Verisah

So I ran it again, and after restart, the logs disappeared but the uninstall.exe was still there. I tried to delete it and it went to the Recycle Bin. I'm going to assume it's all good? If not, please let me know. And thanks for the links, I'll take a look at them 👍

I uninstalled Sophos successfully. I renamed FRST to uninstall but Avast Shield popped up again when I ran it. I think it interrupted it because the exe and log files are still there after restart. Is it ok if I just delete the files or should I run the uninstall again?

Yes, I'm confused about the Malwarebytes logs too. As I mentioned in my 1st post, I recently used the Support Tool to clean and re-install. And I'm fairly certain the OS showed up correctly before I did that.. But well, since it seems like a minor thing and Malwarebytes seems to be working fine, I'll just let it be and perhaps it'll fix itself somehow or if I try to re-install some other time. So, I did the command prompt thingy and mine looks kinda similar to yours - except that yours shows some PID 4 but mine doesn't have any. But I guess there's nothing to it. Alright, I think that's it. Although I mean to keep an eye on the registry and see if any suspicious IPs show up again just in case. Again, thanks for your help kevinf80, much appreciated.

Hello, ty for the instructions. So I installed Sophos and let it update. I then disconnected from the internet and started the scan. No threats were found. But the logs shows that it 'could not open' some system files I think, and some files in Avast, System Volume Information and Microsoft\WindowsApps folders. But I'm assuming that's normal..? About the IP 40.55.1.13, it may seem harmless but I'm still puzzled. If I understand correctly, the DhcpNameServer is for DNS server but the IP doesn't seem to be one.. It says the organization is "Eli Lilly and Company", a pharmaceutical company according to Google? I'm not even familiar with the name and never heard of it before. I don't understand how this IP got into the registry in the first place, and if the way it got there itself is cause for concern. I have removed the IP from the registry (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b4ce22f4-656d-4087-9ef1-d774da47eaad}) and left it blank. If I need to actually delete "{b4ce22f4-656d-4087-9ef1-d774da47eaad}" entirely from the registry, please let me know. The 127.0.0.1 is still a headscratcher for me.. I have attached a screenshot of the connections. These connections happen even though not connected to internet. If I check the "Resolve names" option, the 53 show up as "Domain". One last thing, my Malwarebytes scan logs are showing my operating system as Windows 8 instead of Windows 10. Do I need to do something about it or can I simply ignore it?

Thanks for the help kevinf80, it's much appreciated. I just want to make sure though, so it's for certain that my laptop is clean then? I'm still confused why my internet got suddenly so laggy/freeze that day, do u have any idea what could have caused this? And I do still have some concerns about the 127.0.0.1 connections I mentioned.. I recently read a bit about DNS rebinding attacks and I'm kinda spooked. But maybe I should ask about this elsewhere? Since it's more about networking or so?

Sorry about that, Avast's Ransomware Shield popped up during the scan. I clicked Allow but it must still have cut it off. I ran the Farbar Scan Tool again, new logs attached. I have msged u the removed entries. FRST.txt

Hello, Would be grateful if someone could check whether my laptop is infected. I'm running Avast Premium with their Firewall on (Windows Defender is auto turned off), and Malwarebytes Free (though it's on Trial right now, I recently used the Support Tool to clean and reinstall). Some months ago, I tried to scan with Malwarebytes but it got stuck on checking updates and internet was lagging a lot/freezing. I tried to update Avast as well but it freezed too and I had to force shutdown. I'm still not sure what happened there. I managed to download Microsoft Safety Scanner the next day and it found this: *** Threat detected: VirTool:Win32/DefenderTamperingRestore regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Quick Scan Removal Results ---------------- Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware Operation succeeded ! Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! *** But after some googling, I think that might have been a false positive. I also managed to scan with Malwarebytes and Avast(both normal and boot-time scans) and they found nothing. I've done more scans with other on-demand scanners as well, and still nothing but I'm still concerned. The laptop seems to be working as usual except for some oddities. Like the "Windows Security" would come up blank at times, although that hasn't happened in a while since I created a standard user account (I had only one admin account before). And the laptop won't start properly sometimes, but I haven't had this problem if I shift-click on Shut down. Also, there's been some strange behaviour from the Avast Firewall. Even though I'm not connected to my wifi and with no programs open, there's a group of connections through the Avast software (AvastSvc.exe). The Network Connections list shows a lot of connections 127.0.01, remote 53 udp, 127.0.01, local port ranging ~40000-60000, 37.0 bytes. They close and then show up again continually. I ran the Farbar Scan Tool offline, if I need to do that while online, please let me know. I bought this laptop in China, so the interface and part of the results is in Chinese language. I don't know how to get it to run in English. Also, since I re-installed Malwarebytes, the results is showing my operating system as Windows 8, though it's Windows 10.. There are some IPs that I removed from the FRST logs as I'm not sure if it's safe to show, I'll provide it in private. One of them seems strange to me. Btw I'm not tech savvy, so please bear with me. Addition.txt FRST.txt verisah-malwarebyteslogs.txt