleting

D:\Downloads\B1ASfx.162\PositiveGrid KeyGen v3.4.0.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

D:\Downloads\BIAS.AMP2.v2_1.2.1163.x64\R2R\PositiveGrid_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

D:\Downloads\Overloud.TH3.v3.4.2.Incl.Keygen-R2R\R2R\Overloud_Special_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

D:\Downloads\Positive Grid BIAS FX v1.5.5\Positive Grid BIAS FX v1.5.5\Positive.Grid.BIAS.FX.v1.5.5.Incl.Keygen-R2R\R2R\PositiveGrid_KeyGen.exe Win32/Keygen.ACE potentially unsafe application cleaned by deleting

D:\Downloads\REAPER _+license\REAPER Crack+license\Crack\REAPER_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

D:\Downloads\up4pc.com_Adobe Premiere Pro 2020 _ v14.1\up4pc.com_Adobe Premiere Pro 2020 Crack v14.1\Easy To Direct Download Pc Software's - Copy.html HTML/ScrInject.B trojan deleted

D:\Downloads\Detection.exe a variant of Win64/SystemRequirementsLab.A potentially unwanted application cleaned by deleting

D:\Downloads\uTorrent.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting

D:\Downloads Backup 190715\ccsetup313.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting

D:\Downloads Backup 190715\DTLite4402-0131.exe a variant of Win32/Adware.Toolbar.Shopper.AF application cleaned by deleting

D:\Downloads Backup 190715\sinegen-setup.exe Win32/DownloadAdmin.G potentially unwanted application,Win32/DownloadAdmin.H potentially unwanted application cleaned by deleting

D:\Program Files\DAEMON Tools Lite\uninst.exe a variant of Win32/Yandex.P potentially unwanted application cleaned by deleting

D:\Program Files\KMSpico\scripts\Silent.cmd Win32/HackKMS.AZ potentially unsafe application cleaned by deleting

D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe a variant of Win32/Yandex.P potentially unwanted application cleaned by deleting

D:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting

D:\SLIC_ToolKit_V3.2\SLIC_ToolKit_V3.2\SLIC_ToolKit_V3.2.EXE Win32/HackTool.SLICMod.C potentially unsafe application cleaned by deleting

D:\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting

E:\MAFIA II\Setup.exe NSIS/TrojanDownloader.Agent.NFI trojan cleaned by deleting

G:\Downloads\FabFilter.Total.Bundle.v2018.11.30.Incl.Patched.and.Keygen-R2R\Win\R2R\FabFilter_KeyGen.exe Win32/Keygen.ACE potentially unsafe application cleaned by deleting

G:\Downloads\Overloud - TH3 v3.4.9\R2R\Overloud_Special_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

G:\Downloads\Valhalla.DSP.Valhalla.Shimmer.v1.0.4.Incl.Patched.and.Keygen-R2R\R2R\ValhallaDSP_KeyGen.exe Win32/Keygen.ACE potentially unsafe application cleaned by deleting

H:\Downloads\Adobe.Premiere.Pro.CS6.v6.0.1.014.Multilingual.mundomanuales.com\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting

H:\Downloads\IK Multimedia - AmpliTube 4 Complete v4.0.2 OS X [R2R][dada]\AmpliTube 4 v4.0.2\trz7305.tmp Win32/Keygen.ACE potentially unsafe application,Win32/Keygen.MI potentially unsafe application cleaned by deleting

H:\Downloads\R2R\Overloud_Special_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

H:\Downloads\Overloud_Special_KeyGen.exe Win32/Keygen.ACE potentially unsafe application,a variant of Win32/Keygen.AXC potentially unsafe application cleaned by deleting

L:\pen drive backup\LaunchGTAIV.exe Win32/HackTool.Crack.BC potentially unsafe application cleaned by deleting
 
Please do the following:
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code: 
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top