Is this machine hopeless?

[1oldman]

Thank you very much for the fast reply. I'll answer your questions in order so as not to confuse responses.

I'll check on restrictions that may have been placed by the previous owners.

I have previously tried to create a new user account, that failed due to password restrictions. I will certainly give that another try very soon.

The FRST loaded and ran nominally, with the exception of the same update fail. I don't know how to interpret the fix results but I believe it ran okay.

The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?

Thank you for the info on name collisions, very useful perspective.

I wanted to get the fixlog posted asap but haven't had time to check out the account access issues yet,
I'll work on it this evening and let you know the results in my next reply.

Again, thank you so much for your help not to mention time.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Home-Pc (02-05-2022 11:55:31) Run:1
Running from C:\Users\Home-Pc\Desktop
Loaded Profiles: Home & Home-Pc
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*
SystemRestore:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google => removed successfully
HKLM\System\CurrentControlSet\Services\nhi => removed successfully
nhi => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

not found

========= End -> "C:\Windows\Temp\*.*" ========

SystemRestore: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 225854014 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Firefox => 52281891 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 527700 B
NetworkService => 548714 B
Home => 64307295 B
Home-Pc => 66811315 B

RecycleBin => 0 B
EmptyTemp: => 392.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:56:47 ====

[Juliet]

The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?

Yes and no.
I've seen big name software and hardware names that I know are legal and non-malicious have 'file not signed" So a lot of research goes into logs to make sure if we see something we're not familiar with is checked.

• Please download AdwCleaner and save it to your Desktop
• Close all open programs and browsers
• Right click on the icon and select Run as administrator
• Click Scan now
• Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
• When completed click View Scan Log File
• Copy and paste the contents in your reply
• Click Skip Basic Repair if it appears then close the program

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

• run the program
• click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
• click on the ‘Scan’ tab, (directly below the Dashboard tab)
• select the Threat Scan option
• slick the Scan Now button
• Threat Scan will begin
• when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
• if prompted to restart the computer, close all other programs and click Yes to restart your computer
• once you are back at your desktop, open MBAM once more
• click on the ‘Reports’ tab
• double-click on the most recent Scan Report
• click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

[1oldman]

Hi, I was very surprised to find that after running the FRST fix, I was suddenly able to set passwords and log into my MS account that I use on another computer. I'm not certain what exactly went right but your fix on the restrictions was most likely just what I needed. Thank you, I now have my computer back. One item that I noticed was that right after my MS account logged in through this computer, my entire network crashed. This computer, on the task bar, said it was connected to internet but couldn't connect through the browser or AV updates, everything else just lost internet. I logged out of my other MS account, switched back to this "local" account and everything is working fine (after a router reboot). Not sure what went on with the internet but I'll work on figuring that out later.

Here are the scan logs requested, thanks again for your help.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/3/22
Scan Time: 12:20 AM
Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.54478
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1682)
CPU: x64
File System: NTFS
User: DESKTOP-8AQ2J5E\Home-Pc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318564
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/3/22
Scan Time: 12:20 AM
Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.54478
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1682)
CPU: x64
File System: NTFS
User: DESKTOP-8AQ2J5E\Home-Pc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318564
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[Juliet]

It must had been the policy restrictions....my guess?

I don't think the machine is infected, and if you think we need to continue and do an online scan we can?

ESET Online Scanner:

• Download ESET Online Scanner from the ESET website by clicking the ONE-TIME-SCAN button on that webpage
• Double-click the esetonlinescanner.exe file you downloaded to run the application
• Select product language
• Click Get started and confirm the User access control dialog of Windows
• In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
• Click Get started in the welcome screen
• Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
• Select the Full Scan type
• Select the choice to enable detections of potentially unwanted applications (PUA)
• After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
• Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt thenclick Continue.
• Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
• The following steps are optional and are not required
  
• If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
• In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
• Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback
  
• Click Finish to exit ESET Online Scanner
  

[1oldman]

Hi, sorry about the delay in replying. It took several tries to get the scan complete but I finally managed it today. The computer is working great at this point, I assume it's not hopeless at all. Here are the ESET results, things look good from my end, Thank you again. I'll watch for your reply, take care.

5/5/2022 17:23:35 PM
Files scanned: 527774
Detected files: 0
Cleaned files: 0
Total scan time: 03:59:57
Scan status: Finished

[Juliet]

Nothing found was what I expected.

Your good to go.

Use this tool to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.

• Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

• Put a check mark next to these items:

- Delete tools
- Delete now

• Click the "Run" button.

• When the tool has finished, it will create and open a log report and delete itself.

[1oldman]

See title.