Why Ww17?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Chaos Annihilator, Jun 9, 2026.

  1. Chaos Annihilator

    Chaos Annihilator Private First Class

    Hello,

    I just have a question, I don't think I need a specialist, but I couldn't find the forum to post general questions for anyone to answer, so please let me know if I should have asked this someplace else.

    Twice during the past couple of weeks, when I would type in a URL for a website I normally go to, it changes it automatically to ww17.

    The first time I did walmart.com, and when I press enter it usually changes to www.walmart.com and takes me to walmart. But once it changed to ww17.walmart.com. I don't know where it would have taken me, I closed out quickly and tried again, and it worked like normal. Just today it did the same thing with accuweather.com. I hit enter, and instead of going to www.accuweather.com it went to ww17.accuweather.com.

    I asked a friend, and she said she noticed the same thing a while back, the only one she can remember is ww5.walmart.com, and once she got a ww3. She responded the same as me, closed the window too quick to tell what would have happened.

    Is this a normal thing I never noticed before, or is something strange going on?

    Thanks.
     
    Chaos Annihilator, Jun 9, 2026
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome back to the Major Geeks Malware Forum.

    All malware topics are now being handled in this Forum.

    That is not normal. Please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Jun 9, 2026
    #2
  3. Chaos Annihilator

    Chaos Annihilator Private First Class

    Hello again, and thanks for helping me out again.

    As usual, since my friend was experiencing something similar she would like for us to check her computer as well once we finish here.

    We've been having some issues lately with our internet being intermittent. I don't know if this would have anything to do with the urls changing, but I figured I'd let you know in case; maybe it dropping out affects the path? But when I get the ww17 I never notice the internet being down. I called our service provider about it a couple of times, but they treat me like I'm stupid (I say "the green light blinks when I can't connect", they say "Are your lights doing anything?" "Yes, I just said it was blinking" "That means it's fine!" "No, I'm telling you that it starts blinking when I can't connect" "It looks fine to me..."). A family member has been going though some health issues the past couple of weeks, so arguing with some guy about whether I can tell if a light is blinking, and whether I can tell if I have internet or not keeps being pushed farther down on my todo list. Everything bad seems to happen at once, doesn't it?

    The reports are attached. Thanks!
     

    Attached Files:

    Chaos Annihilator, Jun 9, 2026
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for your patience.

    Let's start with this.


    This is an insufficient amount of available free RAM to properly run the system. Some system performance issues should be expected.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Lenovo App Explorer
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Uninstalling Adobe Flash Player

    --------------------

    Note: Adobe Flash Player is no longer supported and is a security risk.
    • Download Adobe Flash Player Uninstaller and save it to your Desktop
    • Right click on the icon and select Run as administrator
    • Click Uninstall then Done to reboot your computer
    ===================================================

    Farbar Recovery Scan Tool - Run Fix Using Attached File

    --------------------
    • Download the attached file and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
    • Right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot
    • The tool will create a log on the desktop called Fixlog.txt
    • Copy and paste the contents of the report in your reply. If it is too large you can attach it or uploaded here
    • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
    • WARNING Regarding the Emptytemp: command, please see here before running the Fixlist. If you have concerns stop and let me know.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Lenovo App Explorer removed?
    • Flash Player removed?
    • Fixlog
     

    Attached Files:

    Oh My!, Jun 10, 2026
    #4
  5. Chaos Annihilator

    Chaos Annihilator Private First Class

    I didn't realize it until late last night, but my old computer was struggling with an update yesterday. It finally finished up this morning, so I should have more available RAM today. I'll work on this over the next couple of hours and get back to you. Thanks!
     
    Chaos Annihilator, Jun 10, 2026
    #5
  6. Chaos Annihilator

    Chaos Annihilator Private First Class

    I couldn't find Lenovo App Explorer or anything like it (I didn't see anything concerning Lenovo, which seems odd, maybe I did something wrong?)
    Flash Player is removed, and the Fix log follows. Thanks!

    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-06-2026
    Ran by Mariah (10-06-2026 12:40:50) Run:1
    Running from C:\Users\Mariah\Desktop
    Loaded Profiles: Mariah
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    U3 aswBcc; no ImagePath
    U3 Avast Business Console Client Antivirus Service; no ImagePath
    AlternateDataStreams: C:\ProgramData\TEMP:015F29EB [238]
    AlternateDataStreams: C:\ProgramData\TEMP:02B823FE [244]
    AlternateDataStreams: C:\ProgramData\TEMP:0CC87BCF [242]
    AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [272]
    AlternateDataStreams: C:\ProgramData\TEMP:156EA786 [278]
    AlternateDataStreams: C:\ProgramData\TEMP:16C1BBE7 [127]
    AlternateDataStreams: C:\ProgramData\TEMP:195E8317 [296]
    AlternateDataStreams: C:\ProgramData\TEMP:1A7FC483 [294]
    AlternateDataStreams: C:\ProgramData\TEMP:1B389835 [262]
    AlternateDataStreams: C:\ProgramData\TEMP:1D76E978 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:20D6180C [260]
    AlternateDataStreams: C:\ProgramData\TEMP:21D69AEA [254]
    AlternateDataStreams: C:\ProgramData\TEMP:24E2101A [190]
    AlternateDataStreams: C:\ProgramData\TEMP:29C0641D [236]
    AlternateDataStreams: C:\ProgramData\TEMP:2CA1609B [300]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:2E4F2A79 [141]
    AlternateDataStreams: C:\ProgramData\TEMP:2E66042C [290]
    AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C [240]
    AlternateDataStreams: C:\ProgramData\TEMP:2EDB83ED [288]
    AlternateDataStreams: C:\ProgramData\TEMP:3369FC3D [248]
    AlternateDataStreams: C:\ProgramData\TEMP:366B74CA [246]
    AlternateDataStreams: C:\ProgramData\TEMP:3766E957 [234]
    AlternateDataStreams: C:\ProgramData\TEMP:37CC9F97 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83 [0]
    AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:3A7ED404 [120]
    AlternateDataStreams: C:\ProgramData\TEMP:3C0F646D [298]
    AlternateDataStreams: C:\ProgramData\TEMP:438FAD41 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:45729527 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:481B6848 [278]
    AlternateDataStreams: C:\ProgramData\TEMP:496CE3BD [276]
    AlternateDataStreams: C:\ProgramData\TEMP:4A10AFB7 [282]
    AlternateDataStreams: C:\ProgramData\TEMP:4BE0D97B [240]
    AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:4DFF1E02 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:52329B88 [294]
    AlternateDataStreams: C:\ProgramData\TEMP:53DCDC76 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:543B73DB [252]
    AlternateDataStreams: C:\ProgramData\TEMP:550991CD [280]
    AlternateDataStreams: C:\ProgramData\TEMP:5724655A [268]
    AlternateDataStreams: C:\ProgramData\TEMP:5776162D [300]
    AlternateDataStreams: C:\ProgramData\TEMP:57E54B1F [250]
    AlternateDataStreams: C:\ProgramData\TEMP:5DB4FD98 [262]
    AlternateDataStreams: C:\ProgramData\TEMP:61A0AE97 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:61BE8163 [278]
    AlternateDataStreams: C:\ProgramData\TEMP:6B0844A1 [296]
    AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [229]
    AlternateDataStreams: C:\ProgramData\TEMP:71D2C38F [280]
    AlternateDataStreams: C:\ProgramData\TEMP:7883CD2F [278]
    AlternateDataStreams: C:\ProgramData\TEMP:78AFE092 [292]
    AlternateDataStreams: C:\ProgramData\TEMP:7B40E55D [238]
    AlternateDataStreams: C:\ProgramData\TEMP:7BB20DE8 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA [268]
    AlternateDataStreams: C:\ProgramData\TEMP:7BD99608 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:7C6EFFE5 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:7E4E56EA [238]
    AlternateDataStreams: C:\ProgramData\TEMP:7F2999D8 [286]
    AlternateDataStreams: C:\ProgramData\TEMP:7F477B0D [128]
    AlternateDataStreams: C:\ProgramData\TEMP:81E0F9D0 [282]
    AlternateDataStreams: C:\ProgramData\TEMP:82F7230D [268]
    AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7 [286]
    AlternateDataStreams: C:\ProgramData\TEMP:8609D5EB [294]
    AlternateDataStreams: C:\ProgramData\TEMP:86D9F4F5 [134]
    AlternateDataStreams: C:\ProgramData\TEMP:8855A119 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:89FC8EEB [288]
    AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:99AC3203 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:99E4CC35 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:9CCA586A [133]
    AlternateDataStreams: C:\ProgramData\TEMP:9D102BD5 [121]
    AlternateDataStreams: C:\ProgramData\TEMP:9D568B87 [260]
    AlternateDataStreams: C:\ProgramData\TEMP:9F989C96 [262]
    AlternateDataStreams: C:\ProgramData\TEMP:A0E43F10 [294]
    AlternateDataStreams: C:\ProgramData\TEMP:A441D13F [276]
    AlternateDataStreams: C:\ProgramData\TEMP:A6139B6E [254]
    AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF [226]
    AlternateDataStreams: C:\ProgramData\TEMP:A9FDA426 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:AEDDFE23 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:B0A67943 [153]
    AlternateDataStreams: C:\ProgramData\TEMP:B1EDBD67 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:B27CA08B [250]
    AlternateDataStreams: C:\ProgramData\TEMP:B7A994C9 [268]
    AlternateDataStreams: C:\ProgramData\TEMP:B96A1D83 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:C9B27A06 [266]
    AlternateDataStreams: C:\ProgramData\TEMP:CE52F783 [146]
    AlternateDataStreams: C:\ProgramData\TEMP:CE707633 [288]
    AlternateDataStreams: C:\ProgramData\TEMP:D24FB777 [262]
    AlternateDataStreams: C:\ProgramData\TEMP:D73BDA53 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:D92A5893 [272]
    AlternateDataStreams: C:\ProgramData\TEMP:D9FA218A [220]
    AlternateDataStreams: C:\ProgramData\TEMP:DA74D1D9 [274]
    AlternateDataStreams: C:\ProgramData\TEMP:DB08C746 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:DCACED86 [260]
    AlternateDataStreams: C:\ProgramData\TEMP:E14735EC [256]
    AlternateDataStreams: C:\ProgramData\TEMP:E1AEA10E [244]
    AlternateDataStreams: C:\ProgramData\TEMP:E4A5D2FF [284]
    AlternateDataStreams: C:\ProgramData\TEMP:E5468884 [290]
    AlternateDataStreams: C:\ProgramData\TEMP:E817BB3F [280]
    AlternateDataStreams: C:\ProgramData\TEMP:E9900C74 [274]
    AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
    AlternateDataStreams: C:\ProgramData\TEMP:EE184D3F [238]
    AlternateDataStreams: C:\ProgramData\TEMP:EFDEF3ED [244]
    AlternateDataStreams: C:\ProgramData\TEMP:F123F8B9 [272]
    AlternateDataStreams: C:\ProgramData\TEMP:F3E9197A [300]
    AlternateDataStreams: C:\ProgramData\TEMP:F549B434 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A [288]
    AlternateDataStreams: C:\ProgramData\TEMP:F5FDEE91 [0]
    AlternateDataStreams: C:\ProgramData\TEMP:F65EE2A5 [121]
    AlternateDataStreams: C:\ProgramData\TEMP:F9411724 [272]
    AlternateDataStreams: C:\ProgramData\TEMP:F9580DBB [138]
    AlternateDataStreams: C:\ProgramData\TEMP:F9E46E4C [248]
    AlternateDataStreams: C:\ProgramData\TEMP:FE4D2782 [282]
    AlternateDataStreams: C:\ProgramData\TEMP:FF914CC6 [296]
    cmd: netsh winsock reset catalog
    cmd: netsh int ip reset resetlog.txt
    Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
    C:\Firewall.reg
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: bitsadmin /reset /allusers
    cmd: ipconfig /flushdns
    Removeproxy:
    hosts:
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    Emptytemp:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
    HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
    C:\ProgramData\TEMP => ":015F29EB" ADS removed successfully
    C:\ProgramData\TEMP => ":02B823FE" ADS removed successfully
    C:\ProgramData\TEMP => ":0CC87BCF" ADS removed successfully
    C:\ProgramData\TEMP => ":0E61938B" ADS removed successfully
    C:\ProgramData\TEMP => ":156EA786" ADS removed successfully
    C:\ProgramData\TEMP => ":16C1BBE7" ADS removed successfully
    C:\ProgramData\TEMP => ":195E8317" ADS removed successfully
    C:\ProgramData\TEMP => ":1A7FC483" ADS removed successfully
    C:\ProgramData\TEMP => ":1B389835" ADS removed successfully
    C:\ProgramData\TEMP => ":1D76E978" ADS removed successfully
    C:\ProgramData\TEMP => ":20D6180C" ADS removed successfully
    C:\ProgramData\TEMP => ":21D69AEA" ADS removed successfully
    C:\ProgramData\TEMP => ":24E2101A" ADS removed successfully
    C:\ProgramData\TEMP => ":29C0641D" ADS removed successfully
    C:\ProgramData\TEMP => ":2CA1609B" ADS removed successfully
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
    C:\ProgramData\TEMP => ":2E4F2A79" ADS removed successfully
    C:\ProgramData\TEMP => ":2E66042C" ADS removed successfully
    C:\ProgramData\TEMP => ":2EC5D66C" ADS removed successfully
    C:\ProgramData\TEMP => ":2EDB83ED" ADS removed successfully
    C:\ProgramData\TEMP => ":3369FC3D" ADS removed successfully
    C:\ProgramData\TEMP => ":366B74CA" ADS removed successfully
    C:\ProgramData\TEMP => ":3766E957" ADS removed successfully
    C:\ProgramData\TEMP => ":37CC9F97" ADS removed successfully
    C:\ProgramData\TEMP => ":38D2EA83" ADS removed successfully
    C:\ProgramData\TEMP => ":3A4C8FE7" ADS removed successfully
    C:\ProgramData\TEMP => ":3A7ED404" ADS removed successfully
    C:\ProgramData\TEMP => ":3C0F646D" ADS removed successfully
    C:\ProgramData\TEMP => ":438FAD41" ADS removed successfully
    C:\ProgramData\TEMP => ":45729527" ADS removed successfully
    C:\ProgramData\TEMP => ":481B6848" ADS removed successfully
    C:\ProgramData\TEMP => ":496CE3BD" ADS removed successfully
    C:\ProgramData\TEMP => ":4A10AFB7" ADS removed successfully
    C:\ProgramData\TEMP => ":4BE0D97B" ADS removed successfully
    C:\ProgramData\TEMP => ":4C3504B5" ADS removed successfully
    C:\ProgramData\TEMP => ":4DFF1E02" ADS removed successfully
    C:\ProgramData\TEMP => ":52329B88" ADS removed successfully
    C:\ProgramData\TEMP => ":53DCDC76" ADS removed successfully
    C:\ProgramData\TEMP => ":543B73DB" ADS removed successfully
    C:\ProgramData\TEMP => ":550991CD" ADS removed successfully
    C:\ProgramData\TEMP => ":5724655A" ADS removed successfully
    C:\ProgramData\TEMP => ":5776162D" ADS removed successfully
    C:\ProgramData\TEMP => ":57E54B1F" ADS removed successfully
    C:\ProgramData\TEMP => ":5DB4FD98" ADS removed successfully
    C:\ProgramData\TEMP => ":61A0AE97" ADS removed successfully
    C:\ProgramData\TEMP => ":61BE8163" ADS removed successfully
    C:\ProgramData\TEMP => ":6B0844A1" ADS removed successfully
    C:\ProgramData\TEMP => ":717F51DE" ADS removed successfully
    C:\ProgramData\TEMP => ":71D2C38F" ADS removed successfully
    C:\ProgramData\TEMP => ":7883CD2F" ADS removed successfully
    C:\ProgramData\TEMP => ":78AFE092" ADS removed successfully
    C:\ProgramData\TEMP => ":7B40E55D" ADS removed successfully
    C:\ProgramData\TEMP => ":7BB20DE8" ADS removed successfully
    C:\ProgramData\TEMP => ":7BB584AA" ADS removed successfully
    C:\ProgramData\TEMP => ":7BD99608" ADS removed successfully
    C:\ProgramData\TEMP => ":7C6EFFE5" ADS removed successfully
    C:\ProgramData\TEMP => ":7E4E56EA" ADS removed successfully
    C:\ProgramData\TEMP => ":7F2999D8" ADS removed successfully
    C:\ProgramData\TEMP => ":7F477B0D" ADS removed successfully
    C:\ProgramData\TEMP => ":81E0F9D0" ADS removed successfully
    C:\ProgramData\TEMP => ":82F7230D" ADS removed successfully
    C:\ProgramData\TEMP => ":84FA02E7" ADS removed successfully
    C:\ProgramData\TEMP => ":8609D5EB" ADS removed successfully
    C:\ProgramData\TEMP => ":86D9F4F5" ADS removed successfully
    C:\ProgramData\TEMP => ":8855A119" ADS removed successfully
    C:\ProgramData\TEMP => ":887F3A41" ADS removed successfully
    C:\ProgramData\TEMP => ":89FC8EEB" ADS removed successfully
    C:\ProgramData\TEMP => ":8BE7A048" ADS removed successfully
    C:\ProgramData\TEMP => ":99AC3203" ADS removed successfully
    C:\ProgramData\TEMP => ":99E4CC35" ADS removed successfully
    C:\ProgramData\TEMP => ":9CCA586A" ADS removed successfully
    C:\ProgramData\TEMP => ":9D102BD5" ADS removed successfully
    C:\ProgramData\TEMP => ":9D568B87" ADS removed successfully
    C:\ProgramData\TEMP => ":9F989C96" ADS removed successfully
    C:\ProgramData\TEMP => ":A0E43F10" ADS removed successfully
    C:\ProgramData\TEMP => ":A441D13F" ADS removed successfully
    C:\ProgramData\TEMP => ":A6139B6E" ADS removed successfully
    C:\ProgramData\TEMP => ":A9ABA3FF" ADS removed successfully
    C:\ProgramData\TEMP => ":A9FDA426" ADS removed successfully
    C:\ProgramData\TEMP => ":AEDDFE23" ADS removed successfully
    C:\ProgramData\TEMP => ":B0A67943" ADS removed successfully
    C:\ProgramData\TEMP => ":B1EDBD67" ADS removed successfully
    C:\ProgramData\TEMP => ":B27CA08B" ADS removed successfully
    C:\ProgramData\TEMP => ":B7A994C9" ADS removed successfully
    C:\ProgramData\TEMP => ":B96A1D83" ADS removed successfully
    C:\ProgramData\TEMP => ":C9B27A06" ADS removed successfully
    C:\ProgramData\TEMP => ":CE52F783" ADS removed successfully
    C:\ProgramData\TEMP => ":CE707633" ADS removed successfully
    C:\ProgramData\TEMP => ":D24FB777" ADS removed successfully
    C:\ProgramData\TEMP => ":D73BDA53" ADS removed successfully
    C:\ProgramData\TEMP => ":D92A5893" ADS removed successfully
    C:\ProgramData\TEMP => ":D9FA218A" ADS removed successfully
    C:\ProgramData\TEMP => ":DA74D1D9" ADS removed successfully
    C:\ProgramData\TEMP => ":DB08C746" ADS removed successfully
    C:\ProgramData\TEMP => ":DCA79AB3" ADS removed successfully
    C:\ProgramData\TEMP => ":DCACED86" ADS removed successfully
    C:\ProgramData\TEMP => ":E14735EC" ADS removed successfully
    C:\ProgramData\TEMP => ":E1AEA10E" ADS removed successfully
    C:\ProgramData\TEMP => ":E4A5D2FF" ADS removed successfully
    C:\ProgramData\TEMP => ":E5468884" ADS removed successfully
    C:\ProgramData\TEMP => ":E817BB3F" ADS removed successfully
    C:\ProgramData\TEMP => ":E9900C74" ADS removed successfully
    C:\ProgramData\TEMP => ":ECFD9449" ADS removed successfully
    C:\ProgramData\TEMP => ":EE184D3F" ADS removed successfully
    C:\ProgramData\TEMP => ":EFDEF3ED" ADS removed successfully
    C:\ProgramData\TEMP => ":F123F8B9" ADS removed successfully
    C:\ProgramData\TEMP => ":F3E9197A" ADS removed successfully
    C:\ProgramData\TEMP => ":F549B434" ADS removed successfully
    C:\ProgramData\TEMP => ":F5E30F6A" ADS removed successfully
    C:\ProgramData\TEMP => ":F5FDEE91" ADS removed successfully
    C:\ProgramData\TEMP => ":F65EE2A5" ADS removed successfully
    C:\ProgramData\TEMP => ":F9411724" ADS removed successfully
    C:\ProgramData\TEMP => ":F9580DBB" ADS removed successfully
    C:\ProgramData\TEMP => ":F9E46E4C" ADS removed successfully
    C:\ProgramData\TEMP => ":FE4D2782" ADS removed successfully
    C:\ProgramData\TEMP => ":FF914CC6" ADS removed successfully

    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.



    ========= End of CMD: =========


    ========= netsh int ip reset resetlog.txt =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.



    ========= End of CMD: =========


    ========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

    The operation completed successfully.


    ========= End of Reg: =========

    C:\Firewall.reg => moved successfully

    ========= netsh advfirewall reset =========

    Ok.



    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state ON =========

    Ok.



    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright Microsoft Corp.

    {8C7D7341-3D47-4F7A-B11F-01734C1B1121} canceled.
    {169AC956-7A8E-45C1-8E8A-7E0A40D494E7} canceled.
    {34401571-A322-4285-86EF-B4069D249AF6} canceled.
    3 out of 3 jobs canceled.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========


    ========= RemoveProxy: =========

    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
    "HKU\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


    ========= End of RemoveProxy: =========

    Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

    ========= sfc /scannow =========


    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.

    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.

    Windows Resource Protection found corrupt files and successfully repaired them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.


    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.26100.8521

    Image Version: 10.0.26200.8655

    The component store is repairable.
    The operation completed successfully.


    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    FlushDNS => completed
    BITS transfer queue => 1310720 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63090488 B
    Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
    Windows/system/drivers => 670032400 B
    Edge => 4451000 B
    Chrome => 0 B
    Firefox => 1392775184 B
    Opera => 0 B

    Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 3766 B
    systemprofile32 => 0 B
    LocalService => 357202 B
    NetworkService => 12870 B
    Mariah => 2644944 B

    RecycleBin => 582630 B
    EmptyTemp: => 2 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-06-2026 13:50:38)

    C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
    Hosts restored successfully.

    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
    HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected

    ==== End of Fixlog 13:50:40 ====
     
    Chaos Annihilator, Jun 10, 2026
    #6
  7. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for the information.

    Please do this.

    ===================================================

    DISM RestoreHealth from Administrator Command Prompt

    --------------------
    • Press the Windows Key, type cmd, then select Run as administrator
    • Copy and paste DISM /Online /Cleanup-Image /RestoreHealth after the command prompt then hit Enter
    • When completed report whether the process was successful or an error occurred
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Results?
     
    Oh My!, Jun 10, 2026
    #7
  8. Chaos Annihilator

    Chaos Annihilator Private First Class

    It says it completed successfully.
     
    Chaos Annihilator, Jun 10, 2026
    #8
  9. Oh My!

    Oh My! Malware Expert Staff Member

    Great.

    Are you still experiencing the URL behavior you described in your post?
     
    Oh My!, Jun 11, 2026 at 9:06 AM
    #9
  10. Chaos Annihilator

    Chaos Annihilator Private First Class

    No, not yet anyway. What do you think caused it?
     
    Chaos Annihilator, Jun 11, 2026 at 11:27 AM
    #10
  11. Oh My!

    Oh My! Malware Expert Staff Member

    There is historical Internet related information stored on computers which is intended to speed up or assist successful navigation. Sometimes malicious entries make their way into the stored information. We reset several of the common locations where this type of information is held and it appears that was what has eliminated the rogue URL address. I can't tell you which of the areas it was.
     
    Oh My!, Jun 11, 2026 at 4:11 PM
    #11
  12. Chaos Annihilator

    Chaos Annihilator Private First Class

    Weird. How do malicious entries end up stored? For the past week I have been unable to complete my weekly Avast full system scan, it always says there were files it was unable to check for malware. Could there be something else going on too? Avast has been glitchy again, so I was planning to uninstall and reinstall it. Now I wonder if it is not a glitch and something stopping it from scanning...
    I'll run a malwarebytes scan now and see what happens.
     
    Chaos Annihilator, Jun 12, 2026 at 10:48 AM
    #12
  13. Chaos Annihilator

    Chaos Annihilator Private First Class

    Malwarebytes did not find anything. Shall I go ahead and uninstall Avast, or do you want to see any logs or anything with Avast first?
     
    Chaos Annihilator, Jun 12, 2026 at 12:00 PM
    #13
  14. Chaos Annihilator

    Chaos Annihilator Private First Class

    Instead of uninstalling Avast, I repaired it, removed all exceptions, put it in passive mode, and ran a full Windows scan. It didn't find anything. I'll try a full Avast again now and see what happens.
     
    Chaos Annihilator, Jun 13, 2026 at 11:37 AM
    #14
  15. Chaos Annihilator

    Chaos Annihilator Private First Class

    Avast is not really working, it's just a black screen. I'm going to use Revo Uninstaller to uninstall it, reinstall it fresh, and see if a scan can finish then.
     
    Chaos Annihilator, Jun 13, 2026 at 1:13 PM
    #15
  16. Oh My!

    Oh My! Malware Expert Staff Member

    Revo does not fully uninstall Avast. If you run into problems let me know and I will assist you.
     
    Oh My!, Jun 13, 2026 at 6:05 PM
    #16
  17. Chaos Annihilator

    Chaos Annihilator Private First Class

    Oh, I didn't know that, thanks. I'm not sure if I've run into problems yet or not, I uninstalled it as stated above, and got a new Avast free download from Major Geeks. I did a full scan, and it seemed to be working better, but when it finished it still said it was unable to scan some files, but the files it scanned did not have malware (like the previous version was saying).

    I checked the settings (since I forgot to, after uninstalling and reinstalling) and I did not have it set to scan all files like I usually do. I'll change the settings and run another full scan tonight. Though it seems that it would not say it was "unable" to scan some files if it was because of the settings that were selected...

    I also found a setting to make Avast generate a log, maybe I'll be able to tell what is stopping it from finishing there.

    Thanks!
     
    Chaos Annihilator, Jun 13, 2026 at 9:47 PM
    #17
  18. Oh My!

    Oh My! Malware Expert Staff Member

    Sounds good.
     
    Oh My!, Jun 14, 2026 at 9:55 AM
    #18
  19. Chaos Annihilator

    Chaos Annihilator Private First Class

    Good morning!
    I guess I'm done trying to be smart and could use some help. The Avast full scan last night had the same problem. I looked at the log, and it seems there some things locked by another process. I'm afraid something malicious is hiding somewhere. I still have not had the ww17 thing happen again, and have not noticed any issues with my computer lately. On Wednesday and Thursday my computer seemed pretty slow, and there were some items in my task manager that I did not recognize (but I don't recognize a lot, and they would go away before I could look them up). But on Friday and Saturday I didn't really notice any issues with how my computer was working.
    Avast is having the same problem on our other computer.

    Here's what the Avast log says. What do you think I should do next?

    *
    * Avast Scan Report
    * This file is generated automatically
    *
    * Scan name: Full Virus Scan
    * Started on: Sunday, June 14, 2026 2:07:29 AM
    * VPS: 260613-6, 6/13/2026
    *

    C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db [E] The process cannot access the file because another process has locked a portion of the file (33)
    Infected files: 0
    Total files: 1931679
    Total folders: 130568
    Total size: 362.4 GB

    *
    * Scan stopped: Sunday, June 14, 2026 6:06:19 AM
    * Run-time was 3 hour(s), 58 minute(s), 50 second(s)
    *
     
    Chaos Annihilator, Jun 14, 2026 at 11:39 AM
    #19
  20. Oh My!

    Oh My! Malware Expert Staff Member

    I don't think it is of concern but let's see if we can get some information by completing the below.

    ===================================================

    Farbar Recovery Scan Tool - Run Fix Using Attached File

    --------------------
    • Download the attached file and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
    • Right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot
    • The tool will create a log on the desktop called Fixlog.txt
    • Copy and paste the contents of the report in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     

    Attached Files:

    Oh My!, Jun 14, 2026 at 3:58 PM
    #20
  21. Chaos Annihilator

    Chaos Annihilator Private First Class

    Thanks for your help. The log follows, the fix took less than a second to complete, I hope it did what it was supposed to.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-06-2026
    Ran by Mariah (14-06-2026 15:27:52) Run:2
    Running from C:\Users\Mariah\Desktop
    Loaded Profiles: Mariah
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    $lockedFile = "C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db"
    Get-Process | ForEach-Object {
    $proc = $_
    try {
    $proc.Modules | Where-Object { $_.FileName -eq $lockedFile } | ForEach-Object {
    [PSCustomObject]@{
    ProcessName = $proc.Name
    PID = $proc.Id
    FileLocked = $_.FileName
    }
    }
    } catch {}
    }
    *****************

    $lockedFile = "C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db" => Error: No automatic fix found for this entry.
    Get-Process | ForEach-Object { => Error: No automatic fix found for this entry.
    $proc = $_ => Error: No automatic fix found for this entry.
    try { => Error: No automatic fix found for this entry.
    $proc.Modules | Where-Object { $_.FileName -eq $lockedFile } | ForEach-Object { => Error: No automatic fix found for this entry.
    [PSCustomObject]@{ => Error: No automatic fix found for this entry.
    ProcessName = $proc.Name => Error: No automatic fix found for this entry.
    PID = $proc.Id => Error: No automatic fix found for this entry.
    FileLocked = $_.FileName => Error: No automatic fix found for this entry.
    } => Error: No automatic fix found for this entry.
    } => Error: No automatic fix found for this entry.
    } catch {} => Error: No automatic fix found for this entry.
    } => Error: No automatic fix found for this entry.

    ==== End of Fixlog 15:27:52 ====
     
    Chaos Annihilator, Jun 14, 2026 at 4:34 PM
    #21
  22. Oh My!

    Oh My! Malware Expert Staff Member

    Delete any Fixlist.txt that may still exist and download a new copy from Post #20.
     
    Oh My!, Jun 14, 2026 at 5:44 PM
    #22
  23. Chaos Annihilator

    Chaos Annihilator Private First Class

    This time it seemed to work better, but my computer did not reboot.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-06-2026
    Ran by Mariah (14-06-2026 17:30:13) Run:3
    Running from C:\Users\Mariah\Desktop
    Loaded Profiles: Mariah
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    StartPowershell:
    $lockedFile = "C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db"
    Get-Process | ForEach-Object {
    $proc = $_
    try {
    $proc.Modules | Where-Object { $_.FileName -eq $lockedFile } | ForEach-Object {
    [PSCustomObject]@{
    ProcessName = $proc.Name
    PID = $proc.Id
    FileLocked = $_.FileName
    }
    }
    } catch {}
    }
    EndPowershell:
    *****************


    ========= Powershell: =========


    ========= End of Powershell: =========


    ==== End of Fixlog 17:30:35 ====
     
    Chaos Annihilator, Jun 14, 2026 at 6:32 PM
    #23
  24. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for trying that.

    The result does not list what may be locking the file.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool - Run Fix in Safe Mode With Attached Fixlist

    --------------------

    • Download the attached file and save it in the same location as FRST64 (Desktop, Downloads folder, etc.) <<< Important
    • Click Start, type Startup, then select Change advanced startup options
    • Under Recovery options and to the right of Advanced startup click Restart now
    • Select Troubleshoot
    • Select Advanced Options
    • Select Startup Settings
    • Select Restart
    • Press 4 to select Safe Mode and allow the computer to boot up
    • Right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot into Normal Boot
    • The tool will create a log in the same location as FRST64 called Fixlog.txt
    • Copy and paste the contents of the report in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     

    Attached Files:

    Oh My!, Jun 14, 2026 at 8:08 PM
    #24
  25. Chaos Annihilator

    Chaos Annihilator Private First Class

    Here is the log. If it says what locked the file, I can't see it - let me know if you do. At least it seems like it unlocked it. Thanks!

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-06-2026
    Ran by Mariah (14-06-2026 22:40:48) Run:4
    Running from C:\Users\Mariah\Desktop
    Loaded Profiles: Mariah
    Boot Mode: Safe Mode (minimal)
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    Unlock: C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db
    C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache

    *****************

    Processes closed successfully.
    "C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db" => was unlocked

    "C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache" Folder move:

    C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache => moved successfully


    The system needed a reboot.

    ==== End of Fixlog 22:40:49 ====
     
    Chaos Annihilator, Jun 15, 2026 at 1:11 AM
    #25
  26. Oh My!

    Oh My! Malware Expert Staff Member

    Rather than try to identify what was locking the file the last Fixlist was designed to unlock it and allow FRST to delete it. It was a cached file and thus was not needed.

    Run an Avast scan and see what happens now.
     
    Oh My!, Jun 15, 2026 at 9:39 AM
    #26
  27. Chaos Annihilator

    Chaos Annihilator Private First Class

    I ran another full avast scan, and the same thing happens with the same file.

    * Avast Scan Report
    * This file is generated automatically
    *
    * Scan name: Full Virus Scan
    * Started on: Monday, June 15, 2026 1:38:42 AM
    * VPS: 260614-4, 6/14/2026
    *

    C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache.db [E] The process cannot access the file because another process has locked a portion of the file (33)
    Infected files: 0
    Total files: 1927369
    Total folders: 130678
    Total size: 358.4 GB

    *
    * Scan stopped: Monday, June 15, 2026 5:37:54 AM
    * Run-time was 3 hour(s), 59 minute(s), 12 second(s)
    *
     
    Chaos Annihilator, Jun 15, 2026 at 11:18 AM
    #27
  28. Chaos Annihilator

    Chaos Annihilator Private First Class

    Since it's just a cache file, should I try tracking it down myself and deleting it?
     
    Chaos Annihilator, Jun 15, 2026 at 4:57 PM
    #28
  29. Oh My!

    Oh My! Malware Expert Staff Member

    The Fixlist worked properly, however I believe the file being identified by Avast is recreated upon reboot which is also recreating the locking situation. I don't believe the file is of concern but we will follow up on it to try to get a definitive answer.

    Please do this.

    ===================================================

    Lock Hunter by Crystal Rich Ltd

    --------------------
    • Navigate to Lock Hunter, click Download now! and save the file onto your Desktop
    • Right click on the lockhuntersetup icon and select Run as administrator
    • Click Next, then Finish
    • Press the Windows Key + E at the same time to open File Explorer
    • Navigate to the following file (Note: if you do not see an AppData folder see Use File Explorer to Access Windows 11's AppData Folder)
    Code:
    C:\Users\Mariah\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\EBWebView\GPUPersistentCache\DawnGraphiteCache\QFRPRRKRKWZNTFMPUJZIPW2HOZ5QE2WL\cache
    • Right click on the cache.db file and select What's locking this file?
    • Click the down arrow to the left of msedgewebview2.exe to expand the category (if it is something different stop and let me know)
    • Confirm the above file is listed
    • Right click on msedgewebview2.exe, select Terminate Selected Process, click Yes, then the files below will disappear
    • Close the LockHunter window
    • In the File Explorer window right click on cache then select Scan seleced items for viruses (or other Avast option)
    • Report the results in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Results?
     
    Oh My!, Jun 15, 2026 at 5:07 PM
    #29
  30. Chaos Annihilator

    Chaos Annihilator Private First Class

    Sorry, I got confused. I downloaded Lock Hunter, clicked Next, Finish, got the confirmation that it was downloaded on my computer, but I cannot find it. I only have the set up on my desktop still.

    I used file explorer and navigated to the cache file.

    I don't know what to do next. "Click the down arrow to the left of msedgewebview2.exe" I can't find any of this. I don't know what category I'm expanding. Is this in file explorer? Is this after I open the cache file? Or does it have to do with Lock Hunter?

    Lock Hunter downloaded somewhere that I can't find, and it did not open. I have a screenshot of where I ended up in file explorer.

    Please help! Thanks!
     

    Attached Files:

    Chaos Annihilator, Jun 15, 2026 at 7:20 PM
    #30
  31. Oh My!

    Oh My! Malware Expert Staff Member

    My apologies for causing you frustration. I left out the most important step! I just added the below to the instructions.

    Right click on the cache.db file and select What's locking this file?
     
    Oh My!, Jun 15, 2026 at 8:05 PM
    #31
  32. Chaos Annihilator

    Chaos Annihilator Private First Class

    That's fine. Thanks!

    Under msedgewebview2.exe both cache.db and cache.db-wal were listed. I figured this didn't matter much, and went ahead with the instructions. LockHunter said "Cannot terminate one of the listed processes! Probably it is a system process so you should not kill it". I tried terminating again, and it said it was successful.

    I scanned cache.db with avast, and it said it's usual thing: it was unable to scan all files, but there was no malware in the files it scanned.

    But it was trying to scan one file, so could it scan it or not?
     
    Chaos Annihilator, Jun 15, 2026 at 10:09 PM
    #32
  33. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for your understanding.

    If you right click on the file do you have the option to scan with Microsoft Defender?
     
    Oh My!, Jun 15, 2026 at 10:25 PM
    #33
  34. Chaos Annihilator

    Chaos Annihilator Private First Class

    I had the option to scan with Malwarebytes, and it didn't find anything. I put Avast in passive mode and then had the option to scan it with Microsoft Defender. It did not find anything either. Neither mentioned being unable to scan it.

    If we terminated the file (to the extent that Lock Hunter was afraid I would permanently kill it) why is it still here?

    This is probably a stupid question, but could I just send the file to the recycle bin if I don't need it anyway?

    Thanks for your help!
     
    Chaos Annihilator, Jun 16, 2026 at 2:39 AM
    #34
  35. Oh My!

    Oh My! Malware Expert Staff Member

    I am still doing some testing on my end.
     
    Oh My!, Jun 16, 2026 at 4:49 PM
    #35
  36. Chaos Annihilator

    Chaos Annihilator Private First Class

    Okay, I'll wait. Thanks!
     
    Chaos Annihilator, Jun 16, 2026 at 5:58 PM
    #36
  37. Oh My!

    Oh My! Malware Expert Staff Member

    I really appreciate your patience and willingness to try to get to the bottom of things

    My testing revealed something I did not expect. The real file lock culprit appears to be related to your video drivers. Never would have guessed.

    Although I have formulated a plan to continue troubleshooting, I have decided we should first completely uninstall then reinstall Avast. I have this nagging feeling that if that particular locked file was really an issue I would have seen the same symptoms before with other topics. I have not, so that makes me suspect a corruption within Avast might be the issue. We should resolve this question before going through the other steps.

    Please do this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Right click on RevoUPort and select Run as administrator
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Avast Free Antivirus
    • If the program's uninstaller appears, work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Copy and paste the following in the Search: box
    Code:
    SearchAll: Avast, "Gen Digital"
    • Click the Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Please zip and upload the file to GoFile or the file hosting site of your choice and post the download link in your reply
    ===================================================

    Things I would like to see in your next reply.
    • Avast uninstalled?
    • Download link
     
    Oh My!, Jun 16, 2026 at 8:04 PM
    #37
  38. Chaos Annihilator

    Chaos Annihilator Private First Class

    I appreciate all the time and effort you put into helping me get to the bottom of things! I still don't understand what's going on a lot of the time, but I have learned quite a bit since I started seeking your help.

    I uninstalled Avast successfully, and then ran the search. The search took over an hour, but then left me with an unusually short log. I remember you helping me completely uninstall Avast this way before, and the log was huge. I wonder if something's wrong? Since it's short, I'm just going to paste it. Let me know if you need me to do something else. Thanks!

    Farbar Recovery Scan Tool (x64) Version: 16-06-2026
    Ran by Mariah (16-06-2026 23:47:37)
    Running from C:\Users\Mariah\Desktop
    Boot Mode: Normal

    ================== Search Files: "SearchAll: Avast, "Gen Digital"" =============

    File:
    ========

    Folder:
    ========

    Registry:
    ========


    ====== End of Search ======
     
    Chaos Annihilator, Jun 17, 2026 at 2:36 AM
    #38

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds