Tweet
Originally posted by Malnutrition
-
Sadly when the problem occurs now I can’t move my mouse at all! Do I instead run it before and after the problem? And sorry for the late responses, I do see these often however I am disabled so my energy levels are VERY low. I only respond when I have enough energy to do so! And to do all these steps too. -
Create a new thread in the malware forum. We should check to see if there is any malware on your computer, before we do anything else.
Comment
-
I do not think this is malware, as this issue has been present since day one and I got it to stop once trying to get Dark Injections mods to work on Steam Spore. My uncle uses the exact same windows he installed on my computer and doesn’t have these issues.Originally posted by MalnutritionCreate a new thread in the malware forum. We should check to see if there is any malware on your computer, before we do anything else.
Comment
-
It may indeed be malware, we should check to be certain. Then we can go from there. It will not take long. Just a couple scans and we can go from there.Comment
-
Okay, I’ll do those. Using the KillEmAll? Are you okay sending the steps again for me?Originally posted by MalnutritionComment
-
I’ll move this thread.
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][li]Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.[/li][/ol]
Please Attach the contents of these logs in your next post for review by our Security TeamCode:[IMG alt="2016-08-12_152002.jpg"]https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797/
Comment
-
Originally posted by MalnutritionComment
-
While I look these logs over, there are remnants of Avast still on the computer.
Run the Avast removal tool.
Make sure and run in safe mode.Comment
-
Adware Cleaner
[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]
Download Malwarebytes v.4 . Install and run.
[ul]
[li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]
Comment
-
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.Comment
-
Here’s the first log:Originally posted by Malnutrition
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.4.0.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 08-30-2022[/HEADING]
[HEADING=1]Database: 2022-10-10.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 12-29-2022[/HEADING]
[HEADING=1]Duration: 00:00:00[/HEADING]
[HEADING=1]OS: Windows 10 (Build 19045.2364)[/HEADING]
[HEADING=1]Cleaned: 3[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****
Deleted updater
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
[+] Delete Tracing Keys
[+] Reset Winsock
AdwCleaner[S00].txt - [1668 octets] - [29/12/2022 21:47:52]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Here’s the second one:Comment
-
K, continue along. ???Comment
-
Sorry, I want to make sure I do this right. Where and how do I run this attached file? The fixlist. And what is the second file?Originally posted by MalnutritionComment
-
Here are the RogueKiller results:Originally posted by Malnutrition
Program : RogueKiller Anti-Malware
Version : 15.6.4.0
x64 : Yes
Program Date : Dec 15 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Glitc
User is Admin : Yes
Date : 2022/12/30 03:12:30
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 428
Found items : 1
Total scanned : 134409
Signatures Version : 20221226_091308
Truesight Driver : Yes
Updates Count : 7
Arguments : -minimize
************************* Warnings *************************
************************* Removal *************************
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System|ConsentPromptBehaviorAd min – → Replaced (2)
[+] scan_what : 1
[+] vendors : PUM.Policies
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System|ConsentPromptBehaviorAd min
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 0
[+] status : 3
[+] status_str : Replaced (2)
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0Comment
-
The fixlist is here, click to download.
Or copy the content of the code box below. Do not copy the word code.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt). Attach it to your next message.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1 HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION C:\Users\Glitc\Downloads\MTGAInstaller.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level C:\Program Files\Avast Software (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File) Task: {5B429217-B850-49BC-83B4-9E88B8688851} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-06-17] (Avast Software s.r.o. -> Avast Software) Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File) Task: {868CEF18-291C-453A-BBD0-A9DF001C73D7} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-08-30] (Avast Software s.r.o. -> Avast Software) Task: {91D80FA8-4A33-4AE4-ADF7-B6277F2B9B7A} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-11-22] (Avast Software s.r.o. -> Avast Software) Task: {9FBAAD52-9ED5-4045-95DE-2BDA895FF0A7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software) Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File) Task: {D1B80101-C672-4B44-B722-2B9C23D68F0D} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software) Task: {D51AD049-63CC-4682-A533-44A317A755FE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software) Task: {F343082E-4F4C-455C-A728-349D7C259A27} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1209424 2022-12-02] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-09-15] (Avast Software s.r.o. -> AVAST Software) R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7692000 2022-09-15] (Avast Software s.r.o. -> AVAST Software) R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9461328 2022-12-02] (Avast Software s.r.o. -> AVAST Software) S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X] S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X] S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X] S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X] S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X] S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X] S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [31424 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [229208 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [391272 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [297832 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [95960 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39648 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [267888 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [555560 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [105248 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [80376 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852000 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [695496 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [212632 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [318456 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software) S3 aswVpnRdr; C:\Windows\System32\drivers\aswVpnRdr.sys [65944 2022-06-17] (Avast Software s.r.o. -> Avast Software) R3 aswWintun; C:\Windows\System32\drivers\aswWintun.sys [51112 2022-12-02] (Avast Software s.r.o. -> AVAST Software) 2022-12-13 13:27 - 2022-12-13 13:27 - 000273816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2022-12-02 17:10 - 2022-12-02 17:10 - 000051112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswWintun.sys 2022-12-29 18:38 - 2022-06-17 08:42 - 000004028 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update 2022-12-29 18:38 - 2022-06-17 08:36 - 000000000 ____D C:\ProgramData\Avast Software 2022-12-28 21:08 - 2022-06-17 08:37 - 000000000 ____D C:\Program Files\Avast Software 2022-12-28 20:11 - 2022-06-17 08:40 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update 2022-12-23 22:56 - 2022-06-17 08:49 - 000000000 ____D C:\Users\Glitc\AppData\Local\Avast Software 2022-12-13 13:27 - 2022-06-17 08:40 - 000852000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000695496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000555560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000391272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000318456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000297832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000267888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000229208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000105248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000095960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000080376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000039648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2022-12-13 13:27 - 2022-06-17 08:40 - 000031424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File) Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File) Task: {925126B0-2476-41D9-B2F6-655650ED9773} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File) Task: {A5CBCF62-6981-42A5-808C-285A16CA8D17} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan (No File) Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File) Task: {C461F25A-435C-4E22-AEE6-8E75CBDB9039} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\Installer\setup.exe --handle-crash="$(ProcessPath)" (No File) Task: {D03F795E-48E1-4ACA-8626-C5E0C24E44C7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File) C:\Program Files\Easeware Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X] S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X] S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X] S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X] S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X] S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X] S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X] S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X] S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\elevation_service.exe" [X] Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho_64.dll => No File BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho.dll => No File FirewallRules: [{EEC2CF29-CF3E-477F-86B6-88D4A4FAA5D1}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File FirewallRules: [{3F0193D7-0A1F-4703-BB1A-62421B112224}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File FirewallRules: [{2F287D58-0C63-443C-BF12-EDFD6D46D5F2}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File FirewallRules: [{F8D99408-90DB-414B-B3D1-66804AE11C11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{D8CE1367-6B72-485B-BB4B-3DF646C3D900}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{5554C8E8-D29E-416F-8A75-10BFD4FB1B6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{341E6CD1-F072-49BE-92E3-4C98463C72FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File FirewallRules: [{F6B245FD-94EF-4DC2-B99D-E8802A7B78A4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File cmd: net stop bits Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old cmd: net start bits cmd: bitsadmin /list /allusers CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R" CMD: "%WINDIR%\SysWOW64\lodctr.exe /R" CMD: "C:\Windows\SYSTEM32\lodctr.exe /R" CMD: "C:\Windows\SysWOW64\lodctr.exe /R" CMD: del /f /s /q %windir%\prefetch\*.* CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.* CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" CMD: ipconfig /flushdns C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions emptytemp: Reboot: End::Comment
Comment