Root Admin AdvancedSetup Posted April 28, 2021 Root Admin ID:1453908 Share Posted April 28, 2021 Thank you I believe this is the support page for your motherboard, but don't take my word for it. Please double-check and make sure https://rog.asus.com/us/motherboards/rog-crosshair/rog-crosshair-viii-hero-wi-fi-model/helpdesk_download I'd like you to try reinstalling your network drivers to see if that will correct the errors in the Event Logs There is possibly an update from Realtek - but one must be careful as Asus may not have validated it for use yet. So, don't install the one from Realtek unless you're into beta testing or Do-It-Yourself work on a computer. https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-usb-3-0-software Then I want to also have you run the following fix which will try to unlock that Hyper-V type file and delete it. If you need to use the Hyper-V again you'd need to reinstall the drivers for that. Also, there is an error in Windows Defender it looks like so let me have you run our MBST tool one more time to do a CLEAN removal, but this time please do not allow the tool to reinstall Malwarebytes just yet. We'll put it back in again soon. What are you using this program for? Not sure why FRST is flagging it at this point. Task: {D875C9B6-ECA1-436C-822B-B3C1A9E14B5E} - System32\Tasks\IPFilter => C:\Users\Fractal\AppData\Local\IPFilter\IPFilter.exe [221288 2020-03-16] (David Moore -> David Moore) <==== ATTENTION Are you using or did you install this? Nothing wrong with the program just rare to see a home user have it installed is all C:\Program Files\PostgreSQL After you uninstall Malwarebytes with the MBST tool, restart the computer. then run the RogueKiller program you have there and post back its log. Then run the following fix as well. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
zedhr Posted April 28, 2021 Author ID:1453909 Share Posted April 28, 2021 5 minutes ago, AdvancedSetup said: Thank you I believe this is the support page for your motherboard, but don't take my word for it. Please double-check and make sure https://rog.asus.com/us/motherboards/rog-crosshair/rog-crosshair-viii-hero-wi-fi-model/helpdesk_download I'd like you to try reinstalling your network drivers to see if that will correct the errors in the Event Logs There is possibly an update from Realtek - but one must be careful as Asus may not have validated it for use yet. So, don't install the one from Realtek unless you're into beta testing or Do-It-Yourself work on a computer. https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-usb-3-0-software Then I want to also have you run the following fix which will try to unlock that Hyper-V type file and delete it. If you need to use the Hyper-V again you'd need to reinstall the drivers for that. Also, there is an error in Windows Defender it looks like so let me have you run our MBST tool one more time to do a CLEAN removal, but this time please do not allow the tool to reinstall Malwarebytes just yet. We'll put it back in again soon. What are you using this program for? Not sure why FRST is flagging it at this point. Task: {D875C9B6-ECA1-436C-822B-B3C1A9E14B5E} - System32\Tasks\IPFilter => C:\Users\Fractal\AppData\Local\IPFilter\IPFilter.exe [221288 2020-03-16] (David Moore -> David Moore) <==== ATTENTION Are you using or did you install this? Nothing wrong with the program just rare to see a home user have it installed is all C:\Program Files\PostgreSQL After you uninstall Malwarebytes with the MBST tool, restart the computer. then run the RogueKiller program you have there and post back its log. Then run the following fix as well. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt 292 B · 0 downloads Thanks Hi I will look in to it first thing tomorrow. Thank you for taking your time to figure out what is the problem. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 28, 2021 Root Admin ID:1453912 Share Posted April 28, 2021 Sounds good. the IPFilter looks to be from here: https://github.com/DavidMoore/ipfilter But, that project hasn't had any updates for 2 years and no major work 5 years. Might be why it's being flagged. The logs show that the system is running one or more P2P torrenting programs. The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is very much illegal, and there is always a chance of getting caught by the authorities. Torrenting non-copyrighted material is perfectly fine and is allowed. We have seen an increase in malware being bundled with software downloads over P2P. Please keep in mind when sharing files that you're increasing the risk that your system might get infected. Scan all files prior to running them. I recently have had a couple of users that had downloaded junk that we could not clean up well enough and they ended up having to format and reinstall Windows. Be careful and make sure you have good solid backups of your data. Link to post Share on other sites More sharing options...
zedhr Posted April 29, 2021 Author ID:1454040 Share Posted April 29, 2021 AdliceReport_SCN_04292021_171726.7z Hi I did all required fixes and here is the logs Fixlog.txt mbst-clean-results.txt rogue-report.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1454127 Share Posted April 29, 2021 Great, great. Please run the FRST program again and click on SCAN and post back both new logs. Also, please run a new Malwarebytes Threat scan and post back that new log Thanks @zedhr Link to post Share on other sites More sharing options...
zedhr Posted April 29, 2021 Author ID:1454130 Share Posted April 29, 2021 16 minutes ago, AdvancedSetup said: Great, great. Please run the FRST program again and click on SCAN and post back both new logs. Also, please run a new Malwarebytes Threat scan and post back that new log Thanks @zedhr Addition.txt FRST.txt report.txt Link to post Share on other sites More sharing options...
zedhr Posted April 29, 2021 Author ID:1454135 Share Posted April 29, 2021 Hi I ran the grab file just in case. Another two issues, i scanned my pc with Mbar usually it takes less than 5min but now its taking a lot more than that. Malwarebytes Service is taking 4% cpu normally that is 2% Not a big issue but kind a weird. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1454154 Share Posted April 29, 2021 Thank you for the logs. The Event Logs show that you have files, folder locations in your Windows Search index that are not working correctly. I would highly suggests you fully rebuild the Windows Search index. How to Reset & Rebuild Windows Search Index Completelyhttps://www.winhelponline.com/blog/reset-rebuild-windows-search-index-fix-problems/ How to Reset and Rebuild Search Index in Windows 10https://www.tenforums.com/tutorials/58569-rebuild-search-index-windows-10-a.html However, you also appear to potentially have some issues with your VSS (Volume Shadow Copy Service) so you might want to try to fix that as well Please download and run the following Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis Acronis VSS Doctor Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.Download - Acronis VSS Doctor In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply. You can also try the tool from Macrium Reflect if the Acronis tool did not work. Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool VSSfix 32bit - download VSSfix 64bit - download Once you've run the repair tool you need to restart your computer. Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries After all of these fixes, please restart the computer one more time. Then let me know if you're still experiencing any issues where Malwarebytes is consuming memory like it did before. Thank you Link to post Share on other sites More sharing options...
zedhr Posted April 30, 2021 Author ID:1454288 Share Posted April 30, 2021 18 hours ago, AdvancedSetup said: Thank you for the logs. The Event Logs show that you have files, folder locations in your Windows Search index that are not working correctly. I would highly suggests you fully rebuild the Windows Search index. How to Reset & Rebuild Windows Search Index Completelyhttps://www.winhelponline.com/blog/reset-rebuild-windows-search-index-fix-problems/ How to Reset and Rebuild Search Index in Windows 10https://www.tenforums.com/tutorials/58569-rebuild-search-index-windows-10-a.html However, you also appear to potentially have some issues with your VSS (Volume Shadow Copy Service) so you might want to try to fix that as well Please download and run the following Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis Acronis VSS Doctor Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.Download - Acronis VSS Doctor In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply. You can also try the tool from Macrium Reflect if the Acronis tool did not work. Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool VSSfix 32bit - download VSSfix 64bit - download Once you've run the repair tool you need to restart your computer. Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries After all of these fixes, please restart the computer one more time. Then let me know if you're still experiencing any issues where Malwarebytes is consuming memory like it did before. Thank you Hi Here are the logs. I ran the command line as admin but indexing troubleshooter came with error that pdf and the capture is showing. I don't know if Acronis fixed anything. Anyway, IMHO my system is fixed. What do you think msdt.exe -ep SystemSettings_Troubleshoot_L2 -id SearchDiagnostic AcronisVSSDoctorReport_2021-04-30-17-58-09.txt Addition.txt FRST.txt AcronisVSSDoctorReport_2021-04-30-19-18-28.txt AcronisVSSDoctorReport_2021-04-30-19-12-01.txt SearchDiagnostic.pdf Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 30, 2021 Root Admin ID:1454295 Share Posted April 30, 2021 Yes, overall the logs indicate things look pretty good except for your Mozilla Maintenance service. The error repeated again today. The VSS check says all was okay so that was probably just a temporary issue. System errors: ============= Error: (04/30/2021 07:16:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. Error: (04/30/2021 05:28:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. Error: (04/30/2021 12:46:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. Error: (04/29/2021 06:35:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. Error: (04/29/2021 05:28:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. You might try downloading the Firefox installer again and see if you can install over the top of Firefox to see if it can fix that error or not. It could be something else causing it to fail. Or, you could look at disabling or removing it too if wanted. https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service https://borncity.com/win/2020/08/07/windows-10-mozilla-dienste-verursachen-sporadische-freezes-abstrze/ I can go ahead and close the topic if you like just let me know Take care Link to post Share on other sites More sharing options...
zedhr Posted April 30, 2021 Author ID:1454303 Share Posted April 30, 2021 I denied mozilla maintenance from start. Yeah you can close the topic. Is Malwarebytes forum secure? Can i delete the files that i upped? Is it necessary? Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted April 30, 2021 Root Admin Solution ID:1454309 Share Posted April 30, 2021 Only Staff and Experts can view your logs but I can remove the logs if you like or even remove the entire post if you like. The purpose for leaving posts is in the hopes to help future users that come along looking for a fix where they might be able to do the fix on their own without even posting for help. That way you potentially help dozens or hundreds with a similar issues. Link to post Share on other sites More sharing options...
zedhr Posted April 30, 2021 Author ID:1454315 Share Posted April 30, 2021 26 minutes ago, AdvancedSetup said: Only Staff and Experts can view your logs but I can remove the logs if you like or even remove the entire post if you like. The purpose for leaving posts is in the hopes to help future users that come along looking for a fix where they might be able to do the fix on their own without even posting for help. That way you potentially help dozens or hundreds with a similar issues. In that case no need to delete anything. Thank you very much for helping out. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 30, 2021 Root Admin ID:1454321 Share Posted April 30, 2021 You're quite welcome. Take care and stay safe out there and I have a great weekend Cheers Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 30, 2021 Root Admin ID:1454322 Share Posted April 30, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts