Solved Windows acting very strange

Malnutrition · Dec 30, 2022

I'll move this thread.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Attach the contents of these logs in your next post for review by our Security Team

Gourde · Dec 30, 2022

Malnutrition said:
I'll move this thread.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,

If the additions.txt options box is not checked please select it.

Then select Scan

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Attach the contents of these logs in your next post for review by our Security Team

Malnutrition · Dec 30, 2022

While I look these logs over, there are remnants of Avast still on the computer.
Run the Avast removal tool.

https://files.avast.com/iavs9x/avastclear.exe

Make sure and run in safe mode.

Malnutrition · Dec 30, 2022

Adware Cleaner

Download AdwCleaner and save it to your Desktop
Right-click on AdwCleaner.exeand select, Run as Administrator
Accept the EULA (I accept), then click on Scan Now
Let the scan complete
Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
Close all other open windows and allow it to restart
After the restart, Notepad will open with the AdwCleaner cleaning log
Please Attach the contents of that log into your next reply to me

Download Malwarebytes v.4 . Install and run.

Once the MBAM dashboard opens, click on Settings (gear icon).
Click on Security tab and make sure that all four Scan options are enabled.
Close Settings and click on the Scan button on the dashboard.
Once the scan is completed make sure you have it quarantine any detections it finds.
If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.

Malnutrition · Dec 30, 2022

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

Gourde · Dec 30, 2022

Malnutrition said:
Adware Cleaner

Download AdwCleaner and save it to your Desktop

Right-click on AdwCleaner.exeand select, Run as Administrator

Accept the EULA (I accept), then click on Scan Now

Let the scan complete

Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button

Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.

Once the cleaning process is complete, AdwCleaner will ask you to restart your computer

Close all other open windows and allow it to restart

After the restart, Notepad will open with the AdwCleaner cleaning log

Please Attach the contents of that log into your next reply to me

Download Malwarebytes v.4 . Install and run.

Once the MBAM dashboard opens, click on Settings (gear icon).

Click on Security tab and make sure that all four Scan options are enabled.

Close Settings and click on the Scan button on the dashboard.

Once the scan is completed make sure you have it quarantine any detections it finds.

If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.

If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.

If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.

Here's the first log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-29-2022
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.2364)
# Cleaned: 3
# Failed: 0

***** [ Services ] *****

Deleted updater

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1668 octets] - [29/12/2022 21:47:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Here's the second one:

Malnutrition · Dec 30, 2022

K, continue along.

Gourde · Dec 30, 2022

Malnutrition said:
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

Sorry, I want to make sure I do this right. Where and how do I run this attached file? The fixlist. And what is the second file?

Gourde · Dec 30, 2022

Malnutrition said:
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

Here are the RogueKiller results:

Program : RogueKiller Anti-Malware
Version : 15.6.4.0
x64 : Yes
Program Date : Dec 15 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Glitc
User is Admin : Yes
Date : 2022/12/30 03:12:30
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 428
Found items : 1
Total scanned : 134409
Signatures Version : 20221226_091308
Truesight Driver : Yes
Updates Count : 7
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[+] scan_what : 1
[+] vendors : PUM.Policies
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 0
[+] status : 3
[+] status_str : Replaced (2)
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

Malnutrition · Dec 30, 2022

The fixlist is here, click to download.

Or copy the content of the code box below. Do not copy the word code.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt). Attach it to your next message.

Code:

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy: 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
C:\Users\Glitc\Downloads\MTGAInstaller.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files\Avast Software
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File)
Task: {5B429217-B850-49BC-83B4-9E88B8688851} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-06-17] (Avast Software s.r.o. -> Avast Software)
Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File)
Task: {868CEF18-291C-453A-BBD0-A9DF001C73D7} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-08-30] (Avast Software s.r.o. -> Avast Software)
Task: {91D80FA8-4A33-4AE4-ADF7-B6277F2B9B7A} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-11-22] (Avast Software s.r.o. -> Avast Software)
Task: {9FBAAD52-9ED5-4045-95DE-2BDA895FF0A7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File)
Task: {D1B80101-C672-4B44-B722-2B9C23D68F0D} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software)
Task: {D51AD049-63CC-4682-A533-44A317A755FE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {F343082E-4F4C-455C-A728-349D7C259A27} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1209424 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-09-15] (Avast Software s.r.o. -> AVAST Software)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7692000 2022-09-15] (Avast Software s.r.o. -> AVAST Software)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9461328 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X]
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X]
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [31424 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [229208 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [391272 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [297832 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [95960 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39648 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [267888 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [555560 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [105248 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [80376 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852000 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [695496 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [212632 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [318456 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswVpnRdr; C:\Windows\System32\drivers\aswVpnRdr.sys [65944 2022-06-17] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\Windows\System32\drivers\aswWintun.sys [51112 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
2022-12-13 13:27 - 2022-12-13 13:27 - 000273816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-12-02 17:10 - 2022-12-02 17:10 - 000051112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswWintun.sys
2022-12-29 18:38 - 2022-06-17 08:42 - 000004028 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2022-12-29 18:38 - 2022-06-17 08:36 - 000000000 ____D C:\ProgramData\Avast Software
2022-12-28 21:08 - 2022-06-17 08:37 - 000000000 ____D C:\Program Files\Avast Software
2022-12-28 20:11 - 2022-06-17 08:40 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-12-23 22:56 - 2022-06-17 08:49 - 000000000 ____D C:\Users\Glitc\AppData\Local\Avast Software
2022-12-13 13:27 - 2022-06-17 08:40 - 000852000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000695496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000555560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000391272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000318456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000297832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000267888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000229208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000105248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000095960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000080376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000039648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000031424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION
Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File)
Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File)
Task: {925126B0-2476-41D9-B2F6-655650ED9773} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {A5CBCF62-6981-42A5-808C-285A16CA8D17} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan (No File)
Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File)
Task: {C461F25A-435C-4E22-AEE6-8E75CBDB9039} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\Installer\setup.exe --handle-crash="$(ProcessPath)" (No File)
Task: {D03F795E-48E1-4ACA-8626-C5E0C24E44C7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
C:\Program Files\Easeware
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X]
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X]
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\elevation_service.exe" [X]
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho.dll => No File
FirewallRules: [{EEC2CF29-CF3E-477F-86B6-88D4A4FAA5D1}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File
FirewallRules: [{3F0193D7-0A1F-4703-BB1A-62421B112224}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File
FirewallRules: [{2F287D58-0C63-443C-BF12-EDFD6D46D5F2}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{F8D99408-90DB-414B-B3D1-66804AE11C11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D8CE1367-6B72-485B-BB4B-3DF646C3D900}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{5554C8E8-D29E-416F-8A75-10BFD4FB1B6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{341E6CD1-F072-49BE-92E3-4C98463C72FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F6B245FD-94EF-4DC2-B99D-E8802A7B78A4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits 
cmd:  bitsadmin /list /allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::

Gourde · Dec 30, 2022

Malnutrition said:

The fixlist is here, click to download.

Or copy the content of the code box below. Do not copy the word code.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt). Attach it to your next message.

Code:

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
C:\Users\Glitc\Downloads\MTGAInstaller.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files\Avast Software
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File)
Task: {5B429217-B850-49BC-83B4-9E88B8688851} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-06-17] (Avast Software s.r.o. -> Avast Software)
Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File)
Task: {868CEF18-291C-453A-BBD0-A9DF001C73D7} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6803168 2022-08-30] (Avast Software s.r.o. -> Avast Software)
Task: {91D80FA8-4A33-4AE4-ADF7-B6277F2B9B7A} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6694224 2022-11-22] (Avast Software s.r.o. -> Avast Software)
Task: {9FBAAD52-9ED5-4045-95DE-2BDA895FF0A7} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File)
Task: {D1B80101-C672-4B44-B722-2B9C23D68F0D} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6803168 2022-09-06] (Avast Software s.r.o. -> Avast Software)
Task: {D51AD049-63CC-4682-A533-44A317A755FE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {F343082E-4F4C-455C-A728-349D7C259A27} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1209424 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-13] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-13] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15464160 2022-09-15] (Avast Software s.r.o. -> AVAST Software)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7692000 2022-09-15] (Avast Software s.r.o. -> AVAST Software)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9461328 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X]
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X]
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [31424 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [229208 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [391272 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [297832 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [95960 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39648 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [267888 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [555560 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [105248 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [80376 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852000 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [695496 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [212632 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [318456 2022-12-13] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswVpnRdr; C:\Windows\System32\drivers\aswVpnRdr.sys [65944 2022-06-17] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\Windows\System32\drivers\aswWintun.sys [51112 2022-12-02] (Avast Software s.r.o. -> AVAST Software)
2022-12-13 13:27 - 2022-12-13 13:27 - 000273816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-12-02 17:10 - 2022-12-02 17:10 - 000051112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswWintun.sys
2022-12-29 18:38 - 2022-06-17 08:42 - 000004028 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2022-12-29 18:38 - 2022-06-17 08:36 - 000000000 ____D C:\ProgramData\Avast Software
2022-12-28 21:08 - 2022-06-17 08:37 - 000000000 ____D C:\Program Files\Avast Software
2022-12-28 20:11 - 2022-06-17 08:40 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-12-23 22:56 - 2022-06-17 08:49 - 000000000 ____D C:\Users\Glitc\AppData\Local\Avast Software
2022-12-13 13:27 - 2022-06-17 08:40 - 000852000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000695496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000555560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000391272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000318456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000297832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000267888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000229208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000105248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000095960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000080376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000039648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-12-13 13:27 - 2022-06-17 08:40 - 000031424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
HKU\S-1-5-21-2286714474-3743661787-3778775637-1002\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] => "C:\Users\Glitc\Downloads\MTGAInstaller.exe" /cmdloc "HKCU\Software\Wizards of the Coast AiTemp\{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}" (No File) <==== ATTENTION
Task: {476AD4BB-9CC7-4D7F-A287-9D7DE4A51DED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (No File)
Task: {85FDB129-7AEE-49F1-B958-ACA13FD9F102} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (No File)
Task: {925126B0-2476-41D9-B2F6-655650ED9773} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {A5CBCF62-6981-42A5-808C-285A16CA8D17} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan (No File)
Task: {A8CD4948-8D49-4913-8630-A3AB4291F451} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (No File)
Task: {C461F25A-435C-4E22-AEE6-8E75CBDB9039} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\Installer\setup.exe --handle-crash="$(ProcessPath)" (No File)
Task: {D03F795E-48E1-4ACA-8626-C5E0C24E44C7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
C:\Program Files\Easeware
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
S3 aswbIDSAgent; "C:\Program Files\Avast Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Firewall; "C:\Program Files\Avast Software\Avast\afwServ.exe" [X]
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\108.0.19667.125\elevation_service.exe" [X]
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\elevation_service.exe" [X]
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll -> No File
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\BHO\ie_to_edge_bho.dll => No File
FirewallRules: [{EEC2CF29-CF3E-477F-86B6-88D4A4FAA5D1}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File
FirewallRules: [{3F0193D7-0A1F-4703-BB1A-62421B112224}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe => No File
FirewallRules: [{2F287D58-0C63-443C-BF12-EDFD6D46D5F2}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{F8D99408-90DB-414B-B3D1-66804AE11C11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D8CE1367-6B72-485B-BB4B-3DF646C3D900}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{5554C8E8-D29E-416F-8A75-10BFD4FB1B6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{341E6CD1-F072-49BE-92E3-4C98463C72FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F6B245FD-94EF-4DC2-B99D-E8802A7B78A4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd:  bitsadmin /list /allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::

FRST is just a text file. I am confused? I did delete some of the app installers, maybe I accidentally deleted this previously downloaded thing?

Malnutrition · Dec 30, 2022

FRST is here.

Click me to download.
Save this to your Desktop!!

Copy the content of the code box in my last reply. Do not copy the word code.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt). Attach it to your next message.

Gourde · Dec 30, 2022

Malnutrition said:
FRST is here.

Click me to download.
Save this to your Desktop!!

Copy the content of the code box in my last reply. Do not copy the word code.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt). Attach it to your next message.

Okay, thank you so much for explaining it again! I greatly appreciate your patience.
Here is the log:

Malnutrition · Dec 30, 2022

After the FRST fix.

There was a Bitcoin miner on your computer, as well as many active trojans....which would explain the symptoms!!

RiskWare.BitCoinMiner, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\LOLMINER_V1.50_BETA_WIN64[1].ZIP, Quarantined, 869, 1054239, 1.0.64011, , ame, , E61DEAF6173330C0EA9F54E3720BCDFD, 0242B260E9151D6807D75A706136469CE1F9A724348D25CE42BD54111D0CCE65

Download AV block remover .
Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.

How is the computer running now?

Please Attach brand new FRST and Addition.txt logs so that I can check if anything remains on the computer after the AVBR log is ran.

Gourde · Dec 30, 2022

Malnutrition said:
After the FRST fix.

There was a Bitcoin miner on your computer, as well as many active trojans....which would explain the symptoms!!

RiskWare.BitCoinMiner, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\LOLMINER_V1.50_BETA_WIN64[1].ZIP, Quarantined, 869, 1054239, 1.0.64011, , ame, , E61DEAF6173330C0EA9F54E3720BCDFD, 0242B260E9151D6807D75A706136469CE1F9A724348D25CE42BD54111D0CCE65

Download AV block remover .
Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.

How is the computer running now?

Please Attach brand new FRST and Addition.txt logs so that I can check if anything remains on the computer after the AVBR log is ran.

Oh my gosh, thank you so much for noticing that! I have no idea how it would get on there, I am generally very careful with what I download. It actually makes me angry knowing there's a darn Bitcoin miner on my computer!
I do need some help knowing how to extract to my desktop, when I click the option when extracting to extract to the desktop is says access denied.

Malnutrition · Dec 30, 2022

Find my downloads in Windows 10 - Microsoft Support

See how to find things you've downloaded on your PC.

support.microsoft.com

Drag the file from the downloads folder to the desktop.

I need to get to sleep for work tomorrow, so please run this scan on your machine. Cure/delete any detections. Make a screen shot of anything detected.

Save it to your desktop.
I suggest a full scan with Kaspersky.
Disable Defender/antivirus prior to scanning......
Download and run a full scan with the Kaspersky Virus Removal tool.
Accept the terms.
Click Change Parameters.
Select the System drive.
All volumes.
Click OK, start Scan.
Report any detections here.

Malnutrition · Dec 30, 2022

Good night. I will check this thread tomorrow, when I get off of work. If you can post the AVBR log, and or run the scan with Kaspersky and post Fresh FRST and Addtion.txt logs for me to review.

Have a good rest of your night, until tomorrow.

Gourde · Dec 30, 2022

Malnutrition said:
After the FRST fix.

There was a Bitcoin miner on your computer, as well as many active trojans....which would explain the symptoms!!

RiskWare.BitCoinMiner, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\LOLMINER_V1.50_BETA_WIN64[1].ZIP, Quarantined, 869, 1054239, 1.0.64011, , ame, , E61DEAF6173330C0EA9F54E3720BCDFD, 0242B260E9151D6807D75A706136469CE1F9A724348D25CE42BD54111D0CCE65

Download AV block remover .
Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.

How is the computer running now?

Please Attach brand new FRST and Addition.txt logs so that I can check if anything remains on the computer after the AVBR log is ran.

Sadly the AVBlock remover asks me to check my date, with no further instruction. It closes after I click "Okay". Hopefully this isn't the first message you see when you wake up XD
Thank you for the help, I too need to go to bed!

Malnutrition · Dec 30, 2022

Run the tool in safe mode with Networking.

[KB2268] Start Windows in Safe Mode or Safe Mode with Networking

support.eset.com

Good night.

Gourde · Dec 30, 2022

Malnutrition said:
Run the tool in safe mode with Networking.

[KB2268] Start Windows in Safe Mode or Safe Mode with Networking

support.eset.com

Good night.

I tried that, it still says the same message of setting the date.

Solved Windows acting very strange

Malnurished Admin

Attachments

Malnurished Admin

Malnurished Admin

Malnurished Admin

Attachments

Attachments

Malnurished Admin

Malnurished Admin

Malnurished Admin

Attachments

Malnurished Admin

Malnurished Admin

Malnurished Admin

Malnurished Admin

We value your privacy