Windows acting very strange

Collapse
X
Collapse
 
  • Page of 4
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • Gourde
    PCHF Member
    • Dec 2022
    • 23
    #46
    Originally posted by Malnutrition

    @Gourde

    Hit the windows key and R at the same time.
    Type [COLOR=rgb(184, 49, 47)]appwiz.cpl hit ok.
    Uninstall these programs below.

    [COLOR=rgb(147, 101, 184)]Avast Update Helper
    [COLOR=rgb(147, 101, 184)]Bonjour
    [COLOR=rgb(147, 101, 184)]RogueKiller

    Copy the content of the code box below.
    [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
    Right Click FRST and run as Administrator.
    Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
    Attach it to your next message.

    [ICODE] Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: Task: {083163D5-609E-48B1-BE54-E2DA2575569D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de300ee2-e23f-4751-91b4-58c31d20bd1b C:\ProgramData\Avast Software Task: {498CDF57-F003-4E9D-979D-FC6D938FDFE7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 9eef0178-67b2-4db3-80f2-05dfea390c97 Task: {7BA48D22-1EE0-4989-968B-80996146CF1E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 39a84409-03f5-447c-89e5-709507518629 Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-29] (Malwarebytes Inc. -> Malwarebytes) C:\Windows\system32\DRIVERS\mwac.sys C:\Windows\System32\Drivers\mbamswissarmy.sys C:\Windows\system32\DRIVERS\mbam.sys C:\Windows\System32\DRIVERS\farflt.sys C:\Windows\System32\DRIVERS\MbamElam.sys C:\Windows\System32\Drivers\MbamChameleon.sys 2022-12-20 13:12 - 2022-12-20 13:14 - 000000410 ____H C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NS WUTVWJHRR 2022-12-20 13:12 - 2022-12-20 13:12 - 000000036 _____ C:\Users\Glitc\MJKJDeviceGUID C:\Windows\system32\Tasks\Avast Software HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" FirewallRules: [{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6BD3D265-1D78-465D-9A51-208D177F9C1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1B96ABFE-1724-408C-B809-A2765EF16C7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: ipconfig /flushdns Emptytemp: End:: [/ICODE]

    Update old programs with Patch My PC Home edition.

    We will clean all the tools we used…

    Download KpRM
    Save to Desktop
    Check Delete Tools’
    Check Delete Restore points.
    Create Restore point.
    Then click run.


    Alright, I’ll mark this as solved, unless there is anything else you are concerned with?
    [/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]
    [COLOR=rgb(184, 49, 47)][COLOR=rgb(147, 101, 184)][COLOR=rgb(147, 101, 184)][COLOR=rgb(147, 101, 184)][COLOR=rgb(184, 49, 47)]
    Well there is the problem of the computer still blacks out twice whenever a video is displayed after you turn it on, but honestly I think that’s just part of how the computer is now XD Headphones and mics also don’t work, even though I’ve installed the proper audio drivers many times. It still can’t go into sleep mode. However it is also very fast now, a bit faster on boot up, and I’ve learnt more about computers!
    Here is the log:

    fixlist content:

    Code:
    [HR][/HR]
Start::

CloseProcesses:

SystemRestore: On

CreateRestorePoint:

RemoveProxy:

Task: {083163D5-609E-48B1-BE54-E2DA2575569D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe → --send “dumps|report” --silent --product 148 --programpath “C:\Program Files\Avast Software\Driver Updater\Setup..” --configpath “C:\Program Files\Avast Software\Driver Updater\Setup” --path “C:\ProgramData\Avast Software\Driver Updater\log” --path “C:\ProgramData\Avast Software\Icarus\Logs” --guid de300ee2-e23f-4751-91b4-58c31d20bd1b

C:\ProgramData\Avast Software

Task: {498CDF57-F003-4E9D-979D-FC6D938FDFE7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe → --send “dumps|report” --silent --product 62 --programpath “C:\Program Files\Avast Software\Cleanup\Setup..” --configpath “C:\Program Files\Avast Software\Cleanup\Setup” --path “C:\ProgramData\Avast Software\Cleanup\log” --path “C:\ProgramData\Avast Software\Icarus\Logs” --guid 9eef0178-67b2-4db3-80f2-05dfea390c97

Task: {7BA48D22-1EE0-4989-968B-80996146CF1E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe → --send “dumps|report” --silent --product 11 --programpath “C:\Program Files\Avast Software\SecureLine VPN” --configpath “C:\ProgramData\Avast Software\SecureLine VPN” --path “C:\ProgramData\Avast Software\SecureLine VPN\log” --path “C:\ProgramData\Avast Software\Icarus\Logs” --logpath “C:\ProgramData\Avast Software\SecureLine VPN\log” --guid 39a84409-03f5-447c-89e5-709507518629

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. → Apple Inc.)

Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. → Apple Inc.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)

S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-29] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-29] (Malwarebytes Inc. → Malwarebytes)

C:\Windows\system32\DRIVERS\mwac.sys

C:\Windows\System32\Drivers\mbamswissarmy.sys

C:\Windows\system32\DRIVERS\mbam.sys

C:\Windows\System32\DRIVERS\farflt.sys

C:\Windows\System32\DRIVERS\MbamElam.sys

C:\Windows\System32\Drivers\MbamChameleon.sys

2022-12-20 13:12 - 2022-12-20 13:14 - 000000410 ____H C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR

2022-12-20 13:12 - 2022-12-20 13:12 - 000000036 _____ C:\Users\Glitc\MJKJDeviceGUID

C:\Windows\system32\Tasks\Avast Software

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

FirewallRules: [{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)

FirewallRules: [{6BD3D265-1D78-465D-9A51-208D177F9C1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)

FirewallRules: [{1B96ABFE-1724-408C-B809-A2765EF16C7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)

FirewallRules: [{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. → Apple Inc.)

cmd: netsh winsock reset catalog

cmd: netsh int ip reset C:\resettcpip.txt

cmd: ipconfig /flushdns

Emptytemp:

End::
[HR][/HR]
Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.

========= RemoveProxy: =========

“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{083163D5-609E-48B1-BE54-E2DA2575569D}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{083163D5-609E-48B1-BE54-E2DA2575569D}” => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast Driver Updater BugReport => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater BugReport” => removed successfully
“C:\ProgramData\Avast Software” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{498CDF57-F003-4E9D-979D-FC6D938FDFE7}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{498CDF57-F003-4E9D-979D-FC6D938FDFE7}” => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast Cleanup BugReport => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup BugReport” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{7BA48D22-1EE0-4989-968B-80996146CF1E}” => removed successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7BA48D22-1EE0-4989-968B-80996146CF1E}” => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => moved successfully
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Bug Report” => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => not found
MBAMChameleon => service not found.
MbamElam => service not found.
MBAMFarflt => service not found.
MBAMProtection => service not found.
MBAMSwissArmy => service not found.
MBAMWebProtection => service not found.
Could not move “C:\Windows\system32\DRIVERS\mwac.sys” => Scheduled to move on reboot.
“C:\Windows\System32\Drivers\mbamswissarmy.sys” => not found
Could not move “C:\Windows\system32\DRIVERS\mbam.sys” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\DRIVERS\farflt.sys” => Scheduled to move on reboot.
“C:\Windows\System32\DRIVERS\MbamElam.sys” => not found
Could not move “C:\Windows\System32\Drivers\MbamChameleon.sys” => Scheduled to move on reboot.
C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR => moved successfully
C:\Users\Glitc\MJKJDeviceGUID => moved successfully
C:\Windows\system32\Tasks\Avast Software => moved successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{6BD3D265-1D78-465D-9A51-208D177F9C1E}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{1B96ABFE-1724-408C-B809-A2765EF16C7A}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}” => removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32728282 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 123433810 B
Windows/system/drivers => 12029021 B
Edge => 0 B
Chrome => 0 B
Firefox => 436663313 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 39096 B
NetworkService => 41278 B
Glitc => 246314712 B

RecycleBin => 15958361 B
EmptyTemp: => 827.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-12-2022 11:54:50)

C:\Windows\system32\DRIVERS\mwac.sys => Is moved successfully
C:\Windows\system32\DRIVERS\mbam.sys => Is moved successfully
C:\Windows\System32\DRIVERS\farflt.sys => Is moved successfully
C:\Windows\System32\Drivers\MbamChameleon.sys => Is moved successfully

==== End of Fixlog 11:54:50 ====
    [/color][/color][/color][/color][/color]

      Comment

      • Malnutrition
        PCHF Moderator
        • Jul 2016
        • 7042
        #47
        Ok, since the malware is gone from the machine. Start a new thread in the windows 10 forum and describe all issues and also post a link to this thread, in your new one. I;'ll mark this as solved since we removed the malware.

          Comment

          Previous 1 2 3 4 template Next
          Working...

            We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

            By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

            I Agree