System (32 bit) or otherwise called winserv.exe is pottentially eating my Laptop

Here are the files. Wanted to just say, taht I took a peek into the addition folder, and looking at the accounts logged on my computer, I have no idea who John or WDA or guest is. The only account registered and used is domin, which is mine.

Ok. Please run kaspersky. I will take a look when I return home.if you could rename avbr and run in safe mode with network via runx … prior to kaspersky that would be best. Rename it, drag and drop onto runx as you did frst try normal mode and safe mode with network

Ok, so AVBR finally ran, but through Runx. It seemed to complete all the actions, and now I’m gonna try to run Malwarebit. Kaspersky wouldn’t run though. Neither version (graphic, non graphic). I couldn’t even run harware info to atleast figure out why. It’s not that it didn’t run, it’s the fact that you choose one of the options, and theres just a black screen, which doesn’t show any sign of changing (left it on for like 10-15 minutes, nothing happened).

It also seemed to remove the “John” account, thankfully.

Soooo, I tried removing the old Malwarebit, because it still throws the “not enough permissions” message, so I installed GeekUninstaller, thought I removed Malwarebit, but actually didn’t. Every time I reopened GeekUninstaller, Malwarebit kept reapering, and the security settings was still showing, that Malwarebit is active. It only seemed to remove some files, but not completely.

Afterwards, I attempted at installing Malwarebit, but nothing seemed to change, I still coulnd’t open Malwarebit. Even tried doing it through Runx for **** and giggled, but it didn’t work.

Ok. I’m visiting a friend and will not be home until tomorrow. I’ll make a new fix for you then.

Here you are, this will also remove malwarebytes go ahead and see if you are able to install fresh copy after the fix runs.
Run in normal mode via RunX if needed

@RordonGamsey
As far as permissions go after the FRST fix, if you still have issues..

Download Windows repair all-in-one .
Unzip the archive to your desktop.
[COLOR=rgb(184, 49, 47)]Boot the computer into safe mode[/COLOR][COLOR=rgb(184, 49, 47)].
Double click the folder.
Right click Run the file Repair_Windows.exe as admin.
[ATTACH type=“full” alt=“1691931798587.png”]12508[/ATTACH]
Go to the “Repairs” tab, click on the “Open Repairs” button
[COLOR=rgb(184, 49, 47)]Attention!!! Click the “Unselect all” button. This should uncheck all items.
Check these boxes only:
#1 - Reset Registry Permissions:
#2 - Reset File Permissions:
#3 - Reset Service Permissions:
#5 - Repair WMI:
#10 - Remove policies set by infections.
#17 - Repair Windows Updates:
#21 - Repair MSI (Windows Installer):
#25 - Restore Important Windows Services:
#26 - Set Windows Services To Default Startup:
#29 - Restore Windows 8 COM+ Unmarshalers:
Then click “Start Repairs”.
This may take ten minutes or longer, do not use the machine while the scan runs.
Reboot the computer after you are sure it is completed/[/COLOR][/color]

[COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)]
The link doesn’t start downloading anything. Tried the fix, installed a fres Malwarebit, but the same error keeps appearing. Im maybe thinking about running the fix again, just to remove Malwarebit and try to run a Windows Security Scan instead.[/color][/color]

Heres the fix log btw

Here is the download to the windows repair tool. Use the portable version.



Also, use the malwarebytes tool to remove Malwarebytes.


[ATTACH type=“full”]12510[/ATTACH]

Can you use this site for an ESET online scan now?
After the all in one repair. What issues remain?

Make sure and disable your antivirus/defender prior to the scan.

[ul]
[li]Download ESET Online Scanner from herea nd save it to your Desktop.[/li][li]Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.[/li][li]Click Get started.[/li][li]In the Terms of use screen, click Accept if you agree to the Terms of use.[/li][li]Click Get started in the welcome screen.[/li][li]Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.[/li][li]Click Computer scan, in the Welcome back screen.[/li][li]Choose Full scan on the next screen.[/li][li]Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan[/li][li]When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.[/li][li]ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue[/li][li]You will now be offered a trial version of ESET Internet Security.Click continue[/li][li]On the next screen, you can leave feedback about the program if you wish.[/li][li]Select Delete application’s data on closing, if you are short of disk space or do not wish to retain the program for future use.[/li][li]If you left feedback, click Submit and continue. If not, Close without feedback.[/li][li]Copy and paste the contents of the ESETScan.txt file in your next reply.[/li][/ul]

Heres the ESET log. I am not sure if I should check if it worked and how to do it, but it seemed to remove like 4 bitcoin miners.

Ok. Those were in FRST quarantine, except one. Can you post one last FRST and Addition.txt log so that I can confirm I have removed everything. Also how is the computer running now?

C:\FRST\Quarantine\C\ProgramData\WindowsTask\AMD.e xe a variant of Win64/CoinMiner.NZ potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\ProgramData\WindowsTask\AppMo dule.exe a variant of Win64/CoinMiner.NZ potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\ProgramData\WindowsTask\Micro softHost.exe Win64/CoinMiner.AJD trojan cleaned by deleting

C:\ProgramData\SecTaskMan\c_script1D1DAF3.file BAT/Agent.PYO trojan cleaned by deleting

Heres the FRST logs. The computer was running fine ever since I quaranteened it with security task manager the first time. Everything you helped me achieve is very helpful, and I can’t express my gratetude enough to you and the work you did. Even though it was running okei, the feeling that it still exists and could have others like it was what you helped me with imensle, and I can’t thank you enough.

Alright. I’ll take a look at this when I get home.