Problems exist triggered by Windows Defender notification

I apparently messed up. Windows Defender said I needed permission on app data / local. Whatever I did caused nearly my entire desktop to disappear. I ran a full scan using Windows Defender, and 6 threats were found. 3 were quarantined, 1 was blocked, and 2 show remediation incomplete. I ran Microsoft Defender Offline scan, and now my user name seems to have disappeared. I get two error messages:

Google Drive Error
Boogle Drive cannot start
Google Drive cannot start due to a permission issue in your configuration folder. Ensure the current usere has read and write permission to "C:\Users\psyd_\AppDate\Local\Google\DriveFS\107817490269344346661\core_feature_config" and relaunch the application.

OneDrive
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may resolve this problem.

Malwarebytes, AdwCleaner, and RogueKiller found nothing.

Farber Recovery scan reported these issues:
Windows Defender:
================
Date: 2023-12-29 15:39:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Malgent!MSR&threatid=2147743411&enterprise=0
Name: Trojan:MSIL/Malgent!MSR
Severity: Severe
Category: Trojan
Path: appmodel:_43520ShekLab.XinOffice_7.8.9.0_x64__kqjcbesk4rn1g; file:_C:\Program Files\WindowsApps\43520ShekLab.XinOffice_7.8.9.0_x64__kqjcbesk4rn1g\VFS\ProgramFilesX64\LibreOffice\program\WindowsFormsApp.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.403.1338.0, AS: 1.403.1338.0, NIS: 1.403.1338.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2023-12-29 14:30:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Creprote&threatid=224324&enterprise=0
Name: PUA:Win32/Creprote
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_H:\System Volume Information\_restore{06C4E26E-F17C-452D-871B-7C1025C80A7D}\RP68\A0013526.exe; file:_H:\System Volume Information\_restore{06C4E26E-F17C-452D-871B-7C1025C80A7D}\RP68\A0013526.exe->(CABSfx)->\Setup\Function\32bit\169\TS-TGP.zip->package/kdfapi2_ex.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.403.1311.0, AS: 1.403.1311.0, NIS: 1.403.1311.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2023-12-29 14:30:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Spyware:Win32/CnsMin&threatid=3782&enterprise=0
Name: Spyware:Win32/CnsMin
Severity: High
Category: Spyware
Path: containerfile:_F:\My Documents\Computer\video codecs\DivXBundle.exe; containerfile:_H:\My Documents\Computer\video codecs\DivXBundle.exe; containerfile:_M:\750 Recovery\My Documents\Computer\Computer\video codecs\DivXBundle.exe; containerfile:_M:\750 storage\My Documents\Computer\Computer\video codecs\DivXBundle.exe; containerfile:_M:\FileHistory\psyd_\DESKTOP-KJMP7O0\Data\C\Users\psyd_\OneDrive\160\Computer\video codecs\DivXBundle (2016_03_27 20_17_02 UTC).exe; file:_F:\My Documents\Computer\video codecs\DivXBundle.exe->(nsis-6-$(ENVVAR)\y_toolbar.exe)#2; file:_H:\My Documents\Computer\video codecs\DivXBundle.exe->(nsis-6-$(ENVVAR)\y_toolbar.exe)#2; file:_M:\750 Recovery\My Documents\Computer\Computer\video codecs\DivXBundle.exe->(nsis-6-$(ENVVAR)\y_toolbar.exe)#2; file:_M:\750 storage\My Documents\Computer\Computer\video codecs\DivXBundle.exe->(nsis-6-$(ENVVAR)\y_toolbar.exe)#2; file:_M:\FileHistory\psyd_\DESKTOP-KJMP7O0\Data\C\Users\psyd_\OneDrive\160\Computer\video codecs\DivXBundle (2016_03_27 20_17_02
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.403.1311.0, AS: 1.403.1311.0, NIS: 1.403.1311.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2023-12-29 14:30:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...TML/Phish!pz&threatid=2147888341&enterprise=0
Name: Trojan:HTML/Phish!pz
Severity: Severe
Category: Trojan
Path: file:_C:\Users\psyd_\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1166\Attachments\Remittance_Copy555489[4599].htm; file:_M:\FileHistory\psyd_\DESKTOP-KJMP7O0\Data\C\Users\psyd_\Desktop\Remittance_Copy555489 (2022_11_10 02_15_22 UTC).htm
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.403.1311.0, AS: 1.403.1311.0, NIS: 1.403.1311.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2023-12-29 14:30:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Sandbox\psyd_\DefaultBox\user\current\Downloads\CloudCheck(1).exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.403.1311.0, AS: 1.403.1311.0, NIS: 1.403.1311.0
Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2
Event[0]:
Date: 2023-03-08 06:54:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1115.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-03-08 06:54:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1115.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-03-08 06:54:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1115.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-03-08 06:54:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1115.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-03-08 06:54:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1115.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2023-12-29 17:06:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsNetRdr6.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-12-29 17:06:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsconnectNetRdr2017.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-12-04 17:27:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-05 05:46:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Any suggestions on what I should do next?

 

Do you have Maleware Bytes installed? If not, see if you can install it and then go right back and check for updates and then run it. You can go to Major Geeks and get it from there. It is a trusted site.Download Malwarebytes - MajorGeeks

 

MrBill,

.
Arie has Posted a suggestion for Virus problems due to our loss of Broni.****Forum Closed****
Barry this our best recommendation.

 

I know he has. This was a suggestion for the OP

 

I ran the latest update of Malwarebytes, and nothing showed up. I'm sensing the main problem may be there are no users listed on this computer anymore, so I can't get permissions for anything. I can use my browsers, but I can't pull up Thunderbird for email on the computer. I have to check my email using my smart phone. I figure I need to run DISM and then do Windows Repair, but I want to know the order of programs I should run. I'd hate to repair everything and not have it attached to a User. A step-by-step order of programs to run would be appreciated. Thank you.

 

I attempted to run the DISM command as administrator, yet nothing opened or happened.

 

Now I attempted to follow the instructions of the tutorial, but I can't get into enable safe mode with networking. I get all the way to the final Startup Settings page, but then my computer freezes. If I press 5 or F10 or enter, nothing happens. I have to press the restart button on my computer to get anything to happen. How can I get into safe mode with networking?

 

I was able to get into safe mode, but without networking. I ran the tool. I have now returned to being a User, but I'm not sure what else was fixed or is missing. When I do a fresh install of Thunderbird, I get a message saying "Your Thunderbird profile cannot be loaded. It may be missing or inaccessible." When I input %APPDATA% into Run, nothing shows up other than Microsoft and LibreOffice. How do I fix Thunderbird and find out if there are any other issues?

 

By the way, I can only left click the start button, not right click, so I have to do ctrl-alt-delete to shut down my computer.

 

Happy New Year Barry, There is one tool you can run before you do anything drastic.
Can you open RUN?
If so, type in mrt and OK.
UAC will open in centre screen > YES.
Upper left of screen > Microsoft Windows Malicious software Tool > NEXT >
on the next Menu, select FULL scan > OK.
This may take some time to do it's job as it warns you, but it may sort things out for you.

 

I'm running the quick scan now, but I'll run the full scan later. I believe the trojan was removed, as Defender no longer sees it. That doesn't mean it didn't do some damage. I've also been doing more damage. I was able to uninstall and then install a fresh copy of Microsoft One Drive. Somehow, it is backing up my entire computer and filling up quickly. I started deleting the files on One Drive, not realizing I was deleting them from my computer, also. Luckily, I have most everything backed up on one of my extra drives.

The Malicious Software Removal Tool came up clean on the quick scan, so I'm running the full one now.

It's annoying not being able to use Thunderbird for my email, as I keep getting this message every time I attempt to start up, even after an uninstall and fresh install. "Your Thunderbird profile cannot be loaded. It may be missing or inaccessible." I have to use my phone for email.

I still can't get Google Drive to work. I realized I can shut down or restart my computer by left clicking the start button and then going up to the 3 horizontal lines on top, so I don't need to right click.

I appreciate your willingness to help, and I wish you a happy new year.

 

My computer is clean. There are no infections.

 

Looks like you are missing System Files for the OS to operate properly.
I would run sfc /scannow to see if everything is in order.
You said you tried to run DISM but couldn't get it to run, so try sfc /scannow as that should rectify and advise if all is OK.
(Windows Powershell Admin).

 

Shift + power restart at sign-in takes me to Troubleshoot, where I can access command prompts. I tried DISM, and it just gave me a bunch of information as to what DISM is but didn't offer me any actions. I tried Dism /Online /Cleanup-Image /RestoreHealth, but that wasn't an acceptable command. I tried sfc /scannow, and it scanned but then said Windows Resource Protection could not perform the requested operation.

When I uninstall Thunderbird, restart my computer and then attempt to open Thunderbird from another drive, it says Thunderbird is already running and must be closed before opening it again. I checked Task Manager, and it didn't show Thunderbird running.

What should I do next?

I have a Windows 10 recovery disc on a flash drive, if that would be of help.

 

Restore doesn't exist in my start menu or when I search the computer, so I guess I'll have to use the ISO I created when I first installed Windows 10 to do a repair install.

By the way, am I eliminating restore points by running CCleaner regularly?

 

I plan to use my ISO to do the repair install tomorrow. Before I do it, I want to know whether it would be a good idea to disconnect and/or depower my other drives. My second drive stores my programs and saved files, and my third drive is where everything is backed up. I made my ISO after I had installed most of my primary programs, so they are linked to the second drive. I just don't want to take the chance of losing anything from those extra drives.

Also, are there adjustments I can make in CCleaner settings to stop eliminating restore points, along with backup data related to those restore points?

 

I would just have one active drive during this process.

 

Thank you. I'll disconnect the other drives and power to those drives before I do the repair.

 

Though I have a lot of uninstalling and reinstalling of programs to get them working, everything appears to be back to normal. Thanks for the help.