• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Windows acting very strange

Status
Not open for further replies.
Oh my gosh, thank you so much for noticing that! I have no idea how it would get on there, I am generally very careful with what I download. It actually makes me angry knowing there's a darn Bitcoin miner on my computer!
I do need some help knowing how to extract to my desktop, when I click the option when extracting to extract to the desktop is says access denied.

After the FRST fix.

There was a Bitcoin miner on your computer, as well as many active trojans....which would explain the symptoms!!

RiskWare.BitCoinMiner, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\LOLMINER_V1.50_BETA_WIN64[1].ZIP, Quarantined, 869, 1054239, 1.0.64011, , ame, , E61DEAF6173330C0EA9F54E3720BCDFD, 0242B260E9151D6807D75A706136469CE1F9A724348D25CE42BD54111D0CCE65


Download AV block remover .
Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.





How is the computer running now?

Please Attach brand new FRST and Addition.txt logs so that I can check if anything remains on the computer after the AVBR log is ran.
Ah, I forgot this step! Sorry for seeming scatterbrained, I am XD I stayed up even though I said I was going to bed because I was worried the Bitcoin miner was still on my PC, but I saw you said WAS in a previous message. That means it's no longer there, correct?
And here's the files you asked for earlier!
 

Attachments

  • Addition.txt
    52.1 KB · Views: 4
  • FRST.txt
    45.6 KB · Views: 5
Ok.
Make sure date and time are correct.
Make sure you disable Crystal Security/Defender prior to running it.
Right click AVBR.exe and rename it to Svchost.exe, (or any other name just make sure the .exe remains) then right click on SVchost.exe and run as administrator.
If this fails, then we will skip it.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

  • Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
  • Right click Autologger and run as admin. (Xp user double click)
  • AVZ4 will open and scan your machine, allow this to complete.
  • Upload Collectionlog.zip to your next reply.


Go ahead and do the full scan with Kaspersky. I will check all logs when I return from work.

Hard to say if any malware remains, I need to check the logs; which I will do after work today. How is the computer running after removing the trojans and trash?:)
 
Last edited:
Ok.
Make sure date and time are correct.
Make sure you disable Crystal Security/Defender prior to running it.
Right click AVBR.exe and rename it to Svchost.exe, (or any other name just make sure the .exe remains) then right click on SVchost.exe and run as administrator.
If this fails, then we will skip it.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

  • Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
  • Right click Autologger and run as admin. (Xp user double click)
  • AVZ4 will open and scan your machine, allow this to complete.
  • Upload Collectionlog.zip to your next reply.


Go ahead and do the full scan with Kaspersky. I will check all logs when I return from work.

Hard to say if any malware remains, I need to check the logs; which I will do after work today. How is the computer running after removing the trojans and trash?:)
Sadly it still isn't working! And I'm trying to download Kaspersky but it's saying it's incompatible with Malwarebytes. I uninstalled Malwarebyes with the Geek uninstaller but Kaspersky keeps asking to delete it. Is there any other software I could use (Maybe one I've already downloaded) that can do the job you want it to?
 
Remove malwarebytes with this tool.

Instructions in link.

Thank you! Here is the scan log, and the computer is running very well now, albiet the internet is still a bit shoddy. Though that is probably due to after effects of the winter storm AND all the construction that is constantly going on across the street XD
I really cannot say how thankful I am that you helped me and for your patience too. :D
 

Attachments

  • Kasperskyscan.txt
    419 bytes · Views: 6

@Gourde

Hit the windows key and R at the same time.
Type appwiz.cpl hit ok.
Uninstall these programs below.

Avast Update Helper
Bonjour
RogueKiller

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
Task: {083163D5-609E-48B1-BE54-E2DA2575569D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de300ee2-e23f-4751-91b4-58c31d20bd1b
C:\ProgramData\Avast Software
Task: {498CDF57-F003-4E9D-979D-FC6D938FDFE7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 9eef0178-67b2-4db3-80f2-05dfea390c97
Task: {7BA48D22-1EE0-4989-968B-80996146CF1E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 39a84409-03f5-447c-89e5-709507518629
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-29] (Malwarebytes Inc. -> Malwarebytes)
C:\Windows\system32\DRIVERS\mwac.sys
C:\Windows\System32\Drivers\mbamswissarmy.sys
C:\Windows\system32\DRIVERS\mbam.sys
C:\Windows\System32\DRIVERS\farflt.sys
C:\Windows\System32\DRIVERS\MbamElam.sys
C:\Windows\System32\Drivers\MbamChameleon.sys
2022-12-20 13:12 - 2022-12-20 13:14 - 000000410 ____H C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR
2022-12-20 13:12 - 2022-12-20 13:12 - 000000036 _____ C:\Users\Glitc\MJKJDeviceGUID
C:\Windows\system32\Tasks\Avast Software
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
FirewallRules: [{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BD3D265-1D78-465D-9A51-208D177F9C1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B96ABFE-1724-408C-B809-A2765EF16C7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: ipconfig /flushdns
Emptytemp:
End::

Update old programs with Patch My PC Home edition.


We will clean all the tools we used...

Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Then click run.


the computer is running very well now,
Alright, I’ll mark this as solved, unless there is anything else you are concerned with?
 
Last edited:

@Gourde

Hit the windows key and R at the same time.
Type appwiz.cpl hit ok.
Uninstall these programs below.

Avast Update Helper
Bonjour
RogueKiller

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
Task: {083163D5-609E-48B1-BE54-E2DA2575569D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de300ee2-e23f-4751-91b4-58c31d20bd1b
C:\ProgramData\Avast Software
Task: {498CDF57-F003-4E9D-979D-FC6D938FDFE7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 9eef0178-67b2-4db3-80f2-05dfea390c97
Task: {7BA48D22-1EE0-4989-968B-80996146CF1E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 39a84409-03f5-447c-89e5-709507518629
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-29] (Malwarebytes Inc. -> Malwarebytes)
C:\Windows\system32\DRIVERS\mwac.sys
C:\Windows\System32\Drivers\mbamswissarmy.sys
C:\Windows\system32\DRIVERS\mbam.sys
C:\Windows\System32\DRIVERS\farflt.sys
C:\Windows\System32\DRIVERS\MbamElam.sys
C:\Windows\System32\Drivers\MbamChameleon.sys
2022-12-20 13:12 - 2022-12-20 13:14 - 000000410 ____H C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR
2022-12-20 13:12 - 2022-12-20 13:12 - 000000036 _____ C:\Users\Glitc\MJKJDeviceGUID
C:\Windows\system32\Tasks\Avast Software
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
FirewallRules: [{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BD3D265-1D78-465D-9A51-208D177F9C1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B96ABFE-1724-408C-B809-A2765EF16C7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: ipconfig /flushdns
Emptytemp:
End::

Update old programs with Patch My PC Home edition.


We will clean all the tools we used...

Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Then click run.



Alright, I’ll mark this as solved, unless there is anything else you are concerned with?
Well there is the problem of the computer still blacks out twice whenever a video is displayed after you turn it on, but honestly I think that's just part of how the computer is now XD Headphones and mics also don't work, even though I've installed the proper audio drivers many times. It still can't go into sleep mode. However it is also very fast now, a bit faster on boot up, and I've learnt more about computers!
Here is the log:


fixlist content:

Code:
*****************
Start::

CloseProcesses:

SystemRestore: On

CreateRestorePoint:

RemoveProxy:

Task: {083163D5-609E-48B1-BE54-E2DA2575569D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de300ee2-e23f-4751-91b4-58c31d20bd1b

C:\ProgramData\Avast Software

Task: {498CDF57-F003-4E9D-979D-FC6D938FDFE7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 9eef0178-67b2-4db3-80f2-05dfea390c97

Task: {7BA48D22-1EE0-4989-968B-80996146CF1E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 39a84409-03f5-447c-89e5-709507518629

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-12-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-12-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2022-12-29] (Malwarebytes Inc. -> Malwarebytes)

C:\Windows\system32\DRIVERS\mwac.sys

C:\Windows\System32\Drivers\mbamswissarmy.sys

C:\Windows\system32\DRIVERS\mbam.sys

C:\Windows\System32\DRIVERS\farflt.sys

C:\Windows\System32\DRIVERS\MbamElam.sys

C:\Windows\System32\Drivers\MbamChameleon.sys

2022-12-20 13:12 - 2022-12-20 13:14 - 000000410 ____H C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR

2022-12-20 13:12 - 2022-12-20 13:12 - 000000036 _____ C:\Users\Glitc\MJKJDeviceGUID

C:\Windows\system32\Tasks\Avast Software

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

FirewallRules: [{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{6BD3D265-1D78-465D-9A51-208D177F9C1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{1B96ABFE-1724-408C-B809-A2765EF16C7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

cmd: netsh winsock reset catalog

cmd: netsh int ip reset C:\resettcpip.txt

cmd: ipconfig /flushdns

Emptytemp:

End:: 
*****************

Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{083163D5-609E-48B1-BE54-E2DA2575569D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{083163D5-609E-48B1-BE54-E2DA2575569D}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast Driver Updater BugReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Driver Updater BugReport" => removed successfully
"C:\ProgramData\Avast Software" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{498CDF57-F003-4E9D-979D-FC6D938FDFE7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498CDF57-F003-4E9D-979D-FC6D938FDFE7}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast Cleanup BugReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup BugReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7BA48D22-1EE0-4989-968B-80996146CF1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA48D22-1EE0-4989-968B-80996146CF1E}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Bug Report" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => not found
MBAMChameleon => service not found.
MbamElam => service not found.
MBAMFarflt => service not found.
MBAMProtection => service not found.
MBAMSwissArmy => service not found.
MBAMWebProtection => service not found.
Could not move "C:\Windows\system32\DRIVERS\mwac.sys" => Scheduled to move on reboot.
"C:\Windows\System32\Drivers\mbamswissarmy.sys" => not found
Could not move "C:\Windows\system32\DRIVERS\mbam.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\DRIVERS\farflt.sys" => Scheduled to move on reboot.
"C:\Windows\System32\DRIVERS\MbamElam.sys" => not found
Could not move "C:\Windows\System32\Drivers\MbamChameleon.sys" => Scheduled to move on reboot.
C:\Users\Glitc\MJKJRegInfo_U5E664P45VMUH7KFFLV36NSWUTVWJHRR => moved successfully
C:\Users\Glitc\MJKJDeviceGUID => moved successfully
C:\Windows\system32\Tasks\Avast Software => moved successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CB51AFB-A49A-4EF1-8EE9-9CEDEA7615A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BD3D265-1D78-465D-9A51-208D177F9C1E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B96ABFE-1724-408C-B809-A2765EF16C7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6E4D6DB-F37B-4B16-B6B9-02634BF7EF73}" => removed successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32728282 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 123433810 B
Windows/system/drivers => 12029021 B
Edge => 0 B
Chrome => 0 B
Firefox => 436663313 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 39096 B
NetworkService => 41278 B
Glitc => 246314712 B

RecycleBin => 15958361 B
EmptyTemp: => 827.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-12-2022 11:54:50)

C:\Windows\system32\DRIVERS\mwac.sys => Is moved successfully
C:\Windows\system32\DRIVERS\mbam.sys => Is moved successfully
C:\Windows\System32\DRIVERS\farflt.sys => Is moved successfully
C:\Windows\System32\Drivers\MbamChameleon.sys => Is moved successfully

==== End of Fixlog 11:54:50 ====
 
Last edited by a moderator:
Ok, since the malware is gone from the machine. Start a new thread in the windows 10 forum and describe all issues and also post a link to this thread, in your new one. I;'ll mark this as solved since we removed the malware. :)
 
Status
Not open for further replies.