Why Ww17?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Chaos Annihilator, Jun 9, 2026.

Page 2 of 2
  1. Chaos Annihilator

    Chaos Annihilator Corporal

    Though I did just have a thought, if Avast was the only thing that could tell this file was locked, and the file really is locked, was Avast working better than everything else?
     
    Chaos Annihilator, Jun 17, 2026
    #51
  2. Oh My!

    Oh My! Malware Expert Staff Member

    My apologies once again. I changed my mind at the last minute and forgot I decided to uninstall Avast rather than do the Base Video steps, which we will need to do now.

    Yes, the Intel video drivers are locking the cache.dat file. Intel is able to access the file but access from other processes/programs is being denied. This is common, especially for system files.

    Here is a new set of instructions.

    ===================================================

    Using Base Video in Normal Mode

    --------------------
    • Click the Windows key + R at the same time
    • Type msconfig and hit Enter
    • Click the Boot tab
    • Place a check mark in Base video, then click OK
    • Restart your computer - Note: your screen resolution may change, that is normal.
    • Complete the next step
    ===================================================

    VirusTotal Online Virus Scanner

    --------------------
    • Please go to VirusTotal
    • Select Choose file
    • Navigate to the following file and double click on it

    C:Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db
    • Select Confirm upload
    • Once completed, highlight the information in the address bar and copy and paste the link in your reply
    • Reverse the Base Video step by unchecking it and restarting the computer
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Virustotal link
     
    Oh My!, Jun 17, 2026
    #52
    Chaos Annihilator likes this.
  3. Oh My!

    Oh My! Malware Expert Staff Member

    Sorry, I didn't see your post.

    I have a lengthy explanation I wrote out in anticipation of you wanting to reinstall Avast. It is complicated to try to explain which is why I asked if you plan on reinstalling it.

    My guess is Avast is not working better than the others but let's see what Virustotal says.
     
    Oh My!, Jun 17, 2026
    #53
  4. Chaos Annihilator

    Chaos Annihilator Corporal

    You're fine, I'm glad I'm not the only one.

    I followed the steps to change to the base video, restarted, then tried VirusTotal again. I still could not choose the correct file because "it is in use by anther program" it says. It did suggest I change the name, but I can't do that while it's still locked, right?

    I went back to msconfig and made sure I really checked Base Video (it's getting late, and I've been working too long) but it was really checked.

    I may just be too tired, I'll try again in the morning unless you think I did it right and have a new idea by then. Thanks!
     
    Chaos Annihilator, Jun 18, 2026
    #54
  5. Oh My!

    Oh My! Malware Expert Staff Member

    Why am I not surprised!

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
Folder: C:\FRST\Quarantine\C
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
    Oh My!, Jun 18, 2026
    #55
  6. Chaos Annihilator

    Chaos Annihilator Corporal

    Wow, sorry! I can't believe I'm just now getting to this. I've spent the day arguing with nurses, receptionists, and doctors. You'd think if you finished healthcare training and remained unpleasant and uncaring, you wouldn't be able to graduate.

    Thanks for bearing with me. Here is the log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-06-2026
    Ran by Mariah (18-06-2026 16:15:52) Run:6
    Running from C:\Users\Mariah\Desktop
    Loaded Profiles: Mariah
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    Folder: C:\FRST\Quarantine\C
    End::
    *****************


    ========================= Folder: C:\FRST\Quarantine\C ========================

    2026-06-10 12:43 - 2026-06-10 12:43 - 000191178 ____A [26FFE9C4C8E6E81D19A88DE9F35A8F3F] () C:\FRST\Quarantine\C\Firewall.reg.xBAD
    2026-06-17 12:49 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData
    2024-09-25 13:25 - 2026-06-16 23:38 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Avast Software
    2026-06-17 12:49 - 2026-06-17 12:49 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Intel
    2026-06-17 12:49 - 2026-06-17 12:49 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\ProgramData\Intel\ShaderCache
    2024-09-25 13:32 - 2024-09-25 13:32 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\FRST\Quarantine\C\ProgramData\Intel\ShaderCache\AvastUI_0.xBAD
    2024-09-25 13:32 - 2024-09-25 13:32 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\FRST\Quarantine\C\ProgramData\Intel\ShaderCache\AvastUI_1.xBAD
    2024-09-25 13:32 - 2024-09-25 13:32 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\FRST\Quarantine\C\ProgramData\Intel\ShaderCache\AvastUI_2.xBAD
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah
    2026-06-14 22:40 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData
    2026-06-14 22:40 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView
    2026-06-14 22:40 - 2026-06-14 22:40 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache
    2026-06-09 10:10 - 2026-06-11 18:51 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache
    2026-06-11 18:51 - 2026-06-11 18:51 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL
    2026-06-11 18:51 - 2026-06-11 18:53 - 000004096 ____A [9807CFF50448B39728A29115945564B3] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db
    2026-06-11 18:51 - 2026-06-11 18:53 - 000012392 ____A [77D0422CB79D7BCABA589C3C4F7B3931] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db-wal
    2026-06-11 18:51 - 2026-06-11 18:53 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.journal
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Temp
    2026-06-10 13:56 - 2026-06-14 15:26 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Temp\_avast_
    2026-06-10 13:56 - 2026-06-10 13:56 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Local\Temp\_avast_\unp_low
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage
    2026-06-17 12:50 - 2026-06-17 12:50 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default
    2026-06-13 13:53 - 2026-06-13 14:14 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default\https+++www.avast.com
    2026-06-13 14:14 - 2026-06-13 16:57 - 000000084 ____A [BA4D69CE7311F2E7B5E9AD3860409990] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default\https+++www.avast.com\.metadata-v2
    2026-06-13 13:53 - 2026-06-13 13:53 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default\https+++www.avast.com\ls
    2026-06-13 13:53 - 2026-06-13 13:53 - 000006144 ____A [6CE3B83A5FB1AA605B3B20A7C4CC2795] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default\https+++www.avast.com\ls\data.sqlite
    2026-06-13 13:53 - 2026-06-13 13:53 - 000000012 ____A [02211010EBB26D975F6B4DD39724B067] () C:\FRST\Quarantine\C\Users\Mariah\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\storage\default\https+++www.avast.com\ls\usage
    2026-06-10 12:43 - 2026-06-17 12:49 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows
    2026-06-10 12:43 - 2026-06-10 12:43 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32
    2026-06-10 12:43 - 2026-06-10 12:43 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Drivers
    2026-06-10 12:43 - 2026-06-10 13:45 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Drivers\etc
    2018-11-29 18:57 - 2025-10-02 12:00 - 000454626 ____A [F2B6821FD304AF1F2AF2222D82519671] () C:\FRST\Quarantine\C\Windows\System32\Drivers\etc\hosts.xBAD
    2026-06-17 12:49 - 2026-06-17 12:49 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp
    2026-06-13 14:02 - 2026-06-16 22:34 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp\_avast_
    2026-06-13 14:33 - 2026-06-13 14:33 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp\_avast_\TEMP~TUBC
    2026-06-13 14:33 - 2026-06-13 14:33 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp\_avast_\TEMP~TUBC\Firefox
    2026-06-13 14:33 - 2026-06-13 14:33 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp\_avast_\TEMP~TUBC\MSEdge
    2026-06-13 14:02 - 2026-06-16 22:34 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\Temp\_avast_\unp_low

    ====== End of Folder: ======


    ==== End of Fixlog 16:15:53 ====
     
    Chaos Annihilator, Jun 18, 2026
    #56
  7. Oh My!

    Oh My! Malware Expert Staff Member

    So much for bedside manners.

    I woke up in the middle of the night thinking about things and something struck me.

    In the Fixlist from Post #25 I included a command to delete the DawnGraphiteCache folder. In doing that everything else down the line in the file path would be removed, including the cache.dat file. The Fixlog showed the folder was successfully removed, however when you ran an Avast Scan very soon after the deletion Avast detected the file again. I assumed the file wasn't removed even though the Fixlog said the folder (and file) was removed. That happens on occasion where FRST indicates something was successful when it was not.

    What struck me last night is the FRST Quarantine folder should have evidence of the file removal if the folder (and file) was truly removed successfully. If that happened a brand new file was created upon reboot immediately after the Fixlist processed. What that would mean is Avast would be detecting a newly created cache.dat file we know would be clean and locked, with clean being the important consideration.

    I had you run the last Fixlist to examine the contents of the FRST Quarantine folder which contains items removed by FRST during the running of the Fixlist. This confirms what I had suspected was the case. For some reason Avast flags that particular locked file even though I am certain it examines other locked files and doesn't comment on them.

    The newly created file is clean so the issue has to be Avast. If I had to guess, I would say it was something having to do with state of Avast on your system. I would bet on a corruption since I have not had other topics where Avast commented on the same file. At least nobody has expressed a similar concern. The only way to determine if it is Avast in general or the (corrupted?) state of Avast on your system prior to removal would be to reinstall the program and run a scan.

    If you want to install Avast, test the scan, then leave it or remove it again we can repeat the 2 step cleaning process to remove the program and all the remnants left behind.

    Your call.
     
    Oh My!, Jun 18, 2026
    #57
  8. Chaos Annihilator

    Chaos Annihilator Corporal

    You really are a geek! Figuring all of that out in the middle of the night, and making it amazingly easy to understand (and rather exciting and compelling, too). Your brain is an amazing thing...

    Okay, I'm convinced the file is clean. Sure, let's reinstall Avast and see what happens.

    I don't know if it had to do with the corruption or not, but when I'd installed Avast free from their website, it looked different than a few days ago when I got Avast off of Major Geeks. It seems the free Avast here calls itself Avast One? I don't know which one is "right" or newest, do you have a preference as to where I download it from?
     
    Chaos Annihilator, Jun 18, 2026
    #58
  9. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks.

    Go directly to Avast that way there will be no question whatsoever. It will be interesting to see what happens.
     
    Oh My!, Jun 19, 2026
    #59
  10. Chaos Annihilator

    Chaos Annihilator Corporal

    Hello, I'm still here. Our internet went out early Friday morning, and we didn't get it back up and running until yesterday afternoon!

    I had no idea I was so reliant on it. Four and a half days without was very enlightening....

    I'm heading to Avast now, I'll run the scan tonight and we'll see how it goes!
     
    Chaos Annihilator, Jun 24, 2026 at 1:22 PM
    #60
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds