strange things happening on computer over the years, please help

[randompcuser]

Premium user here, I've had odd things happen on this pc over a few years. No matter what I do I can't get these things to stop. Event viewer showed that my computer powered on right after I went to sleep last night. Then Microsoft defender AV had about 3 or 4 shields completely turned off as well. No matter how many times I've reinstalled or reset or tried to wipe this pc, these things keep showing up. I am no expert at all I've done as much as I can as a novice pc user. Thanks for your help.

[Porthos]

@randompcuser

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

1. Download the Malwarebytes Support Tool.
2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
4. Run the MBST Support Tool.
5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

[randompcuser]

Thanks for the quick reply and directions to get started. I've attached the zip file as requested. 

mbst-grab-results.zip

[Porthos]

39 minutes ago, randompcuser said:

Then Microsoft defender AV had about 3 or 4 shields completely turned off as well.

Just an FYI. Malwarebytes turns off Defender when installed.

Did you just install Windows yesterday? The install USB is still attached.

To turn Defender back on you need to turn off the following in Malwarebytes.

[Maurice Naggar]

Hello @randompcuser Do the adjustment as listed by Porthos above. My name is Maurice. I will guide you forward. 

(  1  )

Next first step, is to "Turn OFF ( to DISABLE) the "fast starup" of Windows 11
See https://www.windowscentral.com/software-apps/windows-11/how-to-enable-or-disable-fast-startup-on-windows-11

When that is done, be sure to do ( from Start menu) one Power >> Shutdown >> Restart.
Having "fast startup" turned Off could help alleviate some anamoly.

(  2  )

[  Do a Quick scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select QUICK scan  & have it go forward.

Let me know the results.

 

(  3  )

 

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

• Internet Services
  Windows Firewall
  System Restore
  Security Center/Action Center
  Windows Update
  Windows Defender
  Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

(  4  )

You mentioned

Quote

Then Microsoft defender AV had about 3 or 4 shields completely turned off as well

.
This O S is Windows 11 Pro 22H2. Kindly be sure to list just "what shields" are these. Perhaps you may even get a screen-image grab showing that.
How to Take a Screenshot on Windows 11

My guesstimate is that likely these would be some other protection that is not directly related to MS Windows Defender "antivirus".

Edited May 13 by Maurice Naggar
edited other tips

[randompcuser]

15 hours ago, Porthos said:

Just an FYI. Malwarebytes turns off Defender when installed.

Did you just install Windows yesterday? The install USB is still attached.

To turn Defender back on you need to turn off the following in Malwarebytes.

It was on, i didn't see it turned off. I don't recall, I may have turned it back on and don't remember. 

[randompcuser]

6 hours ago, Maurice Naggar said:

Hello @randompcuser Do the adjustment as listed by Porthos above. My name is Maurice. I will guide you forward. 

(  1  )

Next first step, is to "Turn OFF ( to DISABLE) the "fast starup" of Windows 11
See https://www.windowscentral.com/software-apps/windows-11/how-to-enable-or-disable-fast-startup-on-windows-11

When that is done, be sure to do ( from Start menu) one Power >> Shutdown >> Restart.
Having "fast startup" turned Off could help alleviate some anamoly.

(  2  )

[  Do a Quick scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select QUICK scan  & have it go forward.

Let me know the results.

 

(  3  )

 

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

• Internet Services
  Windows Firewall
  System Restore
  Security Center/Action Center
  Windows Update
  Windows Defender
  Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

(  4  )

You mentioned

.
This O S is Windows 11 Pro 22H2. Kindly be sure to list just "what shields" are these. Perhaps you may even get a screen-image grab showing that.
How to Take a Screenshot on Windows 11

My guesstimate is that likely these would be some other protection that is not directly related to MS Windows Defender "antivirus".

I have done all you have instructed, and have attached the FSS file.

As far as the shields go, I turned them back on. They were: Virus and Threat Detection, App and Browser Control and I believe Device Security, were all yellow/off. 

 

FSS.txt

[Maurice Naggar]

Thanks so much for the FSS report. That indicates that Microsoft Defender antivirus, and Windows Update are normal.
It is a bit complex to explain, however, one has to consider App and Browser Control and I believe Device Security as separate from the "antivirus" itself.
Device Security can be flagged for reasons 'other than' infection.
and then, many Windows 11 systems have had some oddity triggering the App and Browser Control 'glitch'.
These latter two ( by themseleves or even 1 of them) do not equate to a malware infection.

1. Did you do a quick scan with Microsoft Defender ?

2. I would suggest a different report so that I can review.

( 2 )

Temporarily disable Microsoft SmartScreen to download the next software below 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

[randompcuser]

Could this possibly go beyond just malware if it is anything? I have had suspicion of being hacked either with physical access to my pc or other means/connections online. I've met a lot of people through gaming and voips and programs like that. There are people out there with a lot of my info. Such as my email, phone, IP, social media and so on.

[Maurice Naggar]

Do the report cited by me above.  Later, I can have you run a battery of scans to do scans for "potential malware'. now, what you may have exposed on social media, I hope you did not post your email or personal info in public. Just keep in mind I am not here all the time. I am a volunteer. I go by actual known respected tools. I cannot speculate. Not unless I see a actual item or items flagged by a trusted tool.

[randompcuser]

1 minute ago, Maurice Naggar said:

Do the report cited by me above.  Later, I can have you run a battery of scans to do scans for "potential malware'. now, what you may have exposed on social media, I hope you did not post your email or personal info in public. Just keep in mind I am not here all the time. I am a volunteer. I go by actual known respected tools. I cannot speculate. Not unless I see a actual item or items flagged by a trusted tool.

ok here is the attached report from the security scan. And thanks for assisting me! it's definitely appreciated, it's a relief to finally reach out to someone and get help! 

SecurityCheck.txt

[randompcuser]

5 minutes ago, Maurice Naggar said:

Do the report cited by me above.  Later, I can have you run a battery of scans to do scans for "potential malware'. now, what you may have exposed on social media, I hope you did not post your email or personal info in public. Just keep in mind I am not here all the time. I am a volunteer. I go by actual known respected tools. I cannot speculate. Not unless I see a actual item or items flagged by a trusted tool.

Well no I didn't publicly post personal info, but one only had to google search my name and find much of it without even paying a penny. And there were some 'online'  friends i gamed with that I had shared enough personal info, for various reasons, that they could have also hacked me. They are into hacking and that sort of thing, lol. 

[Maurice Naggar]

The SecurityCheck report shows that all protections of (Windows) Microsoft Defender antivirus are on, along with the Premium-mode of Malwarebytes also having its protections on. I suggest what follows as the next steps.
Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select View → Show → File name extensions

(  2  )

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

(  3  )

This operating system has Remote Desktop. I suggest to turn it off to keep your system more secure.
Unless you are actually using this machine to connect to another Windows' remote desktop,  then you ought to turn off the Remote Desktop setting, since that makes your machine a tempting target.

See   https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

By turning off remote desktop, you lessen your machine's odds of being a tempting target for probers.
The bad guys seek out machines able to do remote desktop as being prime candidates.   Keep in mind these involve automated bots.

(  4  )

Additional scans and checks will follow later.

Edited May 14 by Maurice Naggar

[randompcuser]

I got zero detection on the malware scan, and I checked for updates, there were none. I also looked at remote desktop settings, it is turned off as well. 

[randompcuser]

I wish I could edit my comments but I don't see the option, but I just wanted to add that I see a lot of warnings and errors and even a critical event in event viewer over the last 7 days, not sure if that is uncommon or not. The tally is as follows:

171 errors in last 7 days, 445 warnings in last 7 days , 5,033 information events in last  7 days, and 1 audit failure which happened in the last 1 hour! 

let me know if that is cause for concern, and thanks again. 

[Maurice Naggar]

locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

[randompcuser]

Ok here is the report attached

mbscan.txt

[Maurice Naggar]

A. To this point, I do not see indicator of a malware infection. That is confirmed by the Malwarebytes scan, as well as a review of the FRST reports. Our main mission in windows-malware-removal section is to look for malware & remove them when found. That is the main major focus.

B. This system for unknown reason report abend of a Windows service named securityhealthservice. That is a glitch or ding. That is not malware. There also seems to be a issue with a unrelated DLL file.

 

( For now )

Please have lots of patience.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRSTENGLISH.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt <-- - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MS Defender antivirus. Depending on the speed of your computer this fix may take 50-55 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera + Brave caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Edited May 14 by Maurice Naggar
adjusted

[Maurice Naggar]

Hello. Status update request, please.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks