Hello,
Would be grateful if someone could check whether my laptop is infected. I'm running Avast Premium with their Firewall on (Windows Defender is auto turned off), and Malwarebytes Free (though it's on Trial right now, I recently used the Support Tool to clean and reinstall).
Some months ago, I tried to scan with Malwarebytes but it got stuck on checking updates and internet was lagging a lot/freezing. I tried to update Avast as well but it freezed too and I had to force shutdown. I'm still not sure what happened there. I managed to download Microsoft Safety Scanner the next day and it found this:
***
Threat detected: VirTool:Win32/DefenderTamperingRestore
regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
SigSeq: 0x0000055555C57273
Quick Scan Removal Results
----------------
Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
Operation succeeded !
Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
***
But after some googling, I think that might have been a false positive. I also managed to scan with Malwarebytes and Avast(both normal and boot-time scans) and they found nothing. I've done more scans with other on-demand scanners as well, and still nothing but I'm still concerned.
The laptop seems to be working as usual except for some oddities. Like the "Windows Security" would come up blank at times, although that hasn't happened in a while since I created a standard user account (I had only one admin account before). And the laptop won't start properly sometimes, but I haven't had this problem if I shift-click on Shut down. Also, there's been some strange behaviour from the Avast Firewall. Even though I'm not connected to my wifi and with no programs open, there's a group of connections through the Avast software (AvastSvc.exe). The Network Connections list shows a lot of connections 127.0.01, remote 53 udp, 127.0.01, local port ranging ~40000-60000, 37.0 bytes. They close and then show up again continually.
I ran the Farbar Scan Tool offline, if I need to do that while online, please let me know. I bought this laptop in China, so the interface and part of the results is in Chinese language. I don't know how to get it to run in English. Also, since I re-installed Malwarebytes, the results is showing my operating system as Windows 8, though it's Windows 10..
There are some IPs that I removed from the FRST logs as I'm not sure if it's safe to show, I'll provide it in private. One of them seems strange to me. Btw I'm not tech savvy, so please bear with me.
Addition.txt
FRST.txt
verisah-malwarebyteslogs.txt