Windows 11 installation royally fxxxed... 😔

PS C:\Users\Jesus> fltmc filters

Filter Name Num Instances Altitude Frame
------------------------------ ------------- ------------ -----
bindflt 1 409800 0
UCPD 14 385250.5 0
WdFilter 14 328010 0
storqosflt 0 244000 0
wcifs 0 189900 0
CldFlt 0 180451 0
bfs 16 150000 0
FileCrypt 0 141100 0
npsvctrig 1 46000 0
Wof 11 40700 0
FileInfo 14 40500 0

C:\Users\Jesus>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
Class REG_SZ DiskDrive
ClassDesc REG_SZ @c_diskdrive.inf,%ClassDesc%;Disk drives
IconPath REG_MULTI_SZ %SystemRoot%\System32\setupapi.dll,-53
UpperFilters REG_MULTI_SZ partmgr
LowerFilters REG_MULTI_SZ EhStorClass
LastDeleteDate REG_BINARY D5F35741F38CDA01
EnumPropPages32 REG_SZ storprop.dll,DiskPropPageProvider
NoInstallClass REG_SZ 1
SilentInstall REG_SZ 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0005
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0006
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0007
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0008
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0011
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0014
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0015
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\0016
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Properties
 

Attachments

Rich (BB code): 
Windows Defender:
================
Date: 2024-04-18 03:58:33
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Mamson.A!ac&threatid=2147749144&enterprise=0
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Process Lasso\Patch.exe; process:_pid:18124,ProcessStart:133578790934877296
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files\Process Lasso\Patch.exe
Security intelligence Version: AV: 1.409.348.0, AS: 1.409.348.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.24030.4, NIS: 0.0.0.0 

Date: 2024-04-18 03:58:13
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Mamson.A!ac&threatid=2147749144&enterprise=0
Name: Trojan:Win32/Mamson.A!ac
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\Process Lasso\Patch.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.348.0, AS: 1.409.348.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.24030.4, NIS: 0.0.0.0 

Date: 2024-04-18 02:13:11
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tnega!MSR&threatid=2147754624&enterprise=0
Name: Trojan:Win32/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Temp\_tc\Project X.exe; process:_pid:22500,ProcessStart:133578727714810487
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.348.0, AS: 1.409.348.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.24030.4, NIS: 0.0.0.0 

Date: 2024-04-18 02:12:51
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tnega!MSR&threatid=2147754624&enterprise=0
Name: Trojan:Win32/Tnega!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Temp\_tc\Project X.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.348.0, AS: 1.409.348.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.24030.4, NIS: 0.0.0.0 

Date: 2024-04-15 19:42:15
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Cryptor&threatid=2147768041&enterprise=0
Name: Trojan:MSIL/Cryptor
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\EaseUS\Todo Backup\Keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.295.0, AS: 1.409.295.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.24030.4, NIS: 0.0.0.0

I would strongly recommend getting these entries checked out before we proceed by posting in the Malware Removal Forum, please make sure that you follow these posting instructions as well: Malware Removal Posting Instructions

Once they've confirmed that your machine is clean then we investigate further.
 
Those I've been using for years without a problem. But anyway, just to be sure, I cleaned all that and ensure my system is clean with both Malwarebytes:
1715623396698.png

and Malware Hunter:
1715623409568.png

SFC, DISM and Windows Update still say the same. 😟
 
I'm able to run SFC and DISM from Recovery or installation boot Command Prompt:
1715859726923.png

But it doesn't fix anything. Once I go back to my system, it has the exact same issues and nothing has changed... 🤔
 
Milincho said:
Those I've been using for years without a problem.
Click to expand...
Most of that software seems to be cracked though so who knows what else it has changed so it would still be best if you actually had it checked more thoroughly.

Since the issue appears to be due TiWorker.exe not being to start then I would look at removing all the crapware software such as ShutUp10, Glary Utilities and Process Lasso. There's been plenty of instances where software like that has prevented certain services from starting correctly.
 
x BlueRobot said:
Most of that software seems to be cracked though so who knows what else it has changed so it would still be best if you actually had it checked more thoroughly.

Since the issue appears to be due TiWorker.exe not being to start then I would look at removing all the crapware software such as ShutUp10, Glary Utilities and Process Lasso. There's been plenty of instances where software like that has prevented certain services from starting correctly.
Click to expand...

I only use Glary Utilities regularly, didn't know it qualified as "crapware", lol. I use it in other machines without problems, but ok, I'll remove all that, but then... what do I do to fix the issues?
 
You'll need to try and run DISM again and see if fails with the same error as before, if it does, then see if you can even start the TrustedInstaller service from an elevated command prompt using:

Code: 
sc start TrustedInstaller

If you can't, then the permissions of that service will be need to checked. Please make sure that you've removed all the programs mentioned, including anything which is a cleaning tool, provides any form of "optimisation" or states that it will stop certain telemetry from being sent. After you've done that then please post new FRST logs; I still would highly recommend that you get your machine checked for malware too.
 
x BlueRobot said:
You'll need to try and run DISM again and see if fails with the same error as before, if it does, then see if you can even start the TrustedInstaller service from an elevated command prompt using:

Code: 
sc start TrustedInstaller

If you can't, then the permissions of that service will be need to checked. Please make sure that you've removed all the programs mentioned, including anything which is a cleaning tool, provides any form of "optimisation" or states that it will stop certain telemetry from being sent. After you've done that then please post new FRST logs; I still would highly recommend that you get your machine checked for malware too.
Click to expand...

In the end I decided to face the evil and try a clean install. With TransWiz's ForensiT Move Computer help to preserve my user's data I installed a fresh Windows 11 22631.3527 and then restored the saved user data and moved back all the old files and folders the Windows installation put in Windows.old.

To my surprise this worked pretty well, and I didn't have to reinstall or fiddle with the vast majority of my programs, tools, utilities, licenses, configurations, etc. 90% worked fine just doing that.

Now SFC, DISM and Windows Update all work fine.

First thing I did now was a full backup in Macrium *and* made a second copy of it in another machine... 😆

I want to really thank you for your time, efforts and patience with me and my issues. 🍻
It must be FAR from easy having to deal with this crap on a daily basis...
 
Last edited by a moderator:
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top