My PC is acting very strange

What happened after you uninstalled the programs? They appeared again or not?

I won't be surprised if one of those cracks you used, purposely takes the computer dates back to avoid activation.

Let's see if you can sign in using the built-in Administrator account without a restart.
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:
Code: 
net user administrator /active:yes


DO NOT RESTART.

After that,
  • Click on the Start button and then on your profile icon/name.
  • Sign out.
  • Check if you have the option to sign in as Administrator instead of Ayesha.
  • If yes, sign in with that account. If not, report back.
 
Good!

Now, I would like to see fresh FRST logs. You have to download FRST again.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
Hi, crystald3w.

(By the way how can I call you?)

I would like to make a basic clean of the machine and see if the computer "remembers" the instructions, before asking you to uninstall certain programs, even though we both know they are not legally activated.


FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
closeprocesses:
HKU\S-1-5-21-4099092214-71007489-655330686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2060826
URLSearchHook: HKLM-x32 - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File
URLSearchHook: HKU\S-1-5-21-4099092214-71007489-655330686-1001 - (No Name) - {fae389d5-e97e-4abd-8242-d9080c709167} - No File
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2060826
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2060826
SearchScopes: HKU\S-1-5-21-4099092214-71007489-655330686-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2060826
BHO-x32: No Name -> {fae389d5-e97e-4abd-8242-d9080c709167} -> No File
Toolbar: HKLM-x32 - No Name - {fae389d5-e97e-4abd-8242-d9080c709167} -  No File
FirewallRules: [{8ED9E21B-ADE8-452C-8CEC-BAFD71DE494D}] => (Allow) C:\Users\Ayesha\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{12FDA7F2-C4D9-49D4-9106-C0F1EF3E5EEC}] => (Allow) C:\Users\Ayesha\AppData\Local\Temp\download\MiniThunderPlatform.exe => No File
FirewallRules: [{6D2CC7F7-9C72-4A76-9C79-FB2B4DFFB4A8}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe => No File
FirewallRules: [{1064B3A3-B8FF-4D4D-812E-546FB4002100}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe => No File
FirewallRules: [{5CB18097-1763-4C95-8F5F-D8ACAB29748B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [TCP Query User{230F2AE8-70AD-410E-A79F-C51D3BB0D9E4}C:\users\ayesha\downloads\microsoft office 2019\files\bin\kmss.exe] => (Allow) C:\users\ayesha\downloads\microsoft office 2019\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{FE07E7B8-050E-47CA-A41D-4C28EA78A010}C:\users\ayesha\downloads\microsoft office 2019\files\bin\kmss.exe] => (Allow) C:\users\ayesha\downloads\microsoft office 2019\files\bin\kmss.exe => No File
C:\Users\Ayesha\Downloads\Ableton live suite v10 by KickAssCracks.com\Crack - Keygen\Ableton_KeyGen.exe
C:\Users\Ayesha\Downloads\Ableton live suite v10 by KickAssCracks.com\Ableton live suite v10 by KickAssCracks.com\Crack - Keygen\Ableton_KeyGen.exe
C:\Users\Ayesha\Downloads\Microsoft Office 2019\OInstall.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {0e869115-c507-11eb-8db1-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {2d8d9512-7d47-11eb-8d99-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {49138940-79e9-11eb-8d99-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {4913952c-79e9-11eb-8d99-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {b8a34d2c-78eb-11eb-8d98-1c6f65ca2958} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {b8a34e84-78eb-11eb-8d98-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {d30ee1a5-7784-11eb-8d95-1c6f65ca2958} - "D:\AutoRun.exe"
HKU\S-1-5-21-4099092214-71007489-655330686-1001\...\MountPoints2: {d30ee1cd-7784-11eb-8d95-1c6f65ca2958} - "D:\AutoRun.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
R2 ElevationService; C:\Program Files (x86)\Wondershare\Wondershare dr.fone\Addins\Recovery\ElevationService.exe [913408 2021-06-04] () [File not signed]
R2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2021-06-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\Wondershare dr.fone\WsidService.exe [X]
S3 hsstap; \SystemRoot\System32\drivers\hsstap.sys [X]
S3 MpKsl9f53ae68; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F42672C-0EB8-43BB-895C-A4E2B73AA094}\MpKslDrv.sys [X]
C:\Program Files (x86)\Wondershare
C:\Windows\F1VPIJD6
C:\ProgramData\Wondershare
2021-06-15 20:09 - 2021-06-15 20:09 - 000000000 ____D C:\Program Files\Ableton
2021-06-15 20:08 - 2021-06-15 20:08 - 000000000 ____D C:\Users\Ayesha\Documents\Max 8
2021-06-15 20:08 - 2021-06-15 20:08 - 000000000 ____D C:\Users\Ayesha\AppData\Roaming\Cycling '74
2021-06-15 20:08 - 2021-06-15 20:08 - 000000000 ____D C:\ProgramData\Max 8
2021-06-15 20:07 - 2021-06-15 20:08 - 000000000 ____D C:\Users\Ayesha\Documents\Ableton
2021-06-15 20:06 - 2021-06-15 20:06 - 000000000 ____D C:\Users\Ayesha\AppData\Roaming\Ableton
2021-06-15 20:06 - 2021-06-15 20:06 - 000000000 ____D C:\Users\Ayesha\AppData\Local\Ableton
2021-06-15 20:06 - 2021-06-15 20:06 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-06-15 20:04 - 2021-06-15 20:07 - 004487109 _____ C:\Users\Ayesha\Downloads\Unconfirmed 293607.crdownload
2021-06-15 19:54 - 2021-06-15 19:54 - 000000871 _____ C:\Users\Ayesha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 10 Suite.lnk
2021-06-15 18:50 - 2021-06-15 20:16 - 000000000 ____D C:\Users\Ayesha\Downloads\Ableton live suite v10 by KickAssCracks.com
2021-06-14 22:12 - 2021-06-15 00:08 - 1728969119 _____ C:\Users\Ayesha\Downloads\Ableton live suite v10 by KickAssCracks.com.zip
2021-06-12 02:40 - 2021-06-12 02:40 - 021646392 _____ (Adobe) C:\Users\Ayesha\Downloads\install_flash_player-32.0.0.445.exe
2021-06-12 02:37 - 2021-06-12 02:38 - 002826192 _____ (Adobe Systems, Inc.) C:\Users\Ayesha\Downloads\InstFlash10AX.exe
2021-06-12 01:35 - 2021-06-12 01:35 - 000000000 ____D C:\Users\Ayesha\Downloads\MS OFFICE FREE
2021-06-12 01:30 - 2021-06-14 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-06-12 01:30 - 2021-06-12 01:30 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-06-12 01:30 - 2021-06-12 01:30 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-06-12 01:30 - 2021-06-12 01:30 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-06-12 01:30 - 2021-06-12 01:30 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-06-12 01:30 - 2021-06-12 01:30 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-06-12 01:29 - 2021-06-21 11:22 - 000000000 ____D C:\Program Files\Microsoft Office
2021-06-12 01:29 - 2021-06-12 01:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-06-12 01:22 - 2021-06-12 01:24 - 000000000 ____D C:\Users\Ayesha\Downloads\Microsoft Office 2019
2021-06-11 16:17 - 2021-06-12 02:52 - 000000000 ____D C:\Program Files\Wondershare
2021-06-11 15:26 - 2021-06-11 15:33 - 000000000 ____D C:\Users\Ayesha\AppData\Roaming\Wondershare
2021-06-11 15:22 - 2021-06-12 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-06-11 15:21 - 2021-06-12 02:52 - 000000000 ____D C:\ProgramData\Wondershare
2021-06-11 15:21 - 2021-06-11 15:21 - 001000040 _____ C:\Users\Ayesha\Downloads\drfone_recover_setup_full3366.exe
2021-06-11 15:21 - 2021-06-11 15:21 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-06-11 15:20 - 2021-06-11 16:17 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-06-11 15:20 - 2021-06-11 15:20 - 000997600 _____ C:\Users\Ayesha\Downloads\win-drfone_setup_full3360.exe
2021-06-11 15:20 - 2021-06-11 15:20 - 000997600 _____ C:\Users\Ayesha\Downloads\win-drfone_setup_full3360 (2).exe
2021-06-11 15:20 - 2021-06-11 15:20 - 000997600 _____ C:\Users\Ayesha\Downloads\win-drfone_setup_full3360 (1).exe
2021-05-29 00:14 - 2021-05-29 00:14 - 000000000 ____D C:\Users\Ayesha\Downloads\Ableton.Live.Suite.11.v11.0.0.Incl.Patched.and.Keygen-R2R
2021-05-28 23:00 - 2021-05-28 23:13 - 2338452248 _____ C:\Users\Ayesha\Downloads\Ableton.Live.Suite.11.v11.0.0.Incl.Patched.and.Keygen-R2R.rar
2021-05-28 22:12 - 2021-05-28 22:30 - 969356480 _____ (Image-Line) C:\Users\Ayesha\Downloads\flstudio_win_20.8.0.2115.exe
2021-05-28 21:09 - 2021-05-28 21:12 - 145495560 _____ (8cell, Inc. ) C:\Users\Ayesha\Downloads\Buildbox2.exe
2021-06-15 19:57 - 2021-02-25 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-06-15 19:57 - 2021-02-25 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-06-12 02:47 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-06-12 02:47 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-06-12 02:46 - 2021-01-24 00:48 - 000000000 ____D C:\Users\Ayesha\AppData\Roaming\Adobe
2021-06-12 02:40 - 2019-12-07 12:18 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2021-06-12 02:40 - 2019-12-07 12:18 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2021-06-10 22:00 - 2021-05-24 19:25 - 000000000 ____D C:\Riot Games
2021-06-10 22:00 - 2021-05-24 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-06-10 21:58 - 2021-04-17 05:08 - 000000000 ____D C:\Users\Ayesha\AppData\Local\Glyph
2021-06-10 21:58 - 2021-04-17 05:08 - 000000000 ____D C:\Program Files (x86)\Glyph
2021-06-10 21:58 - 2021-04-10 13:45 - 000000000 ____D C:\Program Files\VirtualDJ
2021-06-10 21:56 - 2021-03-26 19:01 - 000000000 ____D C:\Program Files (x86)\Virtual DJ Studio 8
2021-06-10 21:53 - 2021-04-17 05:08 - 000000000 ____D C:\ProgramData\Glyph
2021-06-10 21:53 - 2021-04-06 17:58 - 000000000 ____D C:\Users\Ayesha\AppData\Local\Bluestacks
2021-05-28 17:26 - 2021-05-24 19:25 - 000000000 ____D C:\ProgramData\Riot Games
c:\program files\ableton
Task: {0B128DF3-671F-43BB-BFAA-994F57CC0FFF} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-91-23\TG_1.4.30.54.exe [67896 2019-12-07] () [File not signed] <==== ATTENTION
Task: {83B2E839-B34D-4648-867F-BA8183963040} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\Administrator\AppData\Roaming\\toolsyshost\\sihost.exe <==== ATTENTION
Task: {EAB23DCD-6370-4357-958D-B2C4AC15B8A2} - System32\Tasks\{494D10FF-2C00-4364-8D5A-941DDB6172A8} => C:\Windows\system32\pcalua.exe -a "E:\programs\New  (4) Player\RealPlayer10GOLD.exe" -d "E:\programs\New  (4) Player"
VirusTotal: C:\Users\Administrator\AppData\Roaming\\toolsyshost\\sihost.exe;C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-91-23\TG_1.4.30.54.exe
emptytemp
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

Note that the computer will restart after running the fix. Log in as Administrator and let me know if there is a problem regarding this again.
 
Last edited:
Hello!

DR M said:
(By the way how can I call you?)
Click to expand...
You can call me Crystal lol



So i have copied the whole thing from Start to End. Now after right-clicking on FRST64 on my Desktop, i dont see the option to run it as administrator. Maybe because i'm already on the administrator account?
 
Hello, Crystal. :-)

Yes, you are already using the built-in Administrator account.

So yes, select everything from Start:: to End:: , right click and copy, then FIX.
 
So... you signed in as Administrator after the restart?
 
Sad to inform that im back on the loop again.
After clicking on "OK" ...i got the blue screen which ive attached. And im logged back into "Ayesha" without the option to choose "Administrator" :(
 

Attachments

  • IMG_20210627_214641.jpg
    IMG_20210627_214641.jpg
    235 KB · Views: 4
OK, Crystal.

First, let's enable the Administrator account again.
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:
Code: 
net user administrator /active:yes

DO NOT RESTART.

After that,
  • Click on the Start button and then on your profile icon/name.
  • Sign out.
  • Check if you have the option to sign in as Administrator instead of Ayesha.
  • If not, report back and do not move on to the next steps.
  • If yes, sign in as Administrator and do the following:

Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter.
Code: 
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot of the result).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code: 
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code: 
    Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot of the result).
 
Just letting you know that I will be back to you again tomorrow morning. Here it is already 22:00.
 
Hey, strange it's the same time here for me too! :o

I'll follow the whole process tomorrow and will update you as soon as possible.

Thank you!
 
Hey, Crystal.

Any progress regarding the above?
 
Hello DR M!

I apologize for my late response.

Here you go the attached requested screenshots.

(My PC crashed into the blue screen before I could send this reply (which saved as draft thank god!) and upon it restarting, it stayed black with the loading cursor where I eventually had to turn it off by the switch)
 

Attachments

  • Screenshot 1.PNG
    Screenshot 1.PNG
    21.3 KB · Views: 10
  • Screenshot 2.PNG
    Screenshot 2.PNG
    22.1 KB · Views: 10
  • IMG_20210630_213313.jpg
    IMG_20210630_213313.jpg
    166.7 KB · Views: 10
Hi, Crystal.

The result shows many corruptions in the operating system. Some of them were repaired, but some others were not. This is not good.

I will make once more my question hoping that something changed: Were you able to log in as Administrator or still as Ayesha?
 
Hi DR M,

I have done the cmd process again to run as Admin, and upon restarting my PC...it still directly logs me in as Ayesha instead of giving me an option to choose.
And im not sure if this is something new but after logging in, i looked for the Admin option from the Start and it was there.
 
Update:

I have restarted my PC while logged into the Administrator account, then my PC went on a loop from the blue "we're sorry" screen so i forced shut down by the button. Turned it back on and now i was directly logged into the Administrator account.
Was this supposed to happen?
 
Let me guess, Crystal: You have no password for Ayesha, right?

Let's create a password for the Administrator account:

Log in as Administrator again.
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:

    Code: 
    net user administrator <Password>
where <Password> is the actual password you want to use for this account.

Restart the computer and take a screenshot of what you see before log in Windows (actually before enter any password).
 
Did it, still logs me in directly to Ayesha. And the Administrator account is available in the Start.
One good thing happened tho, I'm not losing new files anymore. Still haven't tried uninstalling any programs, but I have downloaded some stuff for work and they're still there.
 
You must log in or register to reply here.
Back
Top