Issue with Cmd Opening/Closing & Microsoft Edge Launching Random Videos - Win10 Home 64-bit

Hello. I've seen a lot of threads like this and they all gave FRST logs. Cmd (black frame) turns itself on and off for half a second every several minutes.

Moreover, I use Microsoft Edge to open websites. Regardless of whether I have this browser open or closed (even in the task manager I check if everything is closed) Edge opens itself in the form of a random video with music (about once an hour - once in a while). It is impossible to locate this video precisely to turn it off with the mouse. Sometimes a tiny window on the desktop pops up, something like: "open tab" and flashing fast as if something was infected with a virus. Only with task manager everything disappears. Overall, I doubt it's a virus problem. I've messed with the browser settings, set it to not open anything, to no avail. The same in the control panel in installed programs. When I wanted to uninstall all this Edge it's only a change and fix option. Same.

Windows 10 Home, 64 bit

I am sending logs from FRST and I am asking for help/advice.

You have a different infection than the others writing in this section, your cmd window is just a side effect.

Uninstall: RAV Endpoint Protection

What's going on in device manager?

Name: PCI serial port
Description: PCI serial port
class guide:
manufacturer:
service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB device (port reset failed)
Description: Unknown USB device (port reset failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB host controller)
service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Install the first, in the second check if the ID is displayed at all, if not, disconnect this device from USB, if it's something connected, not integrated on the board.

Do a scan with mbam and adwclaener and delete what it detects.

In Edge settings, remove all these notifications from websites:
Edge Notifications: Default -> hxxps://adsforcomputerweb.com; hxxps://advertisingvt.com; hxxps://advfandom.com; hxxps://hutters.click; hxxps://moonst.click; hxxps://open.flintguard.top; hxxps://phenotypebest.com; hxxps://regadsacademy.com; hxxps://secure-access-5c9d417lpqna0abe.fbmsg.xyz; hxxps://www1.davisonbarker.pro; hxxps://www10.davisonbarker.pro; hxxps://www10.lowrihouston.pro; hxxps://www10.nathanaeldan.pro; hxxps://www100.davisonbarker.pro; hxxps://www12.davisonbarker.pro; hxxps://www13.davisonbarker.pro; hxxps://www13.lowrihouston.pro; hxxps://www16.davisonbarker.pro; hxxps://www16.lowrihouston.pro; hxxps://www17.davisonbarker.pro; hxxps://www18.davisonbarker.pro; hxxps://www18.lowrihouston.pro; hxxps://www19.davisonbarker.pro; hxxps://www2.davisonbarker.pro; hxxps://www2.freddyoctavio.pro; hxxps://www20.davisonbarker.pro; e.t.c.

Execute Fixlist.txt for FRST:
CloseProcesses:
(APTX Software -> ) [No Digital Signature] C:\Users\PC\AppData\Roaming\YSPX\v3-21\WDCloud.exe
(C:\Users\PC\AppData\Roaming\YSPX\v3-21\WDCloud.exe ->) () [No Digital Signature] C:\Users\PC\AppData\Local\Temp\onefile_6100_133168672325550458\WDCloud.exe
HKU\S-1-5-21-3342968509-3042445664-2913172935-1001\...\Run: [Microsoft Edge Update] => C:\Users\PC\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\ MicrosoftEdgeUpdateCore.exe [253888 2022-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3342968509-3042445664-2913172935-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3342968509-3042445664-2913172935-1001\...\MountPoints2: {bc67271b-f78b-11ec-9a85-7071bc3c74e3} - "E:\autorun.exe"
Task: {02F56EA5-17A7-4A1C-9A58-34A268D8499D} - System32\Tasks\Cleaner => G:\New Folder\Clean\Cleaner\Cleaner.exe [1069056 2017-01-18] (FranmoSoftware) [No digital signature]
Task: {2ECA22D5-CF6D-4EE8-9FB7-4DC251EA83D1} - System32\Tasks\VSPXService => C:\Users\PC\AppData\Roaming\YSPX\v3-21\rhc.exe [1536 2022-11-06] ( ) [No digital signature]
Task: {647CA46E-4EC4-4866-BCED-B271FD30CAD7} - System32\Tasks\VSPXService_LG => C:\Users\PC\AppData\Roaming\YSPX\v3-21\WDCloud.exe [66984712 2022-12-12] (APTX Software -> ) [Brak podpisu cyfrowego]
Task: {B1A35DFD-66B6-4526-834E-BB2613D8126A} - System32\Tasks\APTXService => C:\Users\PC\AppData\Local\WAAM\v2519\rhc.exe [1536 2022-11-20] () [Brak podpisu cyfrowego]
Task: {B24B1A59-826E-4E6A-9BD4-3A9B2588A91F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform)
Task: {C1A710DC-0883-4CB5-AEAD-E7EBB17AC2C1} - System32\Tasks\WD Start Service => C:\Users\PC\AppData\Roaming\Packages\TS.exe [25190784 2022-12-28] (APTX Software -> ) [Brak podpisu cyfrowego]
Task: {C6D1551C-B130-40A4-B675-0D267557909E} - System32\Tasks\WDDiscovery Service => C:\Users\PC\AppData\Roaming\UPDX\v3-5\WDDiscovery.exe [844664 2013-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {C85424DA-E326-4C45-BDDC-5AD7DAAB0E97} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9215d82e-a478-4dd7-9eac-dae68153e835" --version "6.07.10191" --silent
Task: {D3D4B5E4-B0F7-49B6-AE45-7B33B4CADDFA} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php
Task: {D3D4B5E4-B0F7-49B6-AE45-7B33B4CADDFA} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php
Task: {D82F6C40-4BB3-4119-8E6E-FE92F8AE90FB} - System32\Tasks\WD Elusion Service => C:\Users\PC\AppData\Local\WAAM\v2519\WDElua.exe [351616 2022-12-28] (APTX Software -> ) [Brak podpisu cyfrowego]
Task: {F147CBC2-DCC1-4540-B560-CD1D9587CFFA} - System32\Tasks\CCleanerSkipUAC - PC => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Edge Notifications: Default -> hxxps://adsforcomputerweb.com; hxxps://advertisingvt.com; hxxps://advfandom.com; hxxps://hutters.click; hxxps://moonst.click; hxxps://open.flintguard.top; hxxps://phenotypebest.com; hxxps://regadsacademy.com; hxxps://secure-access-5c9d417lpqna0abe.fbmsg.xyz; hxxps://www1.davisonbarker.pro; hxxps://www10.davisonbarker.pro; hxxps://www10.lowrihouston.pro; hxxps://www10.nathanaeldan.pro; hxxps://www100.davisonbarker.pro; hxxps://www12.davisonbarker.pro; hxxps://www13.davisonbarker.pro; hxxps://www13.lowrihouston.pro; hxxps://www16.davisonbarker.pro; hxxps://www16.lowrihouston.pro; hxxps://www17.davisonbarker.pro; hxxps://www18.davisonbarker.pro; hxxps://www18.lowrihouston.pro; hxxps://www19.davisonbarker.pro; hxxps://www2.davisonbarker.pro; hxxps://www2.freddyoctavio.pro; hxxps://www20.davisonbarker.pro; hxxps://www20.lowrihouston.pro; hxxps://www20.nathanaeldan.pro; hxxps://www21.davisonbarker.pro; hxxps://www22.davisonbarker.pro; hxxps://www22.lowrihouston.pro; hxxps://www22.nathanaeldan.pro; hxxps://www24.davisonbarker.pro; hxxps://www24.nathanaeldan.pro; hxxps://www25.davisonbarker.pro; hxxps://www25.nathanaeldan.pro; hxxps://www27.davisonbarker.pro; hxxps://www28.davisonbarker.pro; hxxps://www29.davisonbarker.pro; hxxps://www3.davisonbarker.pro; hxxps://www30.davisonbarker.pro; hxxps://www33.davisonbarker.pro; hxxps://www34.davisonbarker.pro; hxxps://www35.davisonbarker.pro; hxxps://www36.freddyoctavio.pro; hxxps://www37.davisonbarker.pro; hxxps://www38.davisonbarker.pro; hxxps://www39.davisonbarker.pro; hxxps://www4.davisonbarker.pro; hxxps://www40.davisonbarker.pro; hxxps://www40.nathanaeldan.pro; hxxps://www41.davisonbarker.pro; hxxps://www41.nathanaeldan.pro; hxxps://www42.lowrihouston.pro; hxxps://www43.davisonbarker.pro; hxxps://www44.davisonbarker.pro; hxxps://www44.lowrihouston.pro; hxxps://www45.davisonbarker.pro; hxxps://www46.lowrihouston.pro; hxxps://www47.davisonbarker.pro; hxxps://www48.davisonbarker.pro; hxxps://www49.davisonbarker.pro; hxxps://www5.davisonbarker.pro; hxxps://www5.lowrihouston.pro; hxxps://www51.davisonbarker.pro; hxxps://www52.davisonbarker.pro; hxxps://www52.lowrihouston.pro; hxxps://www53.nathanaeldan.pro; hxxps://www54.davisonbarker.pro; hxxps://www54.lowrihouston.pro; hxxps://www55.davisonbarker.pro; hxxps://www56.davisonbarker.pro; hxxps://www58.davisonbarker.pro; hxxps://www59.davisonbarker.pro; hxxps://www60.davisonbarker.pro; hxxps://www62.davisonbarker.pro; hxxps://www63.davisonbarker.pro; hxxps://www65.davisonbarker.pro; hxxps://www67.davisonbarker.pro; hxxps://www69.davisonbarker.pro; hxxps://www69.lowrihouston.pro; hxxps://www7.davisonbarker.pro; hxxps://www70.davisonbarker.pro; hxxps://www71.davisonbarker.pro; hxxps://www72.davisonbarker.pro; hxxps://www72.lowrihouston.pro; hxxps://www72.nathanaeldan.pro; hxxps://www73.davisonbarker.pro; hxxps://www73.lowrihouston.pro; hxxps://www74.davisonbarker.pro; hxxps://www75.nathanaeldan.pro; hxxps://www76.davisonbarker.pro; hxxps://www77.davisonbarker.pro; hxxps://www77.nathanaeldan.pro; hxxps://www78.davisonbarker.pro; hxxps://www79.davisonbarker.pro; hxxps://www80.davisonbarker.pro; hxxps://www80.freddyoctavio.pro; hxxps://www81.davisonbarker.pro; hxxps://www82.davisonbarker.pro; hxxps://www83.davisonbarker.pro; hxxps://www83.lowrihouston.pro; hxxps://www84.davisonbarker.pro; hxxps://www85.davisonbarker.pro; hxxps://www87.davisonbarker.pro; hxxps://www88.davisonbarker.pro; hxxps://www89.davisonbarker.pro; hxxps://www89.lowrihouston.pro; hxxps://www9.davisonbarker.pro; hxxps://www91.davisonbarker.pro; hxxps://www92.davisonbarker.pro; hxxps://www93.davisonbarker.pro; hxxps://www94.davisonbarker.pro; hxxps://www94.lowrihouston.pro; hxxps://www95.davisonbarker.pro; hxxps://www95.lowrihouston.pro; hxxps://www96.davisonbarker.pro; hxxps://www97.davisonbarker.pro; hxxps://www98.davisonbarker.pro; hxxps://www99.davisonbarker.pro; hxxps://www99.lowrihouston.pro
S3 rsSyncSvc; C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe [578808 2022-07-31] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
2022-12-29 22:43 - 2022-12-30 08:42 - 000003824 _____ C:\Windows\system32\Tasks\VSPXService
2022-12-29 22:43 - 2022-12-29 22:43 - 000003346 _____ C:\Windows\system32\Tasks\VSPXService_LG
2022-12-29 22:43 - 2022-12-29 22:43 - 000000000 ____D C:\Users\PC\AppData\Roaming\YSPX
2022-12-28 23:42 - 2022-12-29 13:05 - 000004262 _____ C:\Windows\system32\Tasks\WD Elusion Service
2022-12-28 22:50 - 2022-12-30 10:42 - 000004030 _____ C:\Windows\system32\Tasks\WDDiscovery Service
2022-12-28 22:50 - 2022-12-28 22:50 - 000000000 ____D C:\Users\PC\AppData\Roaming\UPDX
2022-12-28 22:42 - 2022-12-30 08:42 - 000003812 _____ C:\Windows\system32\Tasks\APTXService
2022-12-28 22:42 - 2022-12-28 22:42 - 000003780 _____ C:\Windows\system32\Tasks\APTXService_LG
2022-12-28 22:41 - 2022-12-28 22:41 - 000004032 _____ C:\Windows\system32\Tasks\WD Start Service
2022-12-28 22:41 - 2022-12-28 22:41 - 000000000 ____D C:\Users\PC\AppData\Roaming\Packages
2022-12-28 22:41 - 2022-12-28 22:41 - 000000000 ____D C:\Users\PC\AppData\Local\WAAM
2022-12-28 22:41 - 2022-12-28 22:41 - 000000000 ____D C:\ProgramData\Western Digital
EmptyTemp:

I click uninstall RAV Endpoint Protection and after about 85% the window suddenly turns off.

When this invisible video shows up with Edge it opens with 15-16 Microsoft Edge in task manager. I have to close all this to make this random video disappear. Whenever I use Edge, there are 6-7 of these Microsoft Edge in the manager.

[First install, in the second check if the ID is displayed at all
Do a scan with mbam and adwcleaner and delete what it detects.] - I'll do it in 1-2 days. I need some time.

In Edge settings, I just removed all notifications that were there under the tab: 'allow'

I created fixlist.txt. What's more, I did the FRST fix, after which the computer restarted. Will see if anything happens now. If the problem comes back, I'll do what I haven't done yet and let you know what happens next. Thank you.

You can add to Fixlist.txt also:
C:\Program Files\RAVAAntivirus\

This will remove the RAV.

Hello, I am experiencing the same problem but instead of any of that, I believe it's a virus.
In "C:UsersuserAppDataLocalWAAMv2519", there is a virus hidden itself as "PHP.exe" and "rhc.exe" or anything in the folder is virus-related, and before it all happened, I had a random video playing on my Chrome, and it has foreign language I could not understand.
And so I tried to find the video player in AppData Roaming, and I found something I haven't installed called "AviraAntivirus," and I deleted it. The video player stopped for a while but came back, and I looked at AppData again and saw AviraBackup and ASUSBackup (Even though I have Lenovo). And I saw AviraAntivirus again along with the other folders. I ran an antivirus scanner and deleted them, and something came back, but it was different. It was called "WAAM," and whatever I try to delete it, it keeps coming back. I tried to delete it autoruns. It comes back.
So how do I fix it?