Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

CPU, Disk and Memory all hitting 100% in the task manager [Solved]

Started by d.brack , Oct 01 2024 02:06 PM

This topic is locked

#1
d.brack

Posted 01 October 2024 - 02:06 PM

Member

Member
57 posts

I had this puter put together from one of mine and one of the guy's at the local computer shop. I then gave it to my teenage grandson who promptly messed it up. It should have plenty of power but I can't even watch Amazon on it. BTW, when I do check the task manager, if the the disk says it's using 100% but looking down through what's running, there's is nothing!!! Certainly not 100%! Thanks so much for taking a peek.

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by Dee Skelley (administrator) on ORIGINALWIN10 (01-10-2024 15:32:11)
Running from C:\Users\Dee Skelley\Desktop\FRST64.exe
Loaded Profiles: Dee Skelley
Platform: Microsoft Windows 10 Home Version 22H2 19045.4957 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\mip.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0368456.inf_amd64_fc65705fd5034968\B367348\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RZSurroundHelper] => C:\Windows\system32\RZSurroundHelper.exe (No File)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427304 2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\Run: [MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3794984 2024-09-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe --application-host=apps.razer.com --start-hidden --no-sandbox --disable-gpu --disable-background-timer-throttling --disable-extensions --new-window (the data entry has 232 more characters). (No File)
HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\129.0.6668.60\Installer\chrmstp.exe [2024-09-26] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33B7B7C9-3CD0-458A-B401-727EB5B130EF} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EE42A4BD-E4D8-4276-B7D3-C57B9A7DBAA5} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5200168 2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {F6C67B18-2418-4725-9E16-3B743611C78C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {F6C67B18-2418-4725-9E16-3B743611C78C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {F6C67B18-2418-4725-9E16-3B743611C78C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {F6C67B18-2418-4725-9E16-3B743611C78C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {F6C67B18-2418-4725-9E16-3B743611C78C} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {3755A0CC-2C46-4B7F-93DA-B51230CA8EDF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-12] (Avast Software s.r.o. -> Avast Software)
Task: {ACE7DFD1-1D33-4F06-89BE-1455C4292002} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{46B762EC-BEF6-47D3-B083-AEE0479F82C7} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC -> Google LLC)
Task: {13B69687-8991-4675-9DC6-2416B3C47FA5} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => C:\Windows\system32\clipesu.exe [221680 2024-09-28] (Microsoft Windows -> Microsoft Corporation)
Task: {9984DECB-2584-403A-8353-405534E2F6DB} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D6994431-9110-4FFC-8C13-68CA9EFAD27D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675744 2024-10-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {B48B1455-2B29-4B56-A7E0-85FD4976B0D3} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2958740073-524152327-740456925-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675744 2024-10-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D4649494-23BB-4578-834B-B4160D3B6D43} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-10-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {41683C65-1928-4C50-A838-7AB05494EFA0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DBFED809-9F40-4A00-9E4D-CDDB77C93933} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a067245a-213d-47fd-9be3-53a8d9a6aa68}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a067245a-213d-47fd-9be3-53a8d9a6aa68}: [DhcpDomain] hsd1.pa.comcast.net

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-01]
Edge Extension: (Google Docs Offline) - C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Dee Skelley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-28]

FireFox:
========
FF DefaultProfile: spq8mt6f.default
FF ProfilePath: C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\spq8mt6f.default [2021-11-22]
FF ProfilePath: C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release [2024-10-01]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\[email protected] [2023-08-12]
FF Extension: (Kaspersky Protection) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\[email protected] [2023-07-11]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-15]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Dee Skelley\AppData\Roaming\Mozilla\Firefox\Profiles\vq9r01k8.default-release\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2022-05-23]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default [2024-10-01]
CHR Extension: (Dark Mode) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2023-01-06]
CHR Extension: (Return YouTube Dislike) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dee Skelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7252264 2024-09-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [774440 2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2315048 2024-09-28] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1220904 2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-11-23] (Avast Software s.r.o. -> AVAST Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2022-10-28] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [20528 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [229944 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [381520 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [293968 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [84424 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [27744 2024-09-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [28752 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [274000 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [549968 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [97848 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [69176 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [950328 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [1200696 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203832 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [53904 2021-10-31] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [306744 2024-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [287744 2022-04-17] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [147968 2022-04-17] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-22] (Microsoft Windows -> Microsoft Corporation)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-10-01 15:32 - 2024-10-01 15:33 - 000017242 _____ C:\Users\Dee Skelley\Desktop\FRST.txt
2024-10-01 15:31 - 2024-10-01 15:32 - 000000000 ____D C:\FRST
2024-10-01 15:29 - 2024-10-01 15:29 - 002397696 _____ (Farbar) C:\Users\Dee Skelley\Desktop\FRST64.exe
2024-10-01 15:12 - 2024-10-01 15:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-28 17:48 - 2024-09-28 17:48 - 000000000 ___HD C:\$WinREAgent
2024-09-28 17:10 - 2024-09-28 17:11 - 000000000 ____D C:\Windows\system32\compatrel
2024-09-28 17:10 - 2024-09-28 17:10 - 000000000 ____D C:\Windows\InboxApps
2024-09-28 15:33 - 2024-09-28 15:33 - 000021724 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-09-28 15:29 - 2024-09-28 15:29 - 000021724 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-09-27 12:48 - 2024-09-27 12:48 - 000000000 ____D C:\Windows\system32\o2
2024-09-26 15:18 - 2024-09-26 15:18 - 000315688 _____ (Gen Digital Inc.) C:\Windows\system32\aswBoot.exe
2024-09-26 15:15 - 2024-09-26 15:15 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-10-01 15:36 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-10-01 15:22 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\ConnectedDevicesPlatform
2024-10-01 15:14 - 2021-11-22 18:55 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-10-01 15:14 - 2021-11-22 18:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-10-01 15:14 - 2021-11-22 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-10-01 15:13 - 2022-03-05 15:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-10-01 15:10 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Packages
2024-10-01 15:10 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-10-01 15:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2024-10-01 15:08 - 2021-07-22 18:32 - 000000000 ____D C:\Program Files (x86)\Steam
2024-10-01 15:07 - 2022-07-31 21:58 - 000000000 ____D C:\Riot Games
2024-10-01 15:07 - 2022-07-31 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-10-01 15:06 - 2022-07-31 23:21 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2024-10-01 15:03 - 2021-07-22 19:50 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\D3DSCache
2024-09-30 16:55 - 2021-07-08 14:38 - 000840954 _____ C:\Windows\system32\PerfStringBackup.INI
2024-09-30 16:55 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2024-09-30 16:51 - 2021-10-31 20:40 - 000000000 ____D C:\ProgramData\Avast Software
2024-09-30 16:51 - 2021-07-08 17:31 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-30 16:51 - 2021-07-08 17:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-09-30 16:50 - 2021-07-08 15:00 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2024-09-30 16:50 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-09-30 16:49 - 2021-07-08 14:49 - 000000000 ____D C:\Users\Dee Skelley
2024-09-30 16:49 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2024-09-30 16:42 - 2022-06-26 14:32 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Oculus
2024-09-30 16:36 - 2021-07-22 18:34 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\Steam
2024-09-30 16:35 - 2021-07-08 17:31 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-09-30 16:18 - 2022-05-01 14:51 - 000001898 _____ C:\Users\Dee Skelley\Desktop\Steam.lnk
2024-09-30 16:12 - 2021-07-08 14:58 - 000000000 ____D C:\Users\Dee Skelley\AppData\Roaming\Microsoft\MMC
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lv-LV
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\lt-LT
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\et-EE
2024-09-30 16:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\es-MX
2024-09-30 15:59 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2024-09-30 15:59 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-09-30 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\LiveKernelReports
2024-09-30 12:53 - 2021-07-25 03:19 - 000000000 ____D C:\Windows\Minidump
2024-09-30 11:59 - 2021-07-08 17:31 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-09-30 11:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2024-09-29 06:01 - 2021-11-23 20:23 - 000000000 ____D C:\Users\Dee Skelley\AppData\Local\AVAST Software
2024-09-29 04:15 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat
2024-09-28 17:27 - 2021-07-08 14:49 - 000000000 ____D C:\ProgramData\Packages
2024-09-28 17:15 - 2021-12-30 17:32 - 000000000 ____D C:\Windows\SystemTemp
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\F12
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Sysprep
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Com
2024-09-28 17:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-09-28 17:10 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellComponents
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\schemas
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\IME
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-09-28 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-09-28 17:10 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing
2024-09-28 15:47 - 2019-12-07 05:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-09-28 15:47 - 2019-12-07 05:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-09-28 15:47 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-09-28 15:47 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-09-28 15:28 - 2021-07-08 17:33 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-09-28 07:56 - 2021-07-08 15:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-28 07:56 - 2021-07-08 15:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-27 13:14 - 2021-07-08 15:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-09-27 13:14 - 2021-07-08 15:03 - 000000000 ____D C:\Windows\system32\MRT
2024-09-27 13:11 - 2021-07-08 15:03 - 199688632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-09-27 12:29 - 2023-10-19 13:02 - 000000000 ____D C:\Program Files\RUXIM
2024-09-26 15:21 - 2021-07-09 10:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-09-26 15:21 - 2021-07-09 10:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-09-26 15:18 - 2022-10-15 09:16 - 000027744 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswElam.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 001200696 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswSP.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000950328 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswSnx.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000549968 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswNetHub.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000381520 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswbidsdriver.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000306744 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswVmm.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000293968 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswbidsh.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000274000 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswMonFlt.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000229944 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswArPot.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000097848 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswRdr2.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000084424 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswbuniv.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000069176 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswRvrt.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000028752 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswKbd.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000020528 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\aswArDisk.sys
2024-09-26 15:18 - 2021-11-23 20:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2024-09-26 15:18 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-09-26 15:16 - 2021-07-08 15:36 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-26 15:16 - 2021-07-08 15:36 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-26 15:15 - 2021-07-09 10:30 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories ========

2022-05-22 22:23 - 2022-05-22 22:23 - 000007601 _____ () C:\Users\Dee Skelley\AppData\Local\Resmon.ResmonCfg
2023-07-11 15:50 - 2023-07-11 15:50 - 000000000 _____ () C:\Users\Dee Skelley\AppData\Local\{8DBA7834-C4DF-4289-A385-9CA2351BCCD5}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ADDITION LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by Dee Skelley (01-10-2024 15:37:48)
Running from C:\Users\Dee Skelley\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4957 (X64) (2021-07-08 18:34:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2958740073-524152327-740456925-500 - Administrator - Disabled)
Dee Skelley (S-1-5-21-2958740073-524152327-740456925-1001 - Administrator - Enabled) => C:\Users\Dee Skelley
DefaultAccount (S-1-5-21-2958740073-524152327-740456925-503 - Limited - Disabled)
dskel (S-1-5-21-2958740073-524152327-740456925-1002 - Administrator - Enabled)
Guest (S-1-5-21-2958740073-524152327-740456925-501 - Limited - Enabled)
ozzet (S-1-5-21-2958740073-524152327-740456925-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-2958740073-524152327-740456925-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.9.6130 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 129.0.6668.60 - Google LLC)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.65 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.65 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 127.0 (x64 en-US)) (Version: 127.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
NVIDIA PhysX v8.09.04 (HKLM-x32\...\{A7E07C2B-2220-4415-87E3-784D5814BC93}) (Version: 8.09.04 - NVIDIA Corporation)
PowerPoint (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Chrome apps:
============
YouTube (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\3a5d7b257cb5d0c14f9769fecc433d33) (Version: 1.0 - Google\Chrome)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-26] (Avast Software s.r.o. -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Dee Skelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TM.blf:D0B775491F [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TMContainer00000000000000000002.regtrans-ms:5915CEE35F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10018]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee Skelley\Pictures\Furry_files\6686e0bc71f3a1b5a95e7ba3831e9f20.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "RZSurroundHelper"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_C9176D295DD1B25034BE632CD236401C"
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{789901D8-742B-4FBD-A62A-45586D322CAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F6AD17CB-ED3C-4DAA-8D64-6D02196D0E66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4F9E5993-9026-457F-AA51-69BFB0DBEB12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CC0463A2-1B1B-434A-9914-CF15B3B401DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DF8D1765-0910-47BF-8FC6-205438EF846C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{061164CE-9DBA-434B-B413-84E77B62A6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{0E233C12-FD45-4C9E-A652-776AC35A8846}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{E717B377-50FA-4C73-BA76-363FA1602785}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{EFB169AB-2D2D-45BD-9337-6990F6ACFC44}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{8D586DB2-183C-4899-89A3-607005E89F96}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{903E6A5C-DB4D-457B-AEC3-54A8437C33C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{952DEC82-E68E-4BE1-8478-39AAB770ABBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{36AD491E-79B6-4015-918A-AC1EFB2BCB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{1826B53B-0DFD-40A3-AB6A-0C09EAD522CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{A8389675-CDEA-4324-8C03-F6183E60AFA6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3820EEAE-810D-405C-9E55-490010259459}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{C168B53A-D8B4-40C0-9B2F-CE78DBDF1441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed]
FirewallRules: [{BCF5374F-910B-4E85-AF31-20E391283B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed]
FirewallRules: [{2677E04E-B105-4646-A511-1665334B5F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{882AA130-7A26-4048-8CEF-0B916EFBE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{6BB42385-388B-40AD-9210-A3FA50BADE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{8A582698-159E-4EF3-A1D7-709F57D7C646}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{6644D58A-5A42-4908-94B2-771FAE428F43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50D1A42A-CD3D-4060-B7B4-3AFBC9EA5A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F55A02F2-2589-4D50-A796-403C264EAC29}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{4AD578D0-EB62-40F2-A988-40A32D1C2CF3}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{22582601-4648-4426-89C4-F97853631912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{C84A7E9C-21C4-4E7B-81ED-BE8846D8EC83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{DEB6B823-5EDC-42D3-9DB7-9E239EC08888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{F12850D1-D835-4C06-8EE5-C2924B7109EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{B073138F-F286-4867-8537-C2F69F34A56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{22A143AA-897A-43B2-8B0F-C3914DCB9743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{98913933-BDAD-4435-9734-99E9DF2F1A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed]
FirewallRules: [{C7711C7B-C29B-4232-9E34-C52D5B0A7FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed]
FirewallRules: [{160B13C3-213A-42E2-8AD8-F8DF93175345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed]
FirewallRules: [{4B95A1E4-E6FF-4897-BEFC-A669C8C714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed]
FirewallRules: [{1A9262DC-1D87-440F-80F0-C33322633BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed]
FirewallRules: [{ED4CB6EE-6D04-435A-98B2-FF2270E5580F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed]
FirewallRules: [{26F4EA49-F7ED-4185-A45E-4D5BCCCC68AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{C54F173E-6842-45C3-B4AA-BB552627FCF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{46746F23-E5D2-413C-8510-D7B2EC657D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed]
FirewallRules: [{5EEF3A91-A526-4E0F-A530-8170E4A139A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed]
FirewallRules: [{B3E0436E-7391-488C-8CED-226FC8F3EDC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed]
FirewallRules: [{2FC96979-D6ED-4C5D-8843-7205FD09198F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed]
FirewallRules: [{A3AB422A-0DB8-4572-AFB1-677B89805DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{30BEFD05-3D3E-46DB-81BD-7BDB932686F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{FC3A4517-E100-4060-9D5A-DA76CA4B863E}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{62B6C5C7-34F0-41C5-94BE-FDB13ECE325A}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{D169D7C4-5CEF-4EC8-94F6-3D99808285D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed]
FirewallRules: [{55E06CD5-7E21-441C-858F-DAA6834FDB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed]
FirewallRules: [{84FEC5C7-4CDB-47AE-9E24-0316E92CF01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{78522E69-306B-47E7-A701-1187B77E44D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{429D6F0F-055A-40F3-9CAC-455C6D7E892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed]
FirewallRules: [{8B357991-D239-4CAA-942A-B7A6AD381074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed]
FirewallRules: [TCP Query User{86D26A35-1D61-47B0-AF40-4F7BD2BE59FE}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{43E4E806-1DCD-4231-BA83-90E88D162360}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{F5BD1E88-1198-4F13-B010-7E95A2B0CEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [{CE01C190-8981-4D12-A1D1-FA1F372818CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [{6095B4B2-A276-4982-A67F-48BDEBC5921E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File
FirewallRules: [{B97F7C89-59DA-4459-88AA-51161113B351}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File
FirewallRules: [{B1CAB6A0-453D-4B66-9F0D-86F5C9D5BF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed]
FirewallRules: [{431853D6-7A3A-4763-BFFA-64DDE27C7A10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed]
FirewallRules: [TCP Query User{AA8D2D43-1508-440B-8994-A83B2ACFE642}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed]
FirewallRules: [UDP Query User{74571DC5-E28D-4D95-9FC0-2DE755D949D2}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed]
FirewallRules: [{46BAF21F-3D33-4FF2-A708-2278076D88B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [{A494709E-ABC1-46BA-9BA4-0667B995D9CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [TCP Query User{6DB66AD7-DA47-45C8-9F95-37C940A3DD07}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [UDP Query User{48903A87-7172-42B6-837E-FF1AD5BE4C6E}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [TCP Query User{75DC90F3-CCBC-4DA9-A7B3-C053871F6BBF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{CDEF6C89-A83D-4D74-B708-ABDFC362E553}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{C549DE2C-5DD2-4ADA-BB83-4339FFB4AC90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{F2418A59-1235-4582-B71A-46CEFCFF5F49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{8C6DCD9E-D932-421B-A983-8749456F56DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.)
FirewallRules: [{66851D45-6C9A-48B1-A22B-5807F978CD65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.)
FirewallRules: [{C54134E8-2DD9-4F93-A042-8D5B80C91FCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed]
FirewallRules: [{3B1E767B-418E-463E-A1D5-4B32748507C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed]
FirewallRules: [{FF2A61A3-53A3-413B-9CC4-57532D46E73C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5C5A1D32-077E-42D2-ACA3-B64111B63EB0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F5A58A8-2F34-4EF6-951D-41B83954B897}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{26C09BB8-88AC-4A8E-B0D2-48170F4E8D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5C2E0EEF-135D-4251-ABE8-829B2276F82B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D5FEF95-79CA-4628-9A69-A5B09CAE3C2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

26-09-2024 16:28:18 Scheduled Checkpoint
27-09-2024 12:25:04 Windows Modules Installer
27-09-2024 13:09:34 Windows Modules Installer
28-09-2024 15:08:47 Windows Modules Installer
28-09-2024 17:53:21 Windows Modules Installer
30-09-2024 16:48:43 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (09/30/2024 04:48:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started..

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {60cbe2cb-d100-4204-8d91-303229f05c93}

Error: (09/30/2024 04:38:12 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/30/2024 04:38:12 PM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (09/30/2024 03:53:36 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/30/2024 03:53:36 PM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (09/30/2024 11:59:40 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/28/2024 05:53:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started..

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {3b2b9f85-8005-492a-947c-54fdc5fb3b03}

Error: (09/28/2024 05:22:24 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (10/01/2024 03:06:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The vgc service terminated unexpectedly. It has done this 1 time(s).

Error: (09/30/2024 05:03:45 PM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (09/30/2024 05:03:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (09/30/2024 05:03:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (09/30/2024 05:03:26 PM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.

Error: (09/30/2024 04:51:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/30/2024 03:54:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CredentialEnrollmentManagerUserSvc_103136 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/30/2024 11:59:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3.0 service failed to start due to the following error:
The system cannot find the path specified.

Windows Defender:
================
Date: 2021-11-23 19:08:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-22 19:24:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-22 19:07:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-22 18:50:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-02-23 15:17:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-26 20:37:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-04-29 19:36:19
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-04-29 19:28:39
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-04-29 17:36:01
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

CodeIntegrity:
===============
Date: 2024-10-01 15:36:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 5103 09/19/2012
Motherboard: ASUSTeK COMPUTER INC. F2A85-M
Processor: AMD A10-5800K APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 12078.23 MB
Available physical RAM: 7533.51 MB
Total Virtual: 13934.23 MB
Available Virtual: 8950.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.9 GB) (Free:449.28 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS

\\?\Volume{c7297c65-6034-45ca-8036-e15ad3fd9034}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{22800b9a-daa3-4194-a793-022140f7d324}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7B309A69)

Partition: GPT.

==================== End of Addition.txt =======================

Once again, thanks so much!!!

#2
DR M

Posted 02 October 2024 - 08:20 AM

The Grecian Geek

Malware Removal
4,422 posts

Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

======================

No obvious sign of malware in the logs, but we will do some checks to confirm.

To begin with, I would like you to uninstall Avast Free Antivirus, using Revo Uninstaller.

Download the Revo Uninstaller (Free Download) and save it on your Desktop.
Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
Double click the program's icon to open it.
Write in the search area, on the top left, the following program:

Avast

Choose the Uninstall tab from the menu and let the program to create a Restore point.
Choose Scan, and then the Advanced mode scan.
Select all the Avast Anti-Virus items found, Delete and Next.
Let the procedure be completed and click on Finish.
Restart the computer.

You have also Kaspersky Security Cloud remnants, but we will come to this later.

After you uninstall Avast, please attach fresh FRST logs, Addition and FRST.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

#3
d.brack

Posted 02 October 2024 - 10:44 AM

Member

Topic Starter
Member
57 posts

avast will not go away. revo says there are 0 files left, but the program came back when I rebooted after revo.

#4
DR M

Posted 02 October 2024 - 11:17 AM

The Grecian Geek

Malware Removal
4,422 posts

That means it is not yet uninstalled.

Have you followed my instructions? What happens when you search for Avast?

#5
d.brack

Posted 02 October 2024 - 02:22 PM

Member

Topic Starter
Member
57 posts

I get 0 programs in Revo now when I search again. I tried it. I looked under Programs and Features, it's not there. I look at my list of apps on my home screen on the left side where they are listed it's not there. I cannot find it anywhere. Should I search the puter? It will take forever, but I don't know how to find it to uninstall it. I can find it in my files under on the disk under Program Files. In the file manager, ya know? That's where it is, still. Should I delete the whole file? And yes, I followed your instructions to a T. I know it's not much but I have an old AA degree in CompSci and have done my best to keep up. I've been with you all for years and years. I've never seen anything like it. But yes, I pay attention and read every word of your replies.

Edited by d.brack, 02 October 2024 - 02:27 PM.

#6
DR M

Posted 03 October 2024 - 06:23 AM

The Grecian Geek

Malware Removal
4,422 posts

Hello.

Let's see fresh FRST logs, then. Please attach them this time instead of copy/paste them.

#7
d.brack

Posted 03 October 2024 - 04:52 PM

Member

Topic Starter
Member
57 posts

Addition.txt 38.67KB 103 downloads FRST.txt 29.79KB 98 downloads

#8
DR M

Posted 04 October 2024 - 12:02 PM

The Grecian Geek

Malware Removal
4,422 posts

Hello.

Avast was uninstalled but not as it should. As a result, it is still shown in the Security Center, and many remnants, including services and drivers, are still there.

I recommend you to install it again, and then follow the instructions I gave you above, to uninstall it with Revo Uninstaller.

Here it is the link to download and install it: Download Free Antivirus Software | Avast 2024 PC Protection

FYI, my time zone is UTC + 2, so obviously I can't reply immediately after you reply. But we will deal with it.

#9
d.brack

Posted 04 October 2024 - 06:27 PM

Member

Topic Starter
Member
57 posts

We have it down to 3-4 mentions now in FRST and Addition Logs. I'm fine replying once a day. If that's not enough, please let me know. I want it cleaned and fixed from crashing and I am patient about it. Heck, it's allowing Prime Video to run now so we are getting closer! Thanks for all your help!

Attached Files

FRST.txt 25.79KB 151 downloads
Addition.txt 39.07KB 91 downloads

#10
DR M

Posted 05 October 2024 - 02:08 AM

The Grecian Geek

Malware Removal
4,422 posts

Hi.

Avast Free Antivirus is uninstalled, but I see these now:

AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

Did you install Kaspersky??

Please, do not install anything during the cleaning procedure. It makes things complicated and the assistance less effective.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TM.blf:D0B775491F [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TMContainer00000000000000000002.regtrans-ms:5915CEE35F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10018]
HKLM\...\StartupApproved\Run: => "RZSurroundHelper"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_C9176D295DD1B25034BE632CD236401C"
FirewallRules: [{0E233C12-FD45-4C9E-A652-776AC35A8846}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{E717B377-50FA-4C73-BA76-363FA1602785}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{EFB169AB-2D2D-45BD-9337-6990F6ACFC44}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
FirewallRules: [{8D586DB2-183C-4899-89A3-607005E89F96}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File
HKLM\...\Run: [RZSurroundHelper] => C:\Windows\system32\RZSurroundHelper.exe (No File)
HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe  --application-host=apps.razer.com --start-hidden --no-sandbox --disable-gpu --disable-background-timer-throttling --disable-extensions --new-window  (the data entry has 232 more characters). (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
2024-10-04 18:16 - 2024-10-04 18:16 - 000249584 _____ (Gen Digital Inc.) C:\Users\Dee Skelley\Downloads\avast_free_antivirus_setup_online.exe
2024-10-04 18:16 - 2024-10-04 18:16 - 000249584 _____ (Gen Digital Inc.) C:\Users\Dee Skelley\Desktop\avast_free_antivirus_setup_online.exe
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

2. Uninstall a program

Now you will be able to see Avast Update Helper in your installed programs. Please, uninstall it.

3. Run Malwarebytes (scan only)

Download Malwarebytes and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
Follow the instructions to install the program.
When finished, double click the program's icon created on your Desktop.
Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
Return to the Dashboard and choose Scan.
When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.

4. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.
Click the Scan Now button.
Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
Click the Log Files tab.
Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
A Notepad file will open containing the results of the removal.
Please post the contents of the file in your next reply.
Note: Click Skip Basic Repair if you are asked to.

In your next reply, please post:

The fixlog.txt
The Malwarebytes report
The AdwCleaner[S0*].txt

#11
d.brack

Posted 05 October 2024 - 12:00 PM

Member

Topic Starter
Member
57 posts

Well, great job so far. I am seeing some of that crap that my grandson loaded on here being deleted. I tried but couldn't get rid of everything plus the puter was running so slooowww. It was aggravating!!! Ok. Here are the logs you requested.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-05-2024
# Duration: 00:00:09
# OS:       Windows 10 (Build 19045.4957)
# Scanned: 32105
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Attached Files

Malwarebytes Scan Report 2024-10-05 122544.txt 1.21KB 93 downloads
Fixlog.txt 7.33KB 89 downloads

#12
DR M

Posted 05 October 2024 - 12:32 PM

The Grecian Geek

Malware Removal
4,422 posts

Hi!

It's good that AdwCleaner and Malwarebytes didn't detect anything bad.

Let's now check fresh FRST logs (attached).

Also, let me know how the computer is running now.

#13
d.brack

Posted 06 October 2024 - 11:02 AM

Member

Topic Starter
Member
57 posts

It seems to be working a little better now. You asked about Kapersky, I think I did a free scan or something. I don't remember paying for it. This computer is just mostly for my TV shows and video games. On my good computer I pay for Malwarebytes. But I can't afford 2 scripts of it!

Attached Files

FRST.txt 28.93KB 89 downloads
Addition.txt 37.86KB 90 downloads

#14
DR M

Posted 06 October 2024 - 12:45 PM

The Grecian Geek

Malware Removal
4,422 posts

1. In-place upgrade

This will reinstall and update the operating system and fix any corruptions, without removing any file or program.

Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
Save the tool on your Desktop and double click to run it.
On the License terms page, if you accept the license terms, select Accept.
On the What do you want to do page, select Upgrade this PC now, and then select Next.
Follow the instructions and select Keep personal files and apps, when you are asked to.
It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

2. Fresh FRST logs

Run the tool once more and attach the logs.

In your next reply, please post:

If the in-place upgrade ran smoothly
The FRST logs
Feedback: remaining issues/questions/concerns

#15
d.brack

Posted 08 October 2024 - 04:32 PM

Member

Topic Starter
Member
57 posts

Please bear with me. The flu is going around the house and I'm not getting as much done as usual. Please forgive me. I have Windows refreshed but I am having trouble with the resolution with my TV. I can't see the task bar, the power button, etc. I can't get the picture small enough. I try to get it running tomorrow and reply, but I might have to take my boy (grandson) to the doctor again because he's had a fever for 5 days now. Anyway, thanks for your patience!!!