Another Amazon Shortcut That's Weird

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Chaos Annihilator, Oct 1, 2024.

  1. Chaos Annihilator

    Chaos Annihilator Private E-2

    Hello,

    I worked with OhMy! over the past few weeks regarding my other computer and issues I had with Amazon acting shading and possibly leaving shortcuts on my computer unbeknownst to me. I mentioned having another strange amazon shortcut on a different computer, and he instructed me to start a new thread here, so here is the new thread.

    On this computer, a while ago I noticed an Amazon shortcut on my desktop that I did not leave. I assumed a family member left it, and I tried to delete it. I could not. I always get an error message when I try, a screenshot is attached.

    I don't know why I cannot get this shortcut to delete. At the time I first saw it, I didn't think much about it and was busy, and considered it a problem for another day. Since the trouble I had with my other computer (that I already received help for; thanks again for that) and how shady Amazon has been, I wondered if this shortcut is a larger problem than I initially thought.

    So, if someone could please help me remove this shortcut and make sure it is not associated with some other hidden problem I don't know about, that would be great.

    Forgive me for not completing all the steps listed before posting here, I didn't know if my problem required it since I'm asking about a shortcut that won't delete. If you need them, give me a slap on the wrist and I'll back track and finish up.

    Attached is the AdwCleaner log, FRST and Addition logs, a picture of the shortcut, and a picture of the error when I try to delete.

    Thanks!
     

    Attached Files:

  2. Oh My!

    Oh My! Malware Expert Staff Member

    Welcome back. Allow me some time to review things.
     
    Chaos Annihilator and xrobwx71 like this.
  3. Oh My!

    Oh My! Malware Expert Staff Member

    Let's start with this.

    ===================================================

    Uninstalling Adobe Flash Player

    --------------------

    Note: Adobe Flash Player is no longer supported and is a security risk.

    • Download Adobe Flash Player Uninstaller and save it to your Desktop
    • Right click on the icon and select Run as administrator
    • Click Uninstall then Done to reboot your computer
    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Spybot - Search & Destroy
    
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    ShortcutsMan by Nirsoft

    --------------------

    • Download ShortcutsMan and save it to your Desktop
    • Right click on the folder, select Extract All..., and extract the folder onto your Desktop
    • Right click on shman (application) and select Run as administrator
    • Place a check mark in the Amazon.com entry, along with any other broken icons you would like to delete
    • Click on the Red X to delete the items
    • Close the program and confirm the icon is gone
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    File: C:\Program Files (x86)\Haunted Hotel II - Believe the Lies\bvhhvlj.exe
    File: C:\Program Files (x86)\Hidden Expedition - Amazon\znqlnvb.exe
    File: C:\Program Files (x86)\Hidden Expedition - Everest\lclmmlf.exe
    Task: {2B7F6C4D-45C0-4247-B266-6EE2F9125C19} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File) 
    Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
    Task: {60E5303C-4518-41B7-8448-C4589680AA61} - System32\Tasks\Uninstall AdwCleaner Application => C:\Users\User\Desktop\virus shit\adwcleaner(1).exe  /uninstall (No File) 
    AlternateDataStreams: C:\ProgramData\TEMP:011957C3 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [494] 
    AlternateDataStreams: C:\ProgramData\TEMP:01C8B063 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [466] 
    AlternateDataStreams: C:\ProgramData\TEMP:04464E6C [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:04E0C19C [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:0588E665 [226] 
    AlternateDataStreams: C:\ProgramData\TEMP:05E5CBE8 [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:06CB6BB8 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211] 
    AlternateDataStreams: C:\ProgramData\TEMP:081C427E [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:0A46C861 [500] 
    AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9 [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:0C363260 [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:0C4F2026 [504] 
    AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E [466] 
    AlternateDataStreams: C:\ProgramData\TEMP:0C6827DB [230] 
    AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1 [500] 
    AlternateDataStreams: C:\ProgramData\TEMP:0D797314 [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:0E0B89A2 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:0E372F11 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221] 
    AlternateDataStreams: C:\ProgramData\TEMP:118EE36D [506] 
    AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD [474] 
    AlternateDataStreams: C:\ProgramData\TEMP:12383CAE [440] 
    AlternateDataStreams: C:\ProgramData\TEMP:12BB1476 [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:12D136AA [480] 
    AlternateDataStreams: C:\ProgramData\TEMP:132B1756 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:134FBDE2 [464] 
    AlternateDataStreams: C:\ProgramData\TEMP:13EF4AF6 [436] 
    AlternateDataStreams: C:\ProgramData\TEMP:14B3C0A8 [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:15734396 [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:16ADBA30 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:1709732A [432] 
    AlternateDataStreams: C:\ProgramData\TEMP:172F7821 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:178BD71C [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:18E35126 [502] 
    AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:1A726DE7 [486] 
    AlternateDataStreams: C:\ProgramData\TEMP:1A81EA30 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC [516] 
    AlternateDataStreams: C:\ProgramData\TEMP:1AC933DC [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:1B7E2B93 [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:1CF7A376 [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:1E156672 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:1EEB23AD [212] 
    AlternateDataStreams: C:\ProgramData\TEMP:2043337E [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:206470A5 [220] 
    AlternateDataStreams: C:\ProgramData\TEMP:20C75F17 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:220C42CA [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:2235B18C [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:24C072FF [434] 
    AlternateDataStreams: C:\ProgramData\TEMP:255D6F59 [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:260A9C65 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:260B69CA [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:2680DDD5 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:268A5068 [458] 
    AlternateDataStreams: C:\ProgramData\TEMP:27212462 [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:27294EB3 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:2908CFBB [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22 [462] 
    AlternateDataStreams: C:\ProgramData\TEMP:2AB49D2B [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 [484] 
    AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:2B9FA1B8 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270] 
    AlternateDataStreams: C:\ProgramData\TEMP:2CC32B31 [223] 
    AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:2DAD5FA9 [466] 
    AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93 [212] 
    AlternateDataStreams: C:\ProgramData\TEMP:2E5508DE [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:2E7542CD [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215] 
    AlternateDataStreams: C:\ProgramData\TEMP:2F64722A [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:2FABD33A [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:3039881D [482] 
    AlternateDataStreams: C:\ProgramData\TEMP:303EF20A [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F [218] 
    AlternateDataStreams: C:\ProgramData\TEMP:308F8D8D [456] 
    AlternateDataStreams: C:\ProgramData\TEMP:30A9192A [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:31196235 [492] 
    AlternateDataStreams: C:\ProgramData\TEMP:311A2F6A [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:315F23AB [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:3241739E [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:32AE8659 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:32D2A239 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:3480F458 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:34EFF1F2 [444] 
    AlternateDataStreams: C:\ProgramData\TEMP:35E8E596 [239] 
    AlternateDataStreams: C:\ProgramData\TEMP:37200499 [468] 
    AlternateDataStreams: C:\ProgramData\TEMP:380DB4EE [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:3874A132 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:39BD98E5 [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:39DC8D60 [498] 
    AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4 [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:3CC2D8AB [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:3DC5B791 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:3EB4803E [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:3F308029 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:404908B5 [460] 
    AlternateDataStreams: C:\ProgramData\TEMP:406E0034 [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:408A104E [236] 
    AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:41CB6858 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:422B0BA2 [239] 
    AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [220] 
    AlternateDataStreams: C:\ProgramData\TEMP:44595B29 [468] 
    AlternateDataStreams: C:\ProgramData\TEMP:44ABD37A [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:4590E35E [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:45936E12 [486] 
    AlternateDataStreams: C:\ProgramData\TEMP:46DC30C2 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:470574B5 [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:47A84EC6 [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:47C988BC [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:486234DB [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:491270B8 [218] 
    AlternateDataStreams: C:\ProgramData\TEMP:494E4266 [258] 
    AlternateDataStreams: C:\ProgramData\TEMP:4AA890CF [239] 
    AlternateDataStreams: C:\ProgramData\TEMP:4ADC4C11 [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:4C31986D [452] 
    AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44 [220] 
    AlternateDataStreams: C:\ProgramData\TEMP:4CD1A9DB [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:4CDB815A [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:4D62BACD [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B [213] 
    AlternateDataStreams: C:\ProgramData\TEMP:4E318FBB [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 [220] 
    AlternateDataStreams: C:\ProgramData\TEMP:4F5DE111 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:4F875F4E [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:5133A494 [253] 
    AlternateDataStreams: C:\ProgramData\TEMP:5164A01F [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:517B507A [211] 
    AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:52886450 [460] 
    AlternateDataStreams: C:\ProgramData\TEMP:52B3F2F6 [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:5545792B [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:5577A011 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:557AC6B3 [217] 
    AlternateDataStreams: C:\ProgramData\TEMP:5587932F [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:5628D5EE [506] 
    AlternateDataStreams: C:\ProgramData\TEMP:56699AAF [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:567B2CF5 [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:575EA127 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:5805C8C5 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:591267A3 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:595D8C55 [516] 
    AlternateDataStreams: C:\ProgramData\TEMP:5AF26A5B [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:5B3CBF6B [506] 
    AlternateDataStreams: C:\ProgramData\TEMP:5B483FBC [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:5BF440AD [478] 
    AlternateDataStreams: C:\ProgramData\TEMP:5BF8F61F [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:5C1C0ADE [490] 
    AlternateDataStreams: C:\ProgramData\TEMP:5C855281 [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:5F2F600A [476] 
    AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:61337F9C [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:6157314B [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8 [230] 
    AlternateDataStreams: C:\ProgramData\TEMP:645925A2 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:6473219F [480] 
    AlternateDataStreams: C:\ProgramData\TEMP:65137F0D [440] 
    AlternateDataStreams: C:\ProgramData\TEMP:6654511C [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:66B9B85E [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:6765A8A9 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:68BC23E8 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:691F4D97 [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:6A058877 [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 [258] 
    AlternateDataStreams: C:\ProgramData\TEMP:6BCFE4FF [504] 
    AlternateDataStreams: C:\ProgramData\TEMP:6E9DC1F4 [460] 
    AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [506] 
    AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207] 
    AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72 [456] 
    AlternateDataStreams: C:\ProgramData\TEMP:700B9342 [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:70A233C0 [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:71004506 [218] 
    AlternateDataStreams: C:\ProgramData\TEMP:7169AE37 [478] 
    AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [460] 
    AlternateDataStreams: C:\ProgramData\TEMP:71F9F0FF [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:737DFBE4 [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:75CF6AF0 [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:771214B3 [252] 
    AlternateDataStreams: C:\ProgramData\TEMP:771AD057 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:77D9596D [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:7929462F [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:79EAEF54 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A [424] 
    AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690 [212] 
    AlternateDataStreams: C:\ProgramData\TEMP:7BEB9DCB [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:7C1271A7 [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:7E1A84A5 [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:7E1E8D30 [258] 
    AlternateDataStreams: C:\ProgramData\TEMP:81484C0F [230] 
    AlternateDataStreams: C:\ProgramData\TEMP:81770A6F [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:817F0659 [216] 
    AlternateDataStreams: C:\ProgramData\TEMP:819394CC [486] 
    AlternateDataStreams: C:\ProgramData\TEMP:840897E8 [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:85A57947 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:864BE9C4 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:86DFF58E [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:871645FB [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:87731E5E [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:87A7F6F8 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226] 
    AlternateDataStreams: C:\ProgramData\TEMP:88FA7026 [514] 
    AlternateDataStreams: C:\ProgramData\TEMP:899695B4 [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:89C28CF6 [456] 
    AlternateDataStreams: C:\ProgramData\TEMP:8A0EFC75 [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:8CBBA350 [253] 
    AlternateDataStreams: C:\ProgramData\TEMP:8D09CFAC [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:8F02CB02 [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:8FEC8CDB [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:8FF5B5D8 [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:9061C320 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:90BDAE7B [230] 
    AlternateDataStreams: C:\ProgramData\TEMP:91742C9B [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:92C8CBEF [498] 
    AlternateDataStreams: C:\ProgramData\TEMP:92E86C79 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:933D54A9 [253] 
    AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2 [222] 
    AlternateDataStreams: C:\ProgramData\TEMP:9514A0EB [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:952245B1 [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:9735F991 [516] 
    AlternateDataStreams: C:\ProgramData\TEMP:97393C95 [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:98010073 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:980E6BC1 [484] 
    AlternateDataStreams: C:\ProgramData\TEMP:982B9800 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:993185CB [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [207] 
    AlternateDataStreams: C:\ProgramData\TEMP:9A30A297 [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:9A40C0E0 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:9A4D81ED [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 [440] 
    AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675 [434] 
    AlternateDataStreams: C:\ProgramData\TEMP:9D3AC6AB [514] 
    AlternateDataStreams: C:\ProgramData\TEMP:9D72ED0E [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B [462] 
    AlternateDataStreams: C:\ProgramData\TEMP:9F38BF31 [236] 
    AlternateDataStreams: C:\ProgramData\TEMP:9F638E2A [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [452] 
    AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C [448] 
    AlternateDataStreams: C:\ProgramData\TEMP:A0EAE9E6 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:A14106CF [257] 
    AlternateDataStreams: C:\ProgramData\TEMP:A1482919 [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:A1F2E121 [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:A234091C [239] 
    AlternateDataStreams: C:\ProgramData\TEMP:A2FF94DF [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:A5746FD8 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:A5A2814C [225] 
    AlternateDataStreams: C:\ProgramData\TEMP:A6100C4E [492] 
    AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537 [217] 
    AlternateDataStreams: C:\ProgramData\TEMP:A6F112E6 [253] 
    AlternateDataStreams: C:\ProgramData\TEMP:A6F30843 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:A90DCAC4 [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:A9204B0E [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:A9223B61 [214] 
    AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15 [486] 
    AlternateDataStreams: C:\ProgramData\TEMP:ABC6E061 [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:ACA5D931 [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:AE324BE5 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:AEC85652 [484] 
    AlternateDataStreams: C:\ProgramData\TEMP:AF841BA9 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:B027329B [468] 
    AlternateDataStreams: C:\ProgramData\TEMP:B0729CDB [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:B34A97BF [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:B36875E3 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:B6B0F849 [456] 
    AlternateDataStreams: C:\ProgramData\TEMP:B79964F6 [482] 
    AlternateDataStreams: C:\ProgramData\TEMP:B80023A5 [251] 
    AlternateDataStreams: C:\ProgramData\TEMP:B8533D72 [500] 
    AlternateDataStreams: C:\ProgramData\TEMP:B88DC997 [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:BAC7E088 [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4 [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:BBBB6C30 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:BBCB4421 [456] 
    AlternateDataStreams: C:\ProgramData\TEMP:BC5FD951 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:BD7D604C [494] 
    AlternateDataStreams: C:\ProgramData\TEMP:BDD83DC4 [235] 
    AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:BE6D17E7 [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:BEF18713 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621 [490] 
    AlternateDataStreams: C:\ProgramData\TEMP:BF4CD0B2 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:BFDC745F [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:C0893153 [440] 
    AlternateDataStreams: C:\ProgramData\TEMP:C0C1FD6D [510] 
    AlternateDataStreams: C:\ProgramData\TEMP:C1086564 [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:C1128FF7 [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:C29D29C3 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:C2FAFEEA [237] 
    AlternateDataStreams: C:\ProgramData\TEMP:C3361E6F [235] 
    AlternateDataStreams: C:\ProgramData\TEMP:C365C05C [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:C370B84F [217] 
    AlternateDataStreams: C:\ProgramData\TEMP:C3C72D5F [221] 
    AlternateDataStreams: C:\ProgramData\TEMP:C3D43ADB [252] 
    AlternateDataStreams: C:\ProgramData\TEMP:C4C09E44 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:C571CBCB [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:C617C0F6 [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:C64957DF [236] 
    AlternateDataStreams: C:\ProgramData\TEMP:C6CF6C1F [474] 
    AlternateDataStreams: C:\ProgramData\TEMP:C72085DF [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82 [235] 
    AlternateDataStreams: C:\ProgramData\TEMP:C76D8487 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:C77802D8 [516] 
    AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:C82210DD [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:C9342CDE [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16 [258] 
    AlternateDataStreams: C:\ProgramData\TEMP:CAB81ABD [478] 
    AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 [212] 
    AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 [215] 
    AlternateDataStreams: C:\ProgramData\TEMP:CD09F4F2 [472] 
    AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7 [486] 
    AlternateDataStreams: C:\ProgramData\TEMP:CD8EE0BE [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:CDC8FF42 [502] 
    AlternateDataStreams: C:\ProgramData\TEMP:CECE2E3F [258] 
    AlternateDataStreams: C:\ProgramData\TEMP:D03C606E [508] 
    AlternateDataStreams: C:\ProgramData\TEMP:D0668210 [199] 
    AlternateDataStreams: C:\ProgramData\TEMP:D211E75D [255] 
    AlternateDataStreams: C:\ProgramData\TEMP:D3E445EE [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:D5C946C5 [514] 
    AlternateDataStreams: C:\ProgramData\TEMP:D5F1E592 [233] 
    AlternateDataStreams: C:\ProgramData\TEMP:D5F4DEBF [516] 
    AlternateDataStreams: C:\ProgramData\TEMP:D7760BF9 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:D885A57E [213] 
    AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56 [490] 
    AlternateDataStreams: C:\ProgramData\TEMP:D8F7294F [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:D90DE656 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:D91E182A [249] 
    AlternateDataStreams: C:\ProgramData\TEMP:D9F34335 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:DADACE5D [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:DBD8099F [494] 
    AlternateDataStreams: C:\ProgramData\TEMP:DC8E5CD4 [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:DC938322 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:DEE38664 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:DF8CD98A [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7 [235] 
    AlternateDataStreams: C:\ProgramData\TEMP:E2E09709 [253] 
    AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE [254] 
    AlternateDataStreams: C:\ProgramData\TEMP:E3323FD2 [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:E3DA2548 [236] 
    AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:E4E83517 [241] 
    AlternateDataStreams: C:\ProgramData\TEMP:E4EE99EF [218] 
    AlternateDataStreams: C:\ProgramData\TEMP:E534B4D1 [231] 
    AlternateDataStreams: C:\ProgramData\TEMP:E6708F08 [226] 
    AlternateDataStreams: C:\ProgramData\TEMP:E70CCC37 [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:E8B61305 [244] 
    AlternateDataStreams: C:\ProgramData\TEMP:E8B7F91B [500] 
    AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:E9E62869 [243] 
    AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7 [229] 
    AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047 [464] 
    AlternateDataStreams: C:\ProgramData\TEMP:EAF0C571 [234] 
    AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [250] 
    AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5 [460] 
    AlternateDataStreams: C:\ProgramData\TEMP:EC0279DC [226] 
    AlternateDataStreams: C:\ProgramData\TEMP:EC73630C [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436] 
    AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [478] 
    AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [498] 
    AlternateDataStreams: C:\ProgramData\TEMP:EEFA1B22 [232] 
    AlternateDataStreams: C:\ProgramData\TEMP:EF04D3E9 [256] 
    AlternateDataStreams: C:\ProgramData\TEMP:F0892928 [492] 
    AlternateDataStreams: C:\ProgramData\TEMP:F0897332 [248] 
    AlternateDataStreams: C:\ProgramData\TEMP:F0C312C3 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:F135A76C [225] 
    AlternateDataStreams: C:\ProgramData\TEMP:F1381B87 [238] 
    AlternateDataStreams: C:\ProgramData\TEMP:F13867C6 [480] 
    AlternateDataStreams: C:\ProgramData\TEMP:F3727A78 [247] 
    AlternateDataStreams: C:\ProgramData\TEMP:F4039384 [468] 
    AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14 [242] 
    AlternateDataStreams: C:\ProgramData\TEMP:F5A34E79 [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:F5E8CAE0 [228] 
    AlternateDataStreams: C:\ProgramData\TEMP:F66F0A25 [245] 
    AlternateDataStreams: C:\ProgramData\TEMP:F816645E [514] 
    AlternateDataStreams: C:\ProgramData\TEMP:F934AFF3 [246] 
    AlternateDataStreams: C:\ProgramData\TEMP:F95F0469 [496] 
    AlternateDataStreams: C:\ProgramData\TEMP:F9689B72 [474] 
    AlternateDataStreams: C:\ProgramData\TEMP:FAB64002 [223] 
    AlternateDataStreams: C:\ProgramData\TEMP:FAC891EF [240] 
    AlternateDataStreams: C:\ProgramData\TEMP:FC70A22A [464] 
    AlternateDataStreams: C:\ProgramData\TEMP:FCDE7466 [227] 
    AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9 [235] 
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Adobe and Spybot removed?
    • Icon gone?
    • Fixlog
     
  4. Chaos Annihilator

    Chaos Annihilator Private E-2

    Thanks, I'll start working on this now. Question about the FRST fix: Haunted Hotel II and the two Hidden Expeditions are games I'd been unsuccessfully trying to download. Can I ask what we're doing with them? I wonder what you saw, and if whatever we're doing could help me get them to work.
     
  5. Oh My!

    Oh My! Malware Expert Staff Member

    Randomly named .exe files are very suspicious. I want to gather some additional information about the files.

    Hidden Expedition programs are listed under Installed Programs. Were you able to download them but they won't run?

    These errors can indicate the programs are incompatible with your operating system.
     
  6. Chaos Annihilator

    Chaos Annihilator Private E-2

    Thanks for explaining. Yes, I downloaded the games from Big Fish, and they need to activate it before you can play it and there was some error there. I haven't talked to them about it yet, and they usually aren't very helpful. So I just got excited for a minute and hoped you'd seen an easily fixable problem. Oh well, I'll work on it one day.

    Anyway, I did remove Adobe and Spybot. Shortcuts Man did not list the Amazon icon, and the icon is still there. Could it be hidden in the list as something other than Amazon.com? The list looked alphabetical, but I scrolled all down and didn't see it.

    Here is the Fix log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
    Ran by User (02-10-2024 13:55:03) Run:1
    Running from C:\Users\User\Desktop
    Loaded Profiles: User
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    File: C:\Program Files (x86)\Haunted Hotel II - Believe the Lies\bvhhvlj.exe
    File: C:\Program Files (x86)\Hidden Expedition - Amazon\znqlnvb.exe
    File: C:\Program Files (x86)\Hidden Expedition - Everest\lclmmlf.exe
    Task: {2B7F6C4D-45C0-4247-B266-6EE2F9125C19} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
    Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
    Task: {60E5303C-4518-41B7-8448-C4589680AA61} - System32\Tasks\Uninstall AdwCleaner Application => C:\Users\User\Desktop\virus shit\adwcleaner(1).exe /uninstall (No File)
    AlternateDataStreams: C:\ProgramData\TEMP:011957C3 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [494]
    AlternateDataStreams: C:\ProgramData\TEMP:01C8B063 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [466]
    AlternateDataStreams: C:\ProgramData\TEMP:04464E6C [237]
    AlternateDataStreams: C:\ProgramData\TEMP:04E0C19C [245]
    AlternateDataStreams: C:\ProgramData\TEMP:0588E665 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:05E5CBE8 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:06CB6BB8 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211]
    AlternateDataStreams: C:\ProgramData\TEMP:081C427E [228]
    AlternateDataStreams: C:\ProgramData\TEMP:0A46C861 [500]
    AlternateDataStreams: C:\ProgramData\TEMP:0B278A1A [238]
    AlternateDataStreams: C:\ProgramData\TEMP:0BACBDD9 [228]
    AlternateDataStreams: C:\ProgramData\TEMP:0C363260 [251]
    AlternateDataStreams: C:\ProgramData\TEMP:0C4F2026 [504]
    AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E [466]
    AlternateDataStreams: C:\ProgramData\TEMP:0C6827DB [230]
    AlternateDataStreams: C:\ProgramData\TEMP:0CCCEDA1 [500]
    AlternateDataStreams: C:\ProgramData\TEMP:0D797314 [228]
    AlternateDataStreams: C:\ProgramData\TEMP:0E0B89A2 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:0E372F11 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221]
    AlternateDataStreams: C:\ProgramData\TEMP:118EE36D [506]
    AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD [474]
    AlternateDataStreams: C:\ProgramData\TEMP:12383CAE [440]
    AlternateDataStreams: C:\ProgramData\TEMP:12BB1476 [237]
    AlternateDataStreams: C:\ProgramData\TEMP:12D136AA [480]
    AlternateDataStreams: C:\ProgramData\TEMP:132B1756 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:134FBDE2 [464]
    AlternateDataStreams: C:\ProgramData\TEMP:13EF4AF6 [436]
    AlternateDataStreams: C:\ProgramData\TEMP:14B3C0A8 [233]
    AlternateDataStreams: C:\ProgramData\TEMP:15734396 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:16ADBA30 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:1709732A [432]
    AlternateDataStreams: C:\ProgramData\TEMP:172F7821 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:178BD71C [234]
    AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [227]
    AlternateDataStreams: C:\ProgramData\TEMP:18E35126 [502]
    AlternateDataStreams: C:\ProgramData\TEMP:1999DD0A [237]
    AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [238]
    AlternateDataStreams: C:\ProgramData\TEMP:1A726DE7 [486]
    AlternateDataStreams: C:\ProgramData\TEMP:1A81EA30 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC [516]
    AlternateDataStreams: C:\ProgramData\TEMP:1AC933DC [234]
    AlternateDataStreams: C:\ProgramData\TEMP:1B7E2B93 [232]
    AlternateDataStreams: C:\ProgramData\TEMP:1CF7A376 [257]
    AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [254]
    AlternateDataStreams: C:\ProgramData\TEMP:1E156672 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:1EEB23AD [212]
    AlternateDataStreams: C:\ProgramData\TEMP:2043337E [246]
    AlternateDataStreams: C:\ProgramData\TEMP:206470A5 [220]
    AlternateDataStreams: C:\ProgramData\TEMP:20C75F17 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:220C42CA [229]
    AlternateDataStreams: C:\ProgramData\TEMP:2235B18C [233]
    AlternateDataStreams: C:\ProgramData\TEMP:24C072FF [434]
    AlternateDataStreams: C:\ProgramData\TEMP:255D6F59 [237]
    AlternateDataStreams: C:\ProgramData\TEMP:260A9C65 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:260B69CA [241]
    AlternateDataStreams: C:\ProgramData\TEMP:2680DDD5 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:268A5068 [458]
    AlternateDataStreams: C:\ProgramData\TEMP:27212462 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:27294EB3 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:2908CFBB [228]
    AlternateDataStreams: C:\ProgramData\TEMP:29EA7E22 [462]
    AlternateDataStreams: C:\ProgramData\TEMP:2AB49D2B [233]
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB [508]
    AlternateDataStreams: C:\ProgramData\TEMP:2B9FA1B8 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
    AlternateDataStreams: C:\ProgramData\TEMP:2CC32B31 [223]
    AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:2DAD5FA9 [466]
    AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93 [212]
    AlternateDataStreams: C:\ProgramData\TEMP:2E5508DE [227]
    AlternateDataStreams: C:\ProgramData\TEMP:2E7542CD [255]
    AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215]
    AlternateDataStreams: C:\ProgramData\TEMP:2F64722A [233]
    AlternateDataStreams: C:\ProgramData\TEMP:2FABD33A [241]
    AlternateDataStreams: C:\ProgramData\TEMP:3039881D [482]
    AlternateDataStreams: C:\ProgramData\TEMP:303EF20A [249]
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F [218]
    AlternateDataStreams: C:\ProgramData\TEMP:308F8D8D [456]
    AlternateDataStreams: C:\ProgramData\TEMP:30A9192A [246]
    AlternateDataStreams: C:\ProgramData\TEMP:31196235 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:311A2F6A [250]
    AlternateDataStreams: C:\ProgramData\TEMP:315F23AB [510]
    AlternateDataStreams: C:\ProgramData\TEMP:3241739E [248]
    AlternateDataStreams: C:\ProgramData\TEMP:32AE8659 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:32D2A239 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257]
    AlternateDataStreams: C:\ProgramData\TEMP:3480F458 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:34EFF1F2 [444]
    AlternateDataStreams: C:\ProgramData\TEMP:35E8E596 [239]
    AlternateDataStreams: C:\ProgramData\TEMP:37200499 [468]
    AlternateDataStreams: C:\ProgramData\TEMP:380DB4EE [243]
    AlternateDataStreams: C:\ProgramData\TEMP:3874A132 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:39BD98E5 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:39DC8D60 [498]
    AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:3CC2D8AB [249]
    AlternateDataStreams: C:\ProgramData\TEMP:3DC5B791 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:3EB4803E [248]
    AlternateDataStreams: C:\ProgramData\TEMP:3F308029 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:404908B5 [460]
    AlternateDataStreams: C:\ProgramData\TEMP:406E0034 [232]
    AlternateDataStreams: C:\ProgramData\TEMP:408A104E [236]
    AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232]
    AlternateDataStreams: C:\ProgramData\TEMP:41CB6858 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:422B0BA2 [239]
    AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:436BE28C [220]
    AlternateDataStreams: C:\ProgramData\TEMP:44595B29 [468]
    AlternateDataStreams: C:\ProgramData\TEMP:44ABD37A [508]
    AlternateDataStreams: C:\ProgramData\TEMP:4590E35E [250]
    AlternateDataStreams: C:\ProgramData\TEMP:45936E12 [486]
    AlternateDataStreams: C:\ProgramData\TEMP:46DC30C2 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:470574B5 [496]
    AlternateDataStreams: C:\ProgramData\TEMP:47A84EC6 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:47C988BC [245]
    AlternateDataStreams: C:\ProgramData\TEMP:486234DB [254]
    AlternateDataStreams: C:\ProgramData\TEMP:491270B8 [218]
    AlternateDataStreams: C:\ProgramData\TEMP:494E4266 [258]
    AlternateDataStreams: C:\ProgramData\TEMP:4AA890CF [239]
    AlternateDataStreams: C:\ProgramData\TEMP:4ADC4C11 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:4C31986D [452]
    AlternateDataStreams: C:\ProgramData\TEMP:4C9782FB [242]
    AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44 [220]
    AlternateDataStreams: C:\ProgramData\TEMP:4CD1A9DB [227]
    AlternateDataStreams: C:\ProgramData\TEMP:4CDB815A [246]
    AlternateDataStreams: C:\ProgramData\TEMP:4D62BACD [229]
    AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B [213]
    AlternateDataStreams: C:\ProgramData\TEMP:4E318FBB [256]
    AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 [220]
    AlternateDataStreams: C:\ProgramData\TEMP:4F5DE111 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:4F875F4E [238]
    AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:5133A494 [253]
    AlternateDataStreams: C:\ProgramData\TEMP:5164A01F [496]
    AlternateDataStreams: C:\ProgramData\TEMP:517B507A [211]
    AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:52886450 [460]
    AlternateDataStreams: C:\ProgramData\TEMP:52B3F2F6 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:5545792B [232]
    AlternateDataStreams: C:\ProgramData\TEMP:5577A011 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:557AC6B3 [217]
    AlternateDataStreams: C:\ProgramData\TEMP:5587932F [247]
    AlternateDataStreams: C:\ProgramData\TEMP:5628D5EE [506]
    AlternateDataStreams: C:\ProgramData\TEMP:56699AAF [248]
    AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [257]
    AlternateDataStreams: C:\ProgramData\TEMP:567B2CF5 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:575EA127 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:5805C8C5 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:591267A3 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:595D8C55 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:5AF26A5B [247]
    AlternateDataStreams: C:\ProgramData\TEMP:5B3CBF6B [506]
    AlternateDataStreams: C:\ProgramData\TEMP:5B483FBC [227]
    AlternateDataStreams: C:\ProgramData\TEMP:5BF440AD [478]
    AlternateDataStreams: C:\ProgramData\TEMP:5BF8F61F [228]
    AlternateDataStreams: C:\ProgramData\TEMP:5C1C0ADE [490]
    AlternateDataStreams: C:\ProgramData\TEMP:5C855281 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:5F2F600A [476]
    AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:61337F9C [255]
    AlternateDataStreams: C:\ProgramData\TEMP:6157314B [257]
    AlternateDataStreams: C:\ProgramData\TEMP:640EA6E8 [230]
    AlternateDataStreams: C:\ProgramData\TEMP:645925A2 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:6473219F [480]
    AlternateDataStreams: C:\ProgramData\TEMP:65137F0D [440]
    AlternateDataStreams: C:\ProgramData\TEMP:6654511C [496]
    AlternateDataStreams: C:\ProgramData\TEMP:66B9B85E [254]
    AlternateDataStreams: C:\ProgramData\TEMP:6765A8A9 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:68BC23E8 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:691F4D97 [237]
    AlternateDataStreams: C:\ProgramData\TEMP:6A058877 [251]
    AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 [258]
    AlternateDataStreams: C:\ProgramData\TEMP:6BCFE4FF [504]
    AlternateDataStreams: C:\ProgramData\TEMP:6E9DC1F4 [460]
    AlternateDataStreams: C:\ProgramData\TEMP:6ED8B881 [506]
    AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207]
    AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72 [456]
    AlternateDataStreams: C:\ProgramData\TEMP:700B9342 [228]
    AlternateDataStreams: C:\ProgramData\TEMP:70A233C0 [234]
    AlternateDataStreams: C:\ProgramData\TEMP:71004506 [218]
    AlternateDataStreams: C:\ProgramData\TEMP:7169AE37 [478]
    AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [460]
    AlternateDataStreams: C:\ProgramData\TEMP:71F9F0FF [257]
    AlternateDataStreams: C:\ProgramData\TEMP:737DFBE4 [257]
    AlternateDataStreams: C:\ProgramData\TEMP:75CF6AF0 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:771214B3 [252]
    AlternateDataStreams: C:\ProgramData\TEMP:771AD057 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:77D9596D [240]
    AlternateDataStreams: C:\ProgramData\TEMP:7929462F [247]
    AlternateDataStreams: C:\ProgramData\TEMP:79EAEF54 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A [424]
    AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690 [212]
    AlternateDataStreams: C:\ProgramData\TEMP:7BEB9DCB [251]
    AlternateDataStreams: C:\ProgramData\TEMP:7C1271A7 [254]
    AlternateDataStreams: C:\ProgramData\TEMP:7E1A84A5 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:7E1E8D30 [258]
    AlternateDataStreams: C:\ProgramData\TEMP:81484C0F [230]
    AlternateDataStreams: C:\ProgramData\TEMP:81770A6F [237]
    AlternateDataStreams: C:\ProgramData\TEMP:817F0659 [216]
    AlternateDataStreams: C:\ProgramData\TEMP:819394CC [486]
    AlternateDataStreams: C:\ProgramData\TEMP:840897E8 [237]
    AlternateDataStreams: C:\ProgramData\TEMP:85A57947 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:864BE9C4 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:86DFF58E [227]
    AlternateDataStreams: C:\ProgramData\TEMP:871645FB [233]
    AlternateDataStreams: C:\ProgramData\TEMP:87731E5E [255]
    AlternateDataStreams: C:\ProgramData\TEMP:87A7F6F8 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:88FA7026 [514]
    AlternateDataStreams: C:\ProgramData\TEMP:899695B4 [234]
    AlternateDataStreams: C:\ProgramData\TEMP:89C28CF6 [456]
    AlternateDataStreams: C:\ProgramData\TEMP:8A0EFC75 [233]
    AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233]
    AlternateDataStreams: C:\ProgramData\TEMP:8CBBA350 [253]
    AlternateDataStreams: C:\ProgramData\TEMP:8D09CFAC [246]
    AlternateDataStreams: C:\ProgramData\TEMP:8F02CB02 [255]
    AlternateDataStreams: C:\ProgramData\TEMP:8FEC8CDB [257]
    AlternateDataStreams: C:\ProgramData\TEMP:8FF5B5D8 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:9061C320 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:90BDAE7B [230]
    AlternateDataStreams: C:\ProgramData\TEMP:91742C9B [227]
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [231]
    AlternateDataStreams: C:\ProgramData\TEMP:92C8CBEF [498]
    AlternateDataStreams: C:\ProgramData\TEMP:92E86C79 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:933D54A9 [253]
    AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2 [222]
    AlternateDataStreams: C:\ProgramData\TEMP:9514A0EB [248]
    AlternateDataStreams: C:\ProgramData\TEMP:952245B1 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:9735F991 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:97393C95 [251]
    AlternateDataStreams: C:\ProgramData\TEMP:98010073 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:980E6BC1 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:982B9800 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:993185CB [508]
    AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [207]
    AlternateDataStreams: C:\ProgramData\TEMP:9A30A297 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:9A40C0E0 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:9A4D81ED [244]
    AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 [440]
    AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675 [434]
    AlternateDataStreams: C:\ProgramData\TEMP:9D3AC6AB [514]
    AlternateDataStreams: C:\ProgramData\TEMP:9D72ED0E [241]
    AlternateDataStreams: C:\ProgramData\TEMP:9E519D0B [462]
    AlternateDataStreams: C:\ProgramData\TEMP:9F38BF31 [236]
    AlternateDataStreams: C:\ProgramData\TEMP:9F638E2A [249]
    AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [452]
    AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C [448]
    AlternateDataStreams: C:\ProgramData\TEMP:A0EAE9E6 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:A14106CF [257]
    AlternateDataStreams: C:\ProgramData\TEMP:A1482919 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:A1F2E121 [251]
    AlternateDataStreams: C:\ProgramData\TEMP:A234091C [239]
    AlternateDataStreams: C:\ProgramData\TEMP:A2FF94DF [245]
    AlternateDataStreams: C:\ProgramData\TEMP:A5746FD8 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:A5A2814C [225]
    AlternateDataStreams: C:\ProgramData\TEMP:A6100C4E [492]
    AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537 [217]
    AlternateDataStreams: C:\ProgramData\TEMP:A6F112E6 [253]
    AlternateDataStreams: C:\ProgramData\TEMP:A6F30843 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:A7DA2BCD [255]
    AlternateDataStreams: C:\ProgramData\TEMP:A90DCAC4 [249]
    AlternateDataStreams: C:\ProgramData\TEMP:A9204B0E [241]
    AlternateDataStreams: C:\ProgramData\TEMP:A9223B61 [214]
    AlternateDataStreams: C:\ProgramData\TEMP:AAA06E15 [486]
    AlternateDataStreams: C:\ProgramData\TEMP:ABC6E061 [228]
    AlternateDataStreams: C:\ProgramData\TEMP:ACA5D931 [232]
    AlternateDataStreams: C:\ProgramData\TEMP:AE324BE5 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:AEC85652 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:AF841BA9 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:B027329B [468]
    AlternateDataStreams: C:\ProgramData\TEMP:B0729CDB [510]
    AlternateDataStreams: C:\ProgramData\TEMP:B34A97BF [228]
    AlternateDataStreams: C:\ProgramData\TEMP:B36875E3 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:B6B0F849 [456]
    AlternateDataStreams: C:\ProgramData\TEMP:B79964F6 [482]
    AlternateDataStreams: C:\ProgramData\TEMP:B80023A5 [251]
    AlternateDataStreams: C:\ProgramData\TEMP:B8533D72 [500]
    AlternateDataStreams: C:\ProgramData\TEMP:B88DC997 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:BAC7E088 [508]
    AlternateDataStreams: C:\ProgramData\TEMP:BB0F4AA4 [254]
    AlternateDataStreams: C:\ProgramData\TEMP:BBBB6C30 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:BBCB4421 [456]
    AlternateDataStreams: C:\ProgramData\TEMP:BC5FD951 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:BD7D604C [494]
    AlternateDataStreams: C:\ProgramData\TEMP:BDD83DC4 [235]
    AlternateDataStreams: C:\ProgramData\TEMP:BE6B5FC3 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:BE6D17E7 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:BEF18713 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:BF1E0621 [490]
    AlternateDataStreams: C:\ProgramData\TEMP:BF4CD0B2 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:BFDC745F [238]
    AlternateDataStreams: C:\ProgramData\TEMP:C0893153 [440]
    AlternateDataStreams: C:\ProgramData\TEMP:C0C1FD6D [510]
    AlternateDataStreams: C:\ProgramData\TEMP:C1086564 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:C1128FF7 [254]
    AlternateDataStreams: C:\ProgramData\TEMP:C29D29C3 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:C2FAFEEA [237]
    AlternateDataStreams: C:\ProgramData\TEMP:C3361E6F [235]
    AlternateDataStreams: C:\ProgramData\TEMP:C365C05C [243]
    AlternateDataStreams: C:\ProgramData\TEMP:C370B84F [217]
    AlternateDataStreams: C:\ProgramData\TEMP:C3C72D5F [221]
    AlternateDataStreams: C:\ProgramData\TEMP:C3D43ADB [252]
    AlternateDataStreams: C:\ProgramData\TEMP:C4C09E44 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:C571CBCB [508]
    AlternateDataStreams: C:\ProgramData\TEMP:C617C0F6 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:C64957DF [236]
    AlternateDataStreams: C:\ProgramData\TEMP:C6CF6C1F [474]
    AlternateDataStreams: C:\ProgramData\TEMP:C72085DF [244]
    AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82 [235]
    AlternateDataStreams: C:\ProgramData\TEMP:C76D8487 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:C77802D8 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [496]
    AlternateDataStreams: C:\ProgramData\TEMP:C82210DD [245]
    AlternateDataStreams: C:\ProgramData\TEMP:C9342CDE [231]
    AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:CA7E8F16 [258]
    AlternateDataStreams: C:\ProgramData\TEMP:CAB81ABD [478]
    AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 [212]
    AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 [215]
    AlternateDataStreams: C:\ProgramData\TEMP:CD09F4F2 [472]
    AlternateDataStreams: C:\ProgramData\TEMP:CD5D93E7 [486]
    AlternateDataStreams: C:\ProgramData\TEMP:CD8EE0BE [229]
    AlternateDataStreams: C:\ProgramData\TEMP:CDC8FF42 [502]
    AlternateDataStreams: C:\ProgramData\TEMP:CECE2E3F [258]
    AlternateDataStreams: C:\ProgramData\TEMP:D03C606E [508]
    AlternateDataStreams: C:\ProgramData\TEMP:D0668210 [199]
    AlternateDataStreams: C:\ProgramData\TEMP:D211E75D [255]
    AlternateDataStreams: C:\ProgramData\TEMP:D3E445EE [231]
    AlternateDataStreams: C:\ProgramData\TEMP:D4DD372D [240]
    AlternateDataStreams: C:\ProgramData\TEMP:D5C946C5 [514]
    AlternateDataStreams: C:\ProgramData\TEMP:D5F1E592 [233]
    AlternateDataStreams: C:\ProgramData\TEMP:D5F4DEBF [516]
    AlternateDataStreams: C:\ProgramData\TEMP:D7760BF9 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:D885A57E [213]
    AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56 [490]
    AlternateDataStreams: C:\ProgramData\TEMP:D8F7294F [241]
    AlternateDataStreams: C:\ProgramData\TEMP:D90DE656 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:D91E182A [249]
    AlternateDataStreams: C:\ProgramData\TEMP:D9F34335 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:DADACE5D [232]
    AlternateDataStreams: C:\ProgramData\TEMP:DBD8099F [494]
    AlternateDataStreams: C:\ProgramData\TEMP:DC8E5CD4 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:DC938322 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:DEE38664 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:DF8CD98A [496]
    AlternateDataStreams: C:\ProgramData\TEMP:E1ABC2C7 [235]
    AlternateDataStreams: C:\ProgramData\TEMP:E2E09709 [253]
    AlternateDataStreams: C:\ProgramData\TEMP:E31EDFDE [254]
    AlternateDataStreams: C:\ProgramData\TEMP:E3323FD2 [234]
    AlternateDataStreams: C:\ProgramData\TEMP:E3DA2548 [236]
    AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B [245]
    AlternateDataStreams: C:\ProgramData\TEMP:E4E83517 [241]
    AlternateDataStreams: C:\ProgramData\TEMP:E4EE99EF [218]
    AlternateDataStreams: C:\ProgramData\TEMP:E534B4D1 [231]
    AlternateDataStreams: C:\ProgramData\TEMP:E6708F08 [226]
    AlternateDataStreams: C:\ProgramData\TEMP:E70CCC37 [250]
    AlternateDataStreams: C:\ProgramData\TEMP:E8B61305 [244]
    AlternateDataStreams: C:\ProgramData\TEMP:E8B7F91B [500]
    AlternateDataStreams: C:\ProgramData\TEMP:E9C2F553 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:E9E62869 [243]
    AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7 [229]
    AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047 [464]
    AlternateDataStreams: C:\ProgramData\TEMP:EAF0C571 [234]
    AlternateDataStreams: C:\ProgramData\TEMP:EAF3ADF5 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [250]
    AlternateDataStreams: C:\ProgramData\TEMP:EB4FEEF5 [460]
    AlternateDataStreams: C:\ProgramData\TEMP:EC0279DC [226]
    AlternateDataStreams: C:\ProgramData\TEMP:EC73630C [248]
    AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
    AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [478]
    AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [498]
    AlternateDataStreams: C:\ProgramData\TEMP:EEFA1B22 [232]
    AlternateDataStreams: C:\ProgramData\TEMP:EF04D3E9 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:F0892928 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:F0897332 [248]
    AlternateDataStreams: C:\ProgramData\TEMP:F0C312C3 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:F135A76C [225]
    AlternateDataStreams: C:\ProgramData\TEMP:F1381B87 [238]
    AlternateDataStreams: C:\ProgramData\TEMP:F13867C6 [480]
    AlternateDataStreams: C:\ProgramData\TEMP:F3727A78 [247]
    AlternateDataStreams: C:\ProgramData\TEMP:F4039384 [468]
    AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14 [242]
    AlternateDataStreams: C:\ProgramData\TEMP:F5A34E79 [240]
    AlternateDataStreams: C:\ProgramData\TEMP:F5E8CAE0 [228]
    AlternateDataStreams: C:\ProgramData\TEMP:F66F0A25 [245]
    AlternateDataStreams: C:\ProgramData\TEMP:F816645E [514]
    AlternateDataStreams: C:\ProgramData\TEMP:F934AFF3 [246]
    AlternateDataStreams: C:\ProgramData\TEMP:F95F0469 [496]
    AlternateDataStreams: C:\ProgramData\TEMP:F9689B72 [474]
    AlternateDataStreams: C:\ProgramData\TEMP:FAB64002 [223]
    AlternateDataStreams: C:\ProgramData\TEMP:FAC891EF [240]
    AlternateDataStreams: C:\ProgramData\TEMP:FC70A22A [464]
    AlternateDataStreams: C:\ProgramData\TEMP:FCDE7466 [227]
    AlternateDataStreams: C:\ProgramData\TEMP:FD6D11C9 [235]
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    *****************

    SystemRestore: On => completed
    Restore point was successfully created.
    Processes closed successfully.

    ========================= File: C:\Program Files (x86)\Haunted Hotel II - Believe the Lies\bvhhvlj.exe ========================

    C:\Program Files (x86)\Haunted Hotel II - Believe the Lies\bvhhvlj.exe
    File is digitally signed
    MD5: F46D8482C6CC1BE6E85EF8CBA4FEACE9
    Creation and modification date: 2009-01-23 17:10 - 2009-01-23 17:10
    Size: 001000784
    Attributes: ----A
    Company Name: Big Fish Games ->
    Internal Name: drmactivator
    Original Name: drmactivator.exe
    Product: drmactivator Application
    Description: drmactivator Application
    File Version: 1.0.1.173
    Product Version: 1.0.1.173
    Copyright: Copyright (C) 2006
    Virusscan: https://virusscan.jotti.org/filescanjob/xrjekz7y2q

    ====== End of File: ======


    ========================= File: C:\Program Files (x86)\Hidden Expedition - Amazon\znqlnvb.exe ========================

    C:\Program Files (x86)\Hidden Expedition - Amazon\znqlnvb.exe
    File is digitally signed
    MD5: EE7336BEE514350D9B83BC6DC7E7A605
    Creation and modification date: 2013-02-12 14:52 - 2013-02-12 14:52
    Size: 000821048
    Attributes: ----A
    Company Name: Big Fish Games ->
    Internal Name: drmactivator
    Original Name: drmactivator.exe
    Product: drmactivator Application
    Description: drmactivator Application
    File Version: 1.3.0.4
    Product Version: 1.3.0.4
    Copyright: Copyright (C) 2006
    Virusscan: https://virusscan.jotti.org/filescanjob/yrmycyrses

    ====== End of File: ======
     
  7. Chaos Annihilator

    Chaos Annihilator Private E-2

    Here's more of the fix log:
    ========================= File: C:\Program Files (x86)\Hidden Expedition - Everest\lclmmlf.exe ========================

    C:\Program Files (x86)\Hidden Expedition - Everest\lclmmlf.exe
    File is digitally signed
    MD5: 539C405B24708472FF3D438CA9088F64
    Creation and modification date: 2013-02-12 17:53 - 2013-02-12 17:53
    Size: 000821048
    Attributes: ----A
    Company Name: Big Fish Games ->
    Internal Name: drmactivator
    Original Name: drmactivator.exe
    Product: drmactivator Application
    Description: drmactivator Application
    File Version: 1.3.0.4
    Product Version: 1.3.0.4
    Copyright: Copyright (C) 2006
    Virusscan: https://virusscan.jotti.org/filescanjob/gihi6sts10

    ====== End of File: ======

    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B7F6C4D-45C0-4247-B266-6EE2F9125C19}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7F6C4D-45C0-4247-B266-6EE2F9125C19}" => removed successfully
    C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\NotificationCenter" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB097344-4802-4DB0-9D64-9F1D5F7204D5}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB097344-4802-4DB0-9D64-9F1D5F7204D5}" => removed successfully
    C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-500 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-127966655-3041496052-59511839-500" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60E5303C-4518-41B7-8448-C4589680AA61}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E5303C-4518-41B7-8448-C4589680AA61}" => removed successfully
    C:\WINDOWS\System32\Tasks\Uninstall AdwCleaner Application => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstall AdwCleaner Application" => removed successfully
    C:\ProgramData\TEMP => ":011957C3" ADS removed successfully
    C:\ProgramData\TEMP => ":0125B9F7" ADS removed successfully
    C:\ProgramData\TEMP => ":01C8B063" ADS removed successfully
    C:\ProgramData\TEMP => ":021703B2" ADS removed successfully
    C:\ProgramData\TEMP => ":04464E6C" ADS removed successfully
    C:\ProgramData\TEMP => ":04E0C19C" ADS removed successfully
    C:\ProgramData\TEMP => ":0588E665" ADS removed successfully
    C:\ProgramData\TEMP => ":05E5CBE8" ADS removed successfully
    C:\ProgramData\TEMP => ":06CB6BB8" ADS removed successfully
    C:\ProgramData\TEMP => ":07C99568" ADS removed successfully
    C:\ProgramData\TEMP => ":081C427E" ADS removed successfully
    C:\ProgramData\TEMP => ":0A46C861" ADS removed successfully
    C:\ProgramData\TEMP => ":0B278A1A" ADS removed successfully
    C:\ProgramData\TEMP => ":0BACBDD9" ADS removed successfully
    C:\ProgramData\TEMP => ":0C363260" ADS removed successfully
    C:\ProgramData\TEMP => ":0C4F2026" ADS removed successfully
    C:\ProgramData\TEMP => ":0C65EA0E" ADS removed successfully
    C:\ProgramData\TEMP => ":0C6827DB" ADS removed successfully
    C:\ProgramData\TEMP => ":0CCCEDA1" ADS removed successfully
    C:\ProgramData\TEMP => ":0D797314" ADS removed successfully
    C:\ProgramData\TEMP => ":0E0B89A2" ADS removed successfully
    C:\ProgramData\TEMP => ":0E372F11" ADS removed successfully
    C:\ProgramData\TEMP => ":0E8117B1" ADS removed successfully
    C:\ProgramData\TEMP => ":118EE36D" ADS removed successfully
    C:\ProgramData\TEMP => ":120B3AFD" ADS removed successfully
    C:\ProgramData\TEMP => ":12383CAE" ADS removed successfully
    C:\ProgramData\TEMP => ":12BB1476" ADS removed successfully
    C:\ProgramData\TEMP => ":12D136AA" ADS removed successfully
    C:\ProgramData\TEMP => ":132B1756" ADS removed successfully
    C:\ProgramData\TEMP => ":134FBDE2" ADS removed successfully
    C:\ProgramData\TEMP => ":13EF4AF6" ADS removed successfully
    C:\ProgramData\TEMP => ":14B3C0A8" ADS removed successfully
    C:\ProgramData\TEMP => ":15734396" ADS removed successfully
    C:\ProgramData\TEMP => ":16ADBA30" ADS removed successfully
    C:\ProgramData\TEMP => ":1709732A" ADS removed successfully
    C:\ProgramData\TEMP => ":172F7821" ADS removed successfully
    C:\ProgramData\TEMP => ":178BD71C" ADS removed successfully
    C:\ProgramData\TEMP => ":18A6D2CC" ADS removed successfully
    C:\ProgramData\TEMP => ":18E35126" ADS removed successfully
    C:\ProgramData\TEMP => ":1999DD0A" ADS removed successfully
    C:\ProgramData\TEMP => ":1A14B3AF" ADS removed successfully
    C:\ProgramData\TEMP => ":1A726DE7" ADS removed successfully
    C:\ProgramData\TEMP => ":1A81EA30" ADS removed successfully
    C:\ProgramData\TEMP => ":1A8854EC" ADS removed successfully
    C:\ProgramData\TEMP => ":1AC933DC" ADS removed successfully
    C:\ProgramData\TEMP => ":1B7E2B93" ADS removed successfully
    C:\ProgramData\TEMP => ":1CF7A376" ADS removed successfully
    C:\ProgramData\TEMP => ":1D209D22" ADS removed successfully
    C:\ProgramData\TEMP => ":1E156672" ADS removed successfully
    C:\ProgramData\TEMP => ":1EEB23AD" ADS removed successfully
    C:\ProgramData\TEMP => ":2043337E" ADS removed successfully
    C:\ProgramData\TEMP => ":206470A5" ADS removed successfully
    C:\ProgramData\TEMP => ":20C75F17" ADS removed successfully
    C:\ProgramData\TEMP => ":220C42CA" ADS removed successfully
    C:\ProgramData\TEMP => ":2235B18C" ADS removed successfully
    C:\ProgramData\TEMP => ":24C072FF" ADS removed successfully
    C:\ProgramData\TEMP => ":255D6F59" ADS removed successfully
    C:\ProgramData\TEMP => ":260A9C65" ADS removed successfully
    C:\ProgramData\TEMP => ":260B69CA" ADS removed successfully
    C:\ProgramData\TEMP => ":2680DDD5" ADS removed successfully
    C:\ProgramData\TEMP => ":268A5068" ADS removed successfully
    C:\ProgramData\TEMP => ":27212462" ADS removed successfully
    C:\ProgramData\TEMP => ":27294EB3" ADS removed successfully
    C:\ProgramData\TEMP => ":2908CFBB" ADS removed successfully
    C:\ProgramData\TEMP => ":29EA7E22" ADS removed successfully
    C:\ProgramData\TEMP => ":2AB49D2B" ADS removed successfully
    C:\ProgramData\TEMP => ":2AC146B9" ADS removed successfully
    C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully
    C:\ProgramData\TEMP => ":2B40A7DB" ADS removed successfully
    C:\ProgramData\TEMP => ":2B9FA1B8" ADS removed successfully
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
    C:\ProgramData\TEMP => ":2CC32B31" ADS removed successfully
    C:\ProgramData\TEMP => ":2D2461E7" ADS removed successfully
    C:\ProgramData\TEMP => ":2DAD5FA9" ADS removed successfully
    C:\ProgramData\TEMP => ":2E49FF93" ADS removed successfully
    C:\ProgramData\TEMP => ":2E5508DE" ADS removed successfully
    C:\ProgramData\TEMP => ":2E7542CD" ADS removed successfully
    C:\ProgramData\TEMP => ":2E9900EE" ADS removed successfully
    C:\ProgramData\TEMP => ":2F64722A" ADS removed successfully
    C:\ProgramData\TEMP => ":2FABD33A" ADS removed successfully
    C:\ProgramData\TEMP => ":3039881D" ADS removed successfully
    C:\ProgramData\TEMP => ":303EF20A" ADS removed successfully
    C:\ProgramData\TEMP => ":3086B95F" ADS removed successfully
    C:\ProgramData\TEMP => ":308F8D8D" ADS removed successfully
    C:\ProgramData\TEMP => ":30A9192A" ADS removed successfully
    C:\ProgramData\TEMP => ":31196235" ADS removed successfully
    C:\ProgramData\TEMP => ":311A2F6A" ADS removed successfully
    C:\ProgramData\TEMP => ":315F23AB" ADS removed successfully
    C:\ProgramData\TEMP => ":3241739E" ADS removed successfully
    C:\ProgramData\TEMP => ":32AE8659" ADS removed successfully
    C:\ProgramData\TEMP => ":32D2A239" ADS removed successfully
    C:\ProgramData\TEMP => ":3407CC28" ADS removed successfully
    C:\ProgramData\TEMP => ":3480F458" ADS removed successfully
    C:\ProgramData\TEMP => ":34EFF1F2" ADS removed successfully
    C:\ProgramData\TEMP => ":35E8E596" ADS removed successfully
    C:\ProgramData\TEMP => ":37200499" ADS removed successfully
    C:\ProgramData\TEMP => ":380DB4EE" ADS removed successfully
    C:\ProgramData\TEMP => ":3874A132" ADS removed successfully
    C:\ProgramData\TEMP => ":39BD98E5" ADS removed successfully
    C:\ProgramData\TEMP => ":39DC8D60" ADS removed successfully
    C:\ProgramData\TEMP => ":3BDF57F4" ADS removed successfully
    C:\ProgramData\TEMP => ":3CC2D8AB" ADS removed successfully
    C:\ProgramData\TEMP => ":3DC5B791" ADS removed successfully
    C:\ProgramData\TEMP => ":3EB4803E" ADS removed successfully
    C:\ProgramData\TEMP => ":3F308029" ADS removed successfully
    C:\ProgramData\TEMP => ":404908B5" ADS removed successfully
    C:\ProgramData\TEMP => ":406E0034" ADS removed successfully
    C:\ProgramData\TEMP => ":408A104E" ADS removed successfully
    C:\ProgramData\TEMP => ":410A2E9A" ADS removed successfully
    C:\ProgramData\TEMP => ":41CB6858" ADS removed successfully
    C:\ProgramData\TEMP => ":422B0BA2" ADS removed successfully
    C:\ProgramData\TEMP => ":426D1496" ADS removed successfully
    C:\ProgramData\TEMP => ":436BE28C" ADS removed successfully
    C:\ProgramData\TEMP => ":44595B29" ADS removed successfully
    C:\ProgramData\TEMP => ":44ABD37A" ADS removed successfully
    C:\ProgramData\TEMP => ":4590E35E" ADS removed successfully
    C:\ProgramData\TEMP => ":45936E12" ADS removed successfully
    C:\ProgramData\TEMP => ":46DC30C2" ADS removed successfully
    C:\ProgramData\TEMP => ":470574B5" ADS removed successfully
    C:\ProgramData\TEMP => ":47A84EC6" ADS removed successfully
    C:\ProgramData\TEMP => ":47C988BC" ADS removed successfully
    C:\ProgramData\TEMP => ":486234DB" ADS removed successfully
    C:\ProgramData\TEMP => ":491270B8" ADS removed successfully
    C:\ProgramData\TEMP => ":494E4266" ADS removed successfully
    C:\ProgramData\TEMP => ":4AA890CF" ADS removed successfully
    C:\ProgramData\TEMP => ":4ADC4C11" ADS removed successfully
    C:\ProgramData\TEMP => ":4C31986D" ADS removed successfully
    C:\ProgramData\TEMP => ":4C9782FB" ADS removed successfully
    C:\ProgramData\TEMP => ":4CA05B44" ADS removed successfully
    C:\ProgramData\TEMP => ":4CD1A9DB" ADS removed successfully
    C:\ProgramData\TEMP => ":4CDB815A" ADS removed successfully
    C:\ProgramData\TEMP => ":4D62BACD" ADS removed successfully
    C:\ProgramData\TEMP => ":4DDE401B" ADS removed successfully
    C:\ProgramData\TEMP => ":4E318FBB" ADS removed successfully
    C:\ProgramData\TEMP => ":4EE323A4" ADS removed successfully
    C:\ProgramData\TEMP => ":4F5DE111" ADS removed successfully
    C:\ProgramData\TEMP => ":4F875F4E" ADS removed successfully
    C:\ProgramData\TEMP => ":507C1BA0" ADS removed successfully
    C:\ProgramData\TEMP => ":5133A494" ADS removed successfully
    C:\ProgramData\TEMP => ":5164A01F" ADS removed successfully
    C:\ProgramData\TEMP => ":517B507A" ADS removed successfully
    C:\ProgramData\TEMP => ":51E66512" ADS removed successfully
    C:\ProgramData\TEMP => ":52886450" ADS removed successfully
    C:\ProgramData\TEMP => ":52B3F2F6" ADS removed successfully
    C:\ProgramData\TEMP => ":5545792B" ADS removed successfully
    C:\ProgramData\TEMP => ":5577A011" ADS removed successfully
    C:\ProgramData\TEMP => ":557AC6B3" ADS removed successfully
    C:\ProgramData\TEMP => ":5587932F" ADS removed successfully
    C:\ProgramData\TEMP => ":5628D5EE" ADS removed successfully
    C:\ProgramData\TEMP => ":56699AAF" ADS removed successfully
    C:\ProgramData\TEMP => ":566B9179" ADS removed successfully
    C:\ProgramData\TEMP => ":567B2CF5" ADS removed successfully
    C:\ProgramData\TEMP => ":575EA127" ADS removed successfully
    C:\ProgramData\TEMP => ":5805C8C5" ADS removed successfully
    C:\ProgramData\TEMP => ":591267A3" ADS removed successfully
    C:\ProgramData\TEMP => ":595D8C55" ADS removed successfully
    C:\ProgramData\TEMP => ":5AF26A5B" ADS removed successfully
    C:\ProgramData\TEMP => ":5B3CBF6B" ADS removed successfully
    C:\ProgramData\TEMP => ":5B483FBC" ADS removed successfully
    C:\ProgramData\TEMP => ":5BF440AD" ADS removed successfully
    C:\ProgramData\TEMP => ":5BF8F61F" ADS removed successfully
    C:\ProgramData\TEMP => ":5C1C0ADE" ADS removed successfully
    C:\ProgramData\TEMP => ":5C855281" ADS removed successfully
    C:\ProgramData\TEMP => ":5F2F600A" ADS removed successfully
    C:\ProgramData\TEMP => ":60E755E6" ADS removed successfully
    C:\ProgramData\TEMP => ":61337F9C" ADS removed successfully
    C:\ProgramData\TEMP => ":6157314B" ADS removed successfully
    C:\ProgramData\TEMP => ":640EA6E8" ADS removed successfully
    C:\ProgramData\TEMP => ":645925A2" ADS removed successfully
    C:\ProgramData\TEMP => ":6473219F" ADS removed successfully
    C:\ProgramData\TEMP => ":65137F0D" ADS removed successfully
    C:\ProgramData\TEMP => ":6654511C" ADS removed successfully
    C:\ProgramData\TEMP => ":66B9B85E" ADS removed successfully
    C:\ProgramData\TEMP => ":6765A8A9" ADS removed successfully
    C:\ProgramData\TEMP => ":68BC23E8" ADS removed successfully
    C:\ProgramData\TEMP => ":691F4D97" ADS removed successfully
    C:\ProgramData\TEMP => ":6A058877" ADS removed successfully
    C:\ProgramData\TEMP => ":6B709AD7" ADS removed successfully
    C:\ProgramData\TEMP => ":6BCFE4FF" ADS removed successfully
    C:\ProgramData\TEMP => ":6E9DC1F4" ADS removed successfully
    C:\ProgramData\TEMP => ":6ED8B881" ADS removed successfully
    C:\ProgramData\TEMP => ":6FD26134" ADS removed successfully
    C:\ProgramData\TEMP => ":6FF14C72" ADS removed successfully
    C:\ProgramData\TEMP => ":700B9342" ADS removed successfully
    C:\ProgramData\TEMP => ":70A233C0" ADS removed successfully
    C:\ProgramData\TEMP => ":71004506" ADS removed successfully
    C:\ProgramData\TEMP => ":7169AE37" ADS removed successfully
    C:\ProgramData\TEMP => ":717F51DE" ADS removed successfully
    C:\ProgramData\TEMP => ":71F9F0FF" ADS removed successfully
    C:\ProgramData\TEMP => ":737DFBE4" ADS removed successfully
    C:\ProgramData\TEMP => ":75CF6AF0" ADS removed successfully
    C:\ProgramData\TEMP => ":771214B3" ADS removed successfully
    C:\ProgramData\TEMP => ":771AD057" ADS removed successfully
    C:\ProgramData\TEMP => ":77D9596D" ADS removed successfully
    C:\ProgramData\TEMP => ":7929462F" ADS removed successfully
    C:\ProgramData\TEMP => ":79EAEF54" ADS removed successfully
    C:\ProgramData\TEMP => ":7ADB695A" ADS removed successfully
    C:\ProgramData\TEMP => ":7B2BB690" ADS removed successfully
    C:\ProgramData\TEMP => ":7BEB9DCB" ADS removed successfully
    C:\ProgramData\TEMP => ":7C1271A7" ADS removed successfully
    C:\ProgramData\TEMP => ":7E1A84A5" ADS removed successfully
    C:\ProgramData\TEMP => ":7E1E8D30" ADS removed successfully
    C:\ProgramData\TEMP => ":81484C0F" ADS removed successfully
    C:\ProgramData\TEMP => ":81770A6F" ADS removed successfully
    C:\ProgramData\TEMP => ":817F0659" ADS removed successfully
    C:\ProgramData\TEMP => ":819394CC" ADS removed successfully
    C:\ProgramData\TEMP => ":840897E8" ADS removed successfully
    C:\ProgramData\TEMP => ":85A57947" ADS removed successfully
    C:\ProgramData\TEMP => ":864BE9C4" ADS removed successfully
    C:\ProgramData\TEMP => ":86DFF58E" ADS removed successfully
    C:\ProgramData\TEMP => ":871645FB" ADS removed successfully
    C:\ProgramData\TEMP => ":87731E5E" ADS removed successfully
    C:\ProgramData\TEMP => ":87A7F6F8" ADS removed successfully
    C:\ProgramData\TEMP => ":887F3A41" ADS removed successfully
    C:\ProgramData\TEMP => ":88FA7026" ADS removed successfully
    C:\ProgramData\TEMP => ":899695B4" ADS removed successfully
    C:\ProgramData\TEMP => ":89C28CF6" ADS removed successfully
    C:\ProgramData\TEMP => ":8A0EFC75" ADS removed successfully
    C:\ProgramData\TEMP => ":8AE92FD3" ADS removed successfully
    C:\ProgramData\TEMP => ":8C232F4D" ADS removed successfully
    C:\ProgramData\TEMP => ":8CBBA350" ADS removed successfully
    C:\ProgramData\TEMP => ":8D09CFAC" ADS removed successfully
    C:\ProgramData\TEMP => ":8F02CB02" ADS removed successfully
    C:\ProgramData\TEMP => ":8FEC8CDB" ADS removed successfully
    C:\ProgramData\TEMP => ":8FF5B5D8" ADS removed successfully
    C:\ProgramData\TEMP => ":9061C320" ADS removed successfully
    C:\ProgramData\TEMP => ":90BDAE7B" ADS removed successfully
    C:\ProgramData\TEMP => ":91742C9B" ADS removed successfully
    C:\ProgramData\TEMP => ":922DA2DB" ADS removed successfully
    C:\ProgramData\TEMP => ":92C8CBEF" ADS removed successfully
    C:\ProgramData\TEMP => ":92E86C79" ADS removed successfully
    C:\ProgramData\TEMP => ":933D54A9" ADS removed successfully
    C:\ProgramData\TEMP => ":94B46CA2" ADS removed successfully
    C:\ProgramData\TEMP => ":9514A0EB" ADS removed successfully
    C:\ProgramData\TEMP => ":952245B1" ADS removed successfully
    C:\ProgramData\TEMP => ":9735F991" ADS removed successfully
    C:\ProgramData\TEMP => ":97393C95" ADS removed successfully
    C:\ProgramData\TEMP => ":98010073" ADS removed successfully
    C:\ProgramData\TEMP => ":980E6BC1" ADS removed successfully
    C:\ProgramData\TEMP => ":982B9800" ADS removed successfully
    C:\ProgramData\TEMP => ":993185CB" ADS removed successfully
    C:\ProgramData\TEMP => ":99A29126" ADS removed successfully
    C:\ProgramData\TEMP => ":9A30A297" ADS removed successfully
    C:\ProgramData\TEMP => ":9A40C0E0" ADS removed successfully
    C:\ProgramData\TEMP => ":9A4D81ED" ADS removed successfully
    C:\ProgramData\TEMP => ":9BAC4211" ADS removed successfully
    C:\ProgramData\TEMP => ":9BB8C675" ADS removed successfully
    C:\ProgramData\TEMP => ":9D3AC6AB" ADS removed successfully
    C:\ProgramData\TEMP => ":9D72ED0E" ADS removed successfully
    C:\ProgramData\TEMP => ":9E519D0B" ADS removed successfully
    C:\ProgramData\TEMP => ":9F38BF31" ADS removed successfully
    C:\ProgramData\TEMP => ":9F638E2A" ADS removed successfully
    C:\ProgramData\TEMP => ":A02025CE" ADS removed successfully
    C:\ProgramData\TEMP => ":A0921B2C" ADS removed successfully
    C:\ProgramData\TEMP => ":A0EAE9E6" ADS removed successfully
    C:\ProgramData\TEMP => ":A14106CF" ADS removed successfully
    C:\ProgramData\TEMP => ":A1482919" ADS removed successfully
    C:\ProgramData\TEMP => ":A1F2E121" ADS removed successfully
    C:\ProgramData\TEMP => ":A234091C" ADS removed successfully
    C:\ProgramData\TEMP => ":A2FF94DF" ADS removed successfully
    C:\ProgramData\TEMP => ":A5746FD8" ADS removed successfully
    C:\ProgramData\TEMP => ":A5A2814C" ADS removed successfully
    C:\ProgramData\TEMP => ":A6100C4E" ADS removed successfully
    C:\ProgramData\TEMP => ":A6D6E537" ADS removed successfully
    C:\ProgramData\TEMP => ":A6F112E6" ADS removed successfully
    C:\ProgramData\TEMP => ":A6F30843" ADS removed successfully
    C:\ProgramData\TEMP => ":A7DA2BCD" ADS removed successfully
    C:\ProgramData\TEMP => ":A90DCAC4" ADS removed successfully
    C:\ProgramData\TEMP => ":A9204B0E" ADS removed successfully
    C:\ProgramData\TEMP => ":A9223B61" ADS removed successfully
    C:\ProgramData\TEMP => ":AAA06E15" ADS removed successfully
    C:\ProgramData\TEMP => ":ABC6E061" ADS removed successfully
    C:\ProgramData\TEMP => ":ACA5D931" ADS removed successfully
    C:\ProgramData\TEMP => ":AE324BE5" ADS removed successfully
    C:\ProgramData\TEMP => ":AEC85652" ADS removed successfully
    C:\ProgramData\TEMP => ":AF841BA9" ADS removed successfully
    C:\ProgramData\TEMP => ":B027329B" ADS removed successfully
    C:\ProgramData\TEMP => ":B0729CDB" ADS removed successfully
    C:\ProgramData\TEMP => ":B34A97BF" ADS removed successfully
    C:\ProgramData\TEMP => ":B36875E3" ADS removed successfully
    C:\ProgramData\TEMP => ":B6B0F849" ADS removed successfully
    C:\ProgramData\TEMP => ":B79964F6" ADS removed successfully
    C:\ProgramData\TEMP => ":B80023A5" ADS removed successfully
    C:\ProgramData\TEMP => ":B8533D72" ADS removed successfully
    C:\ProgramData\TEMP => ":B88DC997" ADS removed successfully
    C:\ProgramData\TEMP => ":B96C57D4" ADS removed successfully
    C:\ProgramData\TEMP => ":BAC7E088" ADS removed successfully
    C:\ProgramData\TEMP => ":BB0F4AA4" ADS removed successfully
    C:\ProgramData\TEMP => ":BBBB6C30" ADS removed successfully
    C:\ProgramData\TEMP => ":BBCB4421" ADS removed successfully
    C:\ProgramData\TEMP => ":BC5FD951" ADS removed successfully
    C:\ProgramData\TEMP => ":BD7D604C" ADS removed successfully
    C:\ProgramData\TEMP => ":BDD83DC4" ADS removed successfully
    C:\ProgramData\TEMP => ":BE6B5FC3" ADS removed successfully
    C:\ProgramData\TEMP => ":BE6D17E7" ADS removed successfully
    C:\ProgramData\TEMP => ":BEF18713" ADS removed successfully
    C:\ProgramData\TEMP => ":BF1E0621" ADS removed successfully
    C:\ProgramData\TEMP => ":BF4CD0B2" ADS removed successfully
    C:\ProgramData\TEMP => ":BFDC745F" ADS removed successfully
    C:\ProgramData\TEMP => ":C0893153" ADS removed successfully
    C:\ProgramData\TEMP => ":C0C1FD6D" ADS removed successfully
    C:\ProgramData\TEMP => ":C1086564" ADS removed successfully
    C:\ProgramData\TEMP => ":C1128FF7" ADS removed successfully
    C:\ProgramData\TEMP => ":C29D29C3" ADS removed successfully
    C:\ProgramData\TEMP => ":C2FAFEEA" ADS removed successfully
    C:\ProgramData\TEMP => ":C3361E6F" ADS removed successfully
    C:\ProgramData\TEMP => ":C365C05C" ADS removed successfully
    C:\ProgramData\TEMP => ":C370B84F" ADS removed successfully
    C:\ProgramData\TEMP => ":C3C72D5F" ADS removed successfully
    C:\ProgramData\TEMP => ":C3D43ADB" ADS removed successfully
    C:\ProgramData\TEMP => ":C4C09E44" ADS removed successfully
    C:\ProgramData\TEMP => ":C571CBCB" ADS removed successfully
    C:\ProgramData\TEMP => ":C617C0F6" ADS removed successfully
    C:\ProgramData\TEMP => ":C64957DF" ADS removed successfully
    C:\ProgramData\TEMP => ":C6CF6C1F" ADS removed successfully
    C:\ProgramData\TEMP => ":C72085DF" ADS removed successfully
    C:\ProgramData\TEMP => ":C76CFF82" ADS removed successfully
    C:\ProgramData\TEMP => ":C76D8487" ADS removed successfully
    C:\ProgramData\TEMP => ":C77802D8" ADS removed successfully
    C:\ProgramData\TEMP => ":C7D35E8C" ADS removed successfully
    C:\ProgramData\TEMP => ":C82210DD" ADS removed successfully
    C:\ProgramData\TEMP => ":C9342CDE" ADS removed successfully
    C:\ProgramData\TEMP => ":C946EBB2" ADS removed successfully
    C:\ProgramData\TEMP => ":CA7E8F16" ADS removed successfully
    C:\ProgramData\TEMP => ":CAB81ABD" ADS removed successfully
    C:\ProgramData\TEMP => ":CAC06C34" ADS removed successfully
    C:\ProgramData\TEMP => ":CBAF0C30" ADS removed successfully
    C:\ProgramData\TEMP => ":CD09F4F2" ADS removed successfully
    C:\ProgramData\TEMP => ":CD5D93E7" ADS removed successfully
    C:\ProgramData\TEMP => ":CD8EE0BE" ADS removed successfully
    C:\ProgramData\TEMP => ":CDC8FF42" ADS removed successfully
    C:\ProgramData\TEMP => ":CECE2E3F" ADS removed successfully
    C:\ProgramData\TEMP => ":D03C606E" ADS removed successfully
    C:\ProgramData\TEMP => ":D0668210" ADS removed successfully
    C:\ProgramData\TEMP => ":D211E75D" ADS removed successfully
    C:\ProgramData\TEMP => ":D3E445EE" ADS removed successfully
    C:\ProgramData\TEMP => ":D4DD372D" ADS removed successfully
    C:\ProgramData\TEMP => ":D5C946C5" ADS removed successfully
    C:\ProgramData\TEMP => ":D5F1E592" ADS removed successfully
    C:\ProgramData\TEMP => ":D5F4DEBF" ADS removed successfully
    C:\ProgramData\TEMP => ":D7760BF9" ADS removed successfully
    C:\ProgramData\TEMP => ":D885A57E" ADS removed successfully
    C:\ProgramData\TEMP => ":D8A1AC56" ADS removed successfully
    C:\ProgramData\TEMP => ":D8F7294F" ADS removed successfully
    C:\ProgramData\TEMP => ":D90DE656" ADS removed successfully
    C:\ProgramData\TEMP => ":D91E182A" ADS removed successfully
    C:\ProgramData\TEMP => ":D9F34335" ADS removed successfully
    C:\ProgramData\TEMP => ":DADACE5D" ADS removed successfully
    C:\ProgramData\TEMP => ":DBD8099F" ADS removed successfully
    C:\ProgramData\TEMP => ":DC8E5CD4" ADS removed successfully
    C:\ProgramData\TEMP => ":DC938322" ADS removed successfully
    C:\ProgramData\TEMP => ":DEE38664" ADS removed successfully
    C:\ProgramData\TEMP => ":DF8CD98A" ADS removed successfully
    C:\ProgramData\TEMP => ":E1ABC2C7" ADS removed successfully
    C:\ProgramData\TEMP => ":E2E09709" ADS removed successfully
    C:\ProgramData\TEMP => ":E31EDFDE" ADS removed successfully
    C:\ProgramData\TEMP => ":E3323FD2" ADS removed successfully
    C:\ProgramData\TEMP => ":E3DA2548" ADS removed successfully
    C:\ProgramData\TEMP => ":E402E439" ADS removed successfully
    C:\ProgramData\TEMP => ":E47BBD7B" ADS removed successfully
    C:\ProgramData\TEMP => ":E4E83517" ADS removed successfully
    C:\ProgramData\TEMP => ":E4EE99EF" ADS removed successfully
    C:\ProgramData\TEMP => ":E534B4D1" ADS removed successfully
    C:\ProgramData\TEMP => ":E6708F08" ADS removed successfully
    C:\ProgramData\TEMP => ":E70CCC37" ADS removed successfully
    C:\ProgramData\TEMP => ":E8B61305" ADS removed successfully
    C:\ProgramData\TEMP => ":E8B7F91B" ADS removed successfully
    C:\ProgramData\TEMP => ":E9C2F553" ADS removed successfully
    C:\ProgramData\TEMP => ":E9E62869" ADS removed successfully
    C:\ProgramData\TEMP => ":EA1919C7" ADS removed successfully
    C:\ProgramData\TEMP => ":EA2D3047" ADS removed successfully
    C:\ProgramData\TEMP => ":EAF0C571" ADS removed successfully
    C:\ProgramData\TEMP => ":EAF3ADF5" ADS removed successfully
    C:\ProgramData\TEMP => ":EB333CFC" ADS removed successfully
    C:\ProgramData\TEMP => ":EB4FEEF5" ADS removed successfully
    C:\ProgramData\TEMP => ":EC0279DC" ADS removed successfully
    C:\ProgramData\TEMP => ":EC73630C" ADS removed successfully
    C:\ProgramData\TEMP => ":ECFD9449" ADS removed successfully
    C:\ProgramData\TEMP => ":EE2DD6CC" ADS removed successfully
    C:\ProgramData\TEMP => ":EE445D7C" ADS removed successfully
    C:\ProgramData\TEMP => ":EEFA1B22" ADS removed successfully
    C:\ProgramData\TEMP => ":EF04D3E9" ADS removed successfully
    C:\ProgramData\TEMP => ":F0892928" ADS removed successfully
    C:\ProgramData\TEMP => ":F0897332" ADS removed successfully
    C:\ProgramData\TEMP => ":F0C312C3" ADS removed successfully
    C:\ProgramData\TEMP => ":F135A76C" ADS removed successfully
    C:\ProgramData\TEMP => ":F1381B87" ADS removed successfully
    C:\ProgramData\TEMP => ":F13867C6" ADS removed successfully
    C:\ProgramData\TEMP => ":F3727A78" ADS removed successfully
    C:\ProgramData\TEMP => ":F4039384" ADS removed successfully
    C:\ProgramData\TEMP => ":F41FEB14" ADS removed successfully
    C:\ProgramData\TEMP => ":F5A34E79" ADS removed successfully
    C:\ProgramData\TEMP => ":F5E8CAE0" ADS removed successfully
    C:\ProgramData\TEMP => ":F66F0A25" ADS removed successfully
    C:\ProgramData\TEMP => ":F816645E" ADS removed successfully
    C:\ProgramData\TEMP => ":F934AFF3" ADS removed successfully
    C:\ProgramData\TEMP => ":F95F0469" ADS removed successfully
    C:\ProgramData\TEMP => ":F9689B72" ADS removed successfully
    C:\ProgramData\TEMP => ":FAB64002" ADS removed successfully
    C:\ProgramData\TEMP => ":FAC891EF" ADS removed successfully
    C:\ProgramData\TEMP => ":FC70A22A" ADS removed successfully
    C:\ProgramData\TEMP => ":FCDE7466" ADS removed successfully
    C:\ProgramData\TEMP => ":FD6D11C9" ADS removed successfully

    ========= sfc /scannow =========



    Beginning system scan. This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection found corrupt files and successfully repaired them.

    For online repairs, details are included in the CBS log file located at

    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

    repairs, details are included in the log file provided by the /OFFLOGFILE flag.



    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.19041.3636

    Image Version: 10.0.19045.4894

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 14:28:52 ====
     
  8. Oh My!

    Oh My! Malware Expert Staff Member

    It doesn't look like the 3 files downloaded successfully and that is the reason for the randominzed names.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    SearchAll: Amazon
    
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Copy and paste the contents of the report in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • SearchAll report
     
  9. Chaos Annihilator

    Chaos Annihilator Private E-2

    Hi Gary, sorry for my late response. I had to get some vaccines, they always knock me on my butt for a few days. While I was out of commission, my sister uninstalled and downloaded a bunch of games, cleared the cache, and some other things. I don't know how that will affect anything you see, but it didn't affect the Amazon shortcut at all, it's still there.
    I did the search yesterday, the amazon shortcut png on my desktop is the screenshot I took for you. In the search, I saw some mention of Amazon Alexa. Alexa freaks me out, I've never used alexa. It didn't creep onto my computer somehow, did it?
    Here's the log:

    Farbar Recovery Scan Tool (x64) Version: 16-09-2024
    Ran by User (05-10-2024 13:50:38)
    Running from C:\Users\User\Desktop
    Boot Mode: Normal

    ================== Search Files: "SearchAll: Amazon" =============

    File:
    ========
    C:\Users\User\Desktop\amazon shortcut.png
    [2024-10-01 12:40][2024-10-01 12:40] 000005920 _____ () 20D8D9F01606BF7C93496769A69E9646 [File not signed]

    C:\Users\User\Desktop\Amazon.com
    [2022-07-07 16:46][2022-07-07 18:22] 000000000 _____ () [File not signed]

    C:\Users\User\Desktop\shortcuts\amazon shortcut.png
    [2024-09-19 08:52][2024-09-19 08:52] 000005629 _____ () F5EDE48240BDCB7966D703CBE1D5A236 [File not signed]

    C:\Users\User\Desktop\shortcuts\ID verification needed for refund__ _ r_amazonprime.url
    [2024-09-15 15:26][2024-09-15 15:26] 000000323 _____ () 618DA7A261FEF5DB54C4385CCAE7B2B1 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\amazon shortcut.png.lnk
    [2024-09-19 08:52][2024-10-01 12:44] 000000666 _____ () 200D7665641397EBD7762752035F1B8D [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (2).lnk
    [2022-07-31 16:49][2022-07-31 16:49] 000000420 _____ () 440578B52C2EAE5DDBBC996274565FD8 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (3).lnk
    [2022-09-30 18:14][2022-11-02 14:13] 000000420 _____ () 440578B52C2EAE5DDBBC996274565FD8 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (4).lnk
    [2023-06-12 00:04][2023-06-12 00:04] 000000420 _____ () 6BBE319581C58589B492EE4AE857F72A [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (5).lnk
    [2024-10-01 12:39][2024-10-01 12:45] 000000420 _____ () 6BBE319581C58589B492EE4AE857F72A [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com .lnk
    [2022-07-07 17:59][2022-07-07 18:20] 000000420 _____ () 31756D1C0F30C9265645096EA33B1463 [File not signed]

    C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Hidden Expedition - Amazon_launchgame_bfg
    [2024-10-02 10:14][2024-10-02 10:14] 000037014 _____ () B1387CA6B0D561E9D05E3EA45323A711 [File not signed]

    C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Hidden Expedition - Amazon_UnlockGame_bfg
    [2024-10-02 10:14][2024-10-02 10:14] 000037014 _____ () F64EEEC73BF0FCF69F141163BC187F2E [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_ads.js
    [2024-10-03 10:57][2024-09-26 09:16] 000002296 _____ () 0FBD08FE78EAD78EEC7BC326A6F4F2F8 [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_apstag.js
    [2024-10-03 10:57][2024-09-26 09:16] 000001974 _____ () 2C32316BBD4DCFE342F9263CFAD1532D [File not signed]

    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08.xml
    [2021-03-04 23:56][2021-03-04 23:56] 000000875 _____ () 71889D38335197F49C45CF6B71CF54EA [File not signed]

    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08.xml
    [2021-03-04 23:56][2021-03-04 23:56] 000000875 _____ () FDC75F01EF1CEEFCD0309808BF0E4212 [File not signed]

    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08.xml
    [2021-03-04 23:56][2021-03-04 23:56] 000000875 _____ () F9B41F9B2E6FE25F0B552F8037C185DD [File not signed]

    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08.xml
    [2021-03-04 23:56][2021-03-04 23:56] 000006459 _____ () 3AD0050F719FDB94C27923111F819045 [File not signed]

    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08.xml
    [2021-03-04 23:56][2021-03-04 23:56] 000022427 _____ () 4038DBE20950A57ED7711E70849A021B [File not signed]

    C:\ProgramData\Big Fish\Game Manager\resources\default\images\s\ads\badge_0002_amazon.png
    [2021-02-17 14:24][2021-02-17 14:24] 000006770 _____ () 2509073EE7AFC506E9B2C76F9C1BCCEF [File not signed]

    C:\Program Files (x86)\bfgclient\resources\default\images\s\ads\badge_0002_amazon.png
    [2021-02-17 14:24][2021-02-17 14:24] 000006770 _____ () 2509073EE7AFC506E9B2C76F9C1BCCEF [File not signed]

    C:\Program Files\WindowsApps\Microsoft.WindowsStore_22408.1401.8.0_x64__8wekyb3d8bbwe\Assets\Illustrations\AmazonAppstore.png
    [2022-10-17 19:21][2022-10-17 19:21] 000032564 _____ () 48BDF9FA60A1F5488DD238FF58A8C111 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\DesktopExtensions\Amazon.Auth.Map.dll
    [2021-03-04 23:56][2021-03-04 23:56] 000080896 _____ () 406DE6CFAF980FE98D18FF6695EB852F [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Icons\MiniMusicProviderLogoAmazonMusicB_2x.png
    [2021-03-04 23:56][2021-03-04 23:56] 000014909 _____ () EA40462CBFF2FD5B1D5B0E46BD800B74 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Icons\MusicProviderLogoAmazonMusicB_2x.png
    [2021-03-04 23:56][2021-03-04 23:56] 000007637 _____ () 4A017A2A272CE81A1BDD24FD29D18C76 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Icons\HighContrastIcons\MusicProviderLogoAmazonMusic.png
    [2021-03-04 23:56][2021-03-04 23:56] 000005795 _____ () D6D7E985A6F87D8AC9390F1DE40782D1 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\Amazon-Ember-Medium.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000162892 _____ () AE1211657D7C48BC3BCDFE36634E1532 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\Amazon-Ember-MediumItalic.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000170292 _____ () CA1A9F6F73BFC518BD2CC57CCA065F2C [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_Bd.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000103744 _____ () B9E92B64BF376BBECDEB92D638B78A41 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_BdIt.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000104232 _____ () 5E0339C2481B88269CA749E5A02CC9FC [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_He.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000100120 _____ () EE8A280174AF42C74597D734E481B049 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_HeIt.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000098872 _____ () FB383904687263D4CE4070194CCC882E [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_Lt.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000104104 _____ () 978FCE27D0F89BB8E8FF779BD55D4944 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_LtIt.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000104616 _____ () EAF513E6BCD64F1A046A861770923586 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_Rg.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000106076 _____ () 76666A38FF1CDA13E51186B795623090 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_RgIt.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000105072 _____ () 87FFDA060213093FCF2B44F90E16CCDA [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Assets\Fonts\AmazonEmber_Th.ttf
    [2021-03-04 23:56][2021-03-04 23:56] 000105260 _____ () 7B91480C89665B6377ACACDEC0252203 [File not signed]

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Amazon.Auth.Map.dll
    [2021-03-04 23:56][2021-03-04 23:56] 000080896 _____ () 406DE6CFAF980FE98D18FF6695EB852F [File not signed]


    Folder:
    ========
    2021-05-29 03:34 - 2021-05-29 03:34 _____ C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-05-29 03:54 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-08-20 19:37 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08

    Registry:
    ========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c]
    "57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\alexa\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c]
    "57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\61]
    "ApplicationUserModelId"="57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74]
    "ApplicationUserModelId"="57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74]
    "_IndexKeys"="Application\61\74
    UserAndApplication\5^61
    UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App\74"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb]
    "PackageFullName"="57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb]
    "InstalledLocation"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb]
    "_IndexKeys"="PackageFamily\64\cb
    PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc]
    "PackageFullName"="57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc]
    "InstalledLocation"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc]
    "_IndexKeys"="PackageFamily\64\cc
    PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce]
    "PackageFullName"="57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce]
    "InstalledLocation"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce]
    "_IndexKeys"="PackageFamily\64\ce
    PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64]
    "PackageFamilyName"="57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64]
    "_IndexKeys"="PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\AppxMetadata\AppxBundleManifest.xml"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Big Fish Games\Persistence\Install\F2474T1L1]
    ""="C:\Program Files (x86)\Hidden Expedition - Amazon\znqlnvb.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\AppxMetadata\AppxBundleManifest.xml"
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\AppxMetadata\AppxBundleManifest.xml"
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\AppxMetadata\AppxBundleManifest.xml"
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    "Path"="C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\AppxMetadata\AppxBundleManifest.xml"
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08]
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08]
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\CloudPolicy\Cache]
    "AGENTACTIVATIONALLOWEDAGENTSCONFIGURATION"="Cortana,{A5A7C794-3D59-41DF-915F-19ACDA526FC9},1033,Microsoft.549981C3F5F10_8wekyb3d8bbwe!App,background,true,false;Alexa,{663CABB7-A1DF-41CE-8B77-E66F62351BC6},1033,57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App,background,true,false;Xiaowei Xiaowei,{8899AAD5-174B-4490-933B-06E2C5E8313C},2052,AD2F1837.19285F10D180_v10z8vjag6ke6!App,background,true,false;Contoso,{C0F1842F-D389-44D1-8420-A32A63B35568},1033,Microsoft.SDKSample.MVADLSSampleCS_8wekyb3d8bbwe!App,background,true,false;OK Beeb,{0DC3D0CD-8FC0-40F6-B3AB-A062FE218B70},2057,BBCMobileApps.beeb_wzgfedwv7gft2!App,background,true,false;OK Hololens,{4BB6090A-5AC6-49CB-984A-4289222E2C58},1033,Microsoft.Mixedrealityassistant_8wekyb3d8bbwe!AssistantClient,background,true,false;Lenovo,{9877ABCB-1599-4F0E-BB64-C57D5678857D},2052,E046963F.LenovoVoice_k1h2ywk1493x8!App,background,true,false;ふくまろ,{D3611534-A104-4BBF-8034-2DDA5A21D5F9},1041,96E699BA.FMVHC_7shgd1s8y1app!App,background,true,false;Nee Lavie,{EEE856D4-7E58-484A-85DC-2B762E7B1162},1041,B3CD3740.LAVIEAI2.0_md25j3s46526j!App,background,false,false;小爱同å¦,{5FC96EA8-9D68-44D6-A449-21B01F2DB765},2052,8497DDF3.639A2791C9AB_kf545nqv09rxe!App,background,true,false;disabledbydefault,{FC3AC4FC-5B21-47A2-81EF-018C8AA113B4},1033,MVA.FC3AC4FC-5B21-47A2-81EF-018C8AA113B4!App,background,false,false"
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App]
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\SignalDetectionConfigurations\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App]
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\UserData\UninstallTimes]
    "57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08"="0x20D4C6496854D701"
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
    "File2"="C:\Users\User\Desktop\amazon shortcut.png"
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
    "57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App"="1"
    [HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
    "C:\Program Files (x86)\Hidden Expedition - Amazon\Uninstall.exe"="0x53414350010000000000000007000000280000008B4C0100D9C09D090100000000000000000000067102000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000D1260000000000000300000003000000"


    ====== End of Search ======
     
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Very sorry to hear that. Glad you are feeling better.

    The changes should not affect anything.

    We are going to remove everything Alexa.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool - Run Fix in Safe Mode

    --------------------
    • Click Start, type Notepad, then hit Enter
    • Copy and paste the below into the open Notepad document
    Code:
    CloseProcesses:
    C:\Users\User\Desktop\amazon shortcut.png
    C:\Users\User\Desktop\Amazon.com
    C:\Users\User\Desktop\shortcuts\amazon shortcut.png
    C:\Users\User\Desktop\shortcuts\ID verification needed for refund__ _ r_amazonprime.url
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\amazon shortcut.png.lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (2).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (3).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (4).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (5).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com .lnk
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_ads.js
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_apstag.js
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08.xml
    C:\Program Files\WindowsApps\Microsoft.WindowsStore_22408.1401.8.0_x64__8wekyb3d8bbwe\Assets\Illustrations\AmazonAppstore.png
    2021-05-29 03:34 - 2021-05-29 03:34 _____ C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-05-29 03:54 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-08-20 19:37 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\alexa\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\61|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|PackageFamilyName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\CloudPolicy\Cache|AGENTACTIVATIONALLOWEDAGENTSCONFIGURATION
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List|File2
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\SignalDetectionConfigurations\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store
    Reboot:
    
    • Save the document as Fixlist.txt and save it in the same location as FRST64 (Desktop, Downloads folder, etc.) <<< Important
    • Boot into Safe Mode using the From the sign-in screen instructions
    • Right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot
    • The tool will create a log in the same location as FRST64 called Fixlog.txt
    • Copy and paste the contents of the report in your reply
    • Upon reboot check for the Amazon icon
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
    • Amazon icon gone?
     
  11. Chaos Annihilator

    Chaos Annihilator Private E-2

    Thanks, I am feeling much better.
    This sounds a little complex, and I'm still a little slow, give me some time to make sure I understand it.
    Reading through the Safe Mode link you sent, the first instruction is "On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart". I'm confused about the windows sign-in screen. When I'm looking at my desktop normally, do I just hold the shift key and select power>restart from the start menu? Or are they talking about something else?

    I have never done anything with Alexa, do you have any idea how it may have gotten on here?

    Thanks so much for your help, sorry I'm slower with this one.
     
  12. Oh My!

    Oh My! Malware Expert Staff Member

    No problem at all, this stuff is a bit complex.
    Alexa was pre-installed by Lenovo. That is not uncommon. If you didn't have an Alexa device the software is meaningless.

    Here is an easier set of instructions. Make sure you use the below information to save the Fixlist, as I have changed that as well.

    ===================================================

    Farbar Recovery Scan Tool - Run Fix in Safe Mode

    --------------------
    • Click Start, type Notepad, then hit Enter
    • Copy and paste the below into the open Notepad document
    Code:
    CloseProcesses:
    C:\Users\User\Desktop\amazon shortcut.png
    C:\Users\User\Desktop\Amazon.com
    C:\Users\User\Desktop\shortcuts\amazon shortcut.png
    C:\Users\User\Desktop\shortcuts\ID verification needed for refund__ _ r_amazonprime.url
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\amazon shortcut.png.lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (2).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (3).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (4).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (5).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com .lnk
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_ads.js
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_apstag.js
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08.xml
    C:\Program Files\WindowsApps\Microsoft.WindowsStore_22408.1401.8.0_x64__8wekyb3d8bbwe\Assets\Illustrations\AmazonAppstore.png
    2021-05-29 03:34 - 2021-05-29 03:34 _____ C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-05-29 03:54 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-08-20 19:37 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\alexa\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\61|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|PackageFamilyName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\CloudPolicy\Cache|AGENTACTIVATIONALLOWEDAGENTSCONFIGURATION
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List|File2
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\SignalDetectionConfigurations\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store
    cmd: bcdedit /deletevalue {default} safeboot
    Reboot:
    
    • Save the document as Fixlist.txt and save it in the same location as FRST64 (Desktop, Downloads folder, etc.) <<< Important
    • Click Start, type msconfig, then select Run as administrator
    • Click on the Boot tab
    • Select Safe boot Minimal
    • Click OK then Restart your computer
    • Following reboot right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot back into Nomal boot
    • The tool will create a log in the same location as FRST64 called Fixlog.txt
    • Copy and paste the contents of the report in your reply
    • Upon reboot check for the Amazon icon
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
    • Amazon icon gone?
     
  13. Chaos Annihilator

    Chaos Annihilator Private E-2

    Hello again. Sorry to keep coming up with questions before following your instructions. These instructions make sense, and I'll get to them soon.

    First, in scrolling through the search log I sent you, I notice some entries where Alexa and Amazon are associated with my Big Fish Games. You said since I never use Alexa (and while I let family members use this computer, I know they have never done anything with Alexa either) then the software is meaningless. So you're saying it's basically there and dormant in case I should ever use Alexa, right? If it's sitting there and not doing anything without me, why is it associated with my Big Fish Games? Is anyone in my neighborhood able to access my alexa software with their Alexa?

    Will removing alexa stuff affect how my Big Fish Games or computer works?

    Also, how did FRST find this? I search, and look through my apps and features, and look in my C drive, and cannot even find Program Data, let alone anything Alexa. Shouldn't I be able to see it somewhere?

    Maybe I'm reading the log wrong, like I said I know nothing about this stuff, but sneaky AI on my computer (Alexa, Cortana, and whatever that new thing was) freaks me out a little bit and makes me paranoid. There's a lot in the log that I wish I could understand more, do you know someplace I can go to learn more about how to read this stuff?
     
  14. Oh My!

    Oh My! Malware Expert Staff Member

    No problem asking questions.

    There are 2 different "Amazons" on your computer. One is related to Amazon Alexa and the other is related to Big Fish Hidden Expedition: Amazon. The Amazon entries related to Hidden Expedition are not in the fixlist, they have been removed. The games will not be affected.

    I am not very familiar with Alexa so I did some research. The Amazon Alexa App on your computer is designed to allow you to ask questions and get information, see here. It does not need to be associated with external devices like lights, etc. but it can be. Your neighbors can't access Alexa on your computer.

    Certain folders are hidden from view, by design. C:\ProgramData is one of those folders. Although this folder may be hidden from you, it exists and FRST is designed to access the information contained in it. You can unhide files and folders if you'd like.

    If you would like a taste of what the FRST Tutorial provides you can review it here. Much of the program output is designed to be evaluated by someone who already understands Windows/malware. More often than not, digging deeper to try to alleviate fears only makes the fears worse. Anything that is not understood is considered possible malware when it is most likely perfectly normal.

    Let me know if you have other concerns or questions.
     
  15. Chaos Annihilator

    Chaos Annihilator Private E-2

    Alright, I put this off because I was nervous, but I finally did it, and it was really easy. Your instructions are great, thanks for that. And thanks for being patient with all my questions. I should have known about Hidden Expedition: Amazon, sorry for that. I bet you're right about digging deeper making fears worse! I may read through your link, and if it starts freaking me out I'll quit. I really appreciate your help.

    And thanks for doing extra Alexa research for me, this is very reassuring.

    Okay, here is the log, and the Amazon shortcut is still there. I think it couldn't find the short cut "ID verification needed for refund..." because I deleted it yesterday, so it's really gone. But the Amazon.com shortcut we're working on is still as it was.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
    Ran by User (10-10-2024 10:45:45) Run:2
    Running from C:\Users\User\Desktop
    Loaded Profiles: User
    Boot Mode: Safe Mode (minimal)
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    C:\Users\User\Desktop\amazon shortcut.png
    C:\Users\User\Desktop\Amazon.com
    C:\Users\User\Desktop\shortcuts\amazon shortcut.png
    C:\Users\User\Desktop\shortcuts\ID verification needed for refund__ _ r_amazonprime.url
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\amazon shortcut.png.lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (2).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (3).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (4).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (5).lnk
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com .lnk
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_ads.js
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_apstag.js
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08.xml
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08.xml
    C:\Program Files\WindowsApps\Microsoft.WindowsStore_22408.1401.8.0_x64__8wekyb3d8bbwe\Assets\Illustrations\AmazonAppstore.png
    2021-05-29 03:34 - 2021-05-29 03:34 _____ C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-05-29 03:54 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-08-20 19:37 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08
    2021-03-04 23:56 - 2021-03-04 23:56 _____ C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\alexa\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c|57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\61|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|ApplicationUserModelId
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|PackageFullName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|InstalledLocation
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|PackageFamilyName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64|_IndexKeys
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08|Path
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\CloudPolicy\Cache|AGENTACTIVATIONALLOWEDAGENTSCONFIGURATION
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List|File2
    DeleteValue: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\SignalDetectionConfigurations\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App
    DeleteKey: HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store
    cmd: bcdedit /deletevalue {default} safeboot
    Reboot:
    *****************

    Processes closed successfully.
    C:\Users\User\Desktop\amazon shortcut.png => moved successfully
    "C:\Users\User\Desktop\Amazon.com" => not found
    C:\Users\User\Desktop\shortcuts\amazon shortcut.png => moved successfully
    "C:\Users\User\Desktop\shortcuts\ID verification needed for refund__ _ r_amazonprime.url" => not found
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\amazon shortcut.png.lnk => moved successfully
    "C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (2).lnk" => not found
    "C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (3).lnk" => not found
    "C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (4).lnk" => not found
    "C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com (5).lnk" => not found
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\Amazon.com .lnk => moved successfully
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_ads.js => moved successfully
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak\1.60.0_0\web_accessible_resources\amazon_apstag.js => moved successfully
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08.xml => moved successfully
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08.xml => moved successfully
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08.xml => moved successfully
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08.xml => moved successfully
    C:\ProgramData\Microsoft\Windows\AppRepository\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08.xml => moved successfully
    "C:\Program Files\WindowsApps\Microsoft.WindowsStore_22408.1401.8.0_x64__8wekyb3d8bbwe\Assets\Illustrations\AmazonAppstore.png" => not found

    "C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08" Folder move:

    C:\ProgramData\Packages\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08 => moved successfully

    "C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08" Folder move:

    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08 => moved successfully

    "C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08" Folder move:

    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => moved successfully

    "C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08" Folder move:

    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08 => moved successfully

    "C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08" Folder move:

    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => moved successfully

    "C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" Folder move:

    C:\ProgramData\Microsoft\Windows\AppRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => moved successfully

    "C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08" Folder move:

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => moved successfully

    "C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08" Folder move:

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => moved successfully

    "C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" Folder move:

    C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => moved successfully

    "C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08" Folder move:

    C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-100_22t9g3sebte08 => moved successfully

    "C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08" Folder move:

    C:\Program Files\WindowsApps\DeletedAllUserPackages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-200_22t9g3sebte08 => moved successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c\\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\alexa\AppX9tt95qyx3z9hrfw0r2fca8z3t9a5ez1c\\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\61\\ApplicationUserModelId" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74\\ApplicationUserModelId" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\74\\_IndexKeys" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb\\PackageFullName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb\\InstalledLocation" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cb\\_IndexKeys" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc\\PackageFullName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc\\InstalledLocation" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\cc\\_IndexKeys" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce\\PackageFullName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce\\InstalledLocation" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\ce\\_IndexKeys" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64\\PackageFamilyName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\64\\_IndexKeys" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\\Path" => removed successfully
    "HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\CloudPolicy\Cache\\AGENTACTIVATIONALLOWEDAGENTSCONFIGURATION" => removed successfully
    "HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\UserData\UninstallTimes\\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08" => removed successfully
    "HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\\File2" => removed successfully
    "HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App" => not found
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08 => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08" => not found
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-127966655-3041496052-59511839-1001\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08" => not found
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08" => not found
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_split.scale-125_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_neutral_~_22t9g3sebte08 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08 => removed successfully
    HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App => removed successfully
    HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Speech_OneCore\Settings\VoiceActivation\SignalDetectionConfigurations\57540AMZNMobileLLC.AmazonAlexa_22t9g3sebte08!App => removed successfully
    HKEY_USERS\S-1-5-21-127966655-3041496052-59511839-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store => removed successfully

    ========= bcdedit /deletevalue {default} safeboot =========

    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 10:45:50 ====
     
  16. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for the report and explanation.

    I suspect there is an Amazon.com remnant hiding out somewhere. Let's see if we can hunt it down.

    Please do this.

    ===================================================

    Rebuilding Icon Cache

    --------------------

    • Download Icon_Cache.bat and save it to your Desktop
    • Right click on the Icon_Cache.bat icon and select Run as administrator
    • Follow the prompts and once the process is complete your computer will reboot
    • Check for the Amazon.com icon
    • If the icon still exists run the below step
    ===================================================

    Farbar Recovery Scan Tool Search

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    desktop.ini
    
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Attach the file to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Icon Cache rebuilt?
    • Search.txt, if necessary
     
    Chaos Annihilator likes this.
  17. Chaos Annihilator

    Chaos Annihilator Private E-2

    Hi Gary,

    I'm so sorry it's been so long. Things have been crazy here. I can't believe I haven't been able to get back to this until today.

    I ran the Icon Cache, it worked just like you said and I had no trouble, after the reboot the Amazon shortcut is still there.

    Here is the search log, again I'm so sorry it's taken me so long:

    Farbar Recovery Scan Tool (x64) Version: 16-09-2024
    Ran by User (15-10-2024 12:37:14)
    Running from C:\Users\User\Desktop
    Boot Mode: Normal

    ================== Search Files: "desktop.ini" =============

    C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-public_31bf3856ad364e35_10.0.19041.1_none_0cf1a65e91dfb2be\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 7220FAD57A4B3D9D9755C51198CC0386 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-commonmusic_31bf3856ad364e35_10.0.19041.1_none_2f07a4cad3dec315\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000380 _____ () 48F5AC70AAEDAFE403B362E41DA1E1D6 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme2_31bf3856ad364e35_10.0.19041.1_none_8ccaf9c8444b9274\Desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000081 _____ () 14E3838089D535329BA635A74364DE70 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme1_31bf3856ad364e35_10.0.19041.1_none_8ccb1090444b78d3\Desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000081 _____ () 77D16B447FD71115B5C9AFE48D93FC58 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.4474_none_8bc3e36c6aca02bc\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000003050 _____ () FDCF9E314A2166FA4FFB979AC2563D0E [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_10.0.19041.1_none_be359f0533764571\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000440 _____ () 152F9501F766519BCDD4BAAD6236A664 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.19041.1_none_905c6a851ca62951\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000166 _____ () A72BD98C568D5B0AD4C8D8E5654954D2 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-userprofiles_31bf3856ad364e35_10.0.19041.1_none_39d6d106c6f70bec\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 6B1A6A9959CE35FA0DF98F8E602BB191 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-programfiles_31bf3856ad364e35_10.0.19041.1_none_cb8c8caad1a2ad44\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 6383522C180BADC4E1D5C30A5C4F4913 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-commonvideos_31bf3856ad364e35_10.0.19041.1_none_923716ddadd939c8\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000380 _____ () 582BD0FACB013808C1C4804D894CD9FD [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-systemtools_31bf3856ad364e35_10.0.19041.1_none_345e4e1d2701732b\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () EA767F2EB03C345D06A995B10A1BE9D3 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-maintenance_31bf3856ad364e35_10.0.19041.1_none_148b41803c849a3c\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-accessories_31bf3856ad364e35_10.0.19041.1_none_a208296858c76413\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () A021DF2D83EDCBC2EC3AAF894FBF07B4 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..kf-commonadmintools_31bf3856ad364e35_10.0.19041.1_none_0b090bb5ae01dd1a\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 548B310FBC7A26D0B9DA3A9F2D604A0C [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-systemtoolsuser_31bf3856ad364e35_10.0.19041.1_none_d69cbb4282e4fe2c\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () EA767F2EB03C345D06A995B10A1BE9D3 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-maintenanceuser_31bf3856ad364e35_10.0.19041.1_none_bbf8ad8ff53c9b5b\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..ini-accessoriesuser_31bf3856ad364e35_10.0.19041.1_none_d9f53b39b3834744\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000170 _____ () A021DF2D83EDCBC2EC3AAF894FBF07B4 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_10.0.19041.1_none_19358785a81a86d6\Desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000166 _____ () A72BD98C568D5B0AD4C8D8E5654954D2 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..32-kf-commonstartup_31bf3856ad364e35_10.0.19041.1_none_b2014b56ea660ec9\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 7F1698BAB066B764A314A589D338DAAE [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..32-kf-commondesktop_31bf3856ad364e35_10.0.19041.1_none_a81a33274fb1b624\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () DC723B859DEC1526568AD581AEC334D5 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..2-kf-commonprograms_31bf3856ad364e35_10.0.19041.1_none_047fa97bc9873117\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 17D5D0735DEAA1FB4B41A7C406763C0A [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..2-kf-commonpictures_31bf3856ad364e35_10.0.19041.1_none_36436b821c9e7209\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000380 _____ () 2F145CCA0196FB928EE5656F2CFC2934 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-publiclibraries_31bf3856ad364e35_10.0.19041.1_none_cbd9ad4986c925d5\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000175 _____ () 203ABC35EE1B804C770321D392CAC58C [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-programfilesx86_31bf3856ad364e35_10.0.19041.1_none_3870d3554f39ac78\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 5B8A2BA3138573583FF9E0158096EC48 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commonstartmenu_31bf3856ad364e35_10.0.19041.1_none_f6eee8789c1c6fdd\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () A2D31A04BC38EEAC22FCA3E30508BA47 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000174 _____ () 81594CBB270B4099912612CD3C20306A [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondocuments_31bf3856ad364e35_10.0.19041.1_none_04c252e5678f305a\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000278 _____ () EC659B643B3DC5A57DAFA797BBC83871 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_11.0.19041.4355_none_199e16b530685f15\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000065 _____ () 5079E25C0E9F1B5640B856225F5F5560 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.0.19041.1_none_2108f0881e5a7a03\desktop.ini
    [2019-12-07 04:09][2019-12-07 04:09] 000000065 _____ () 878B2E099C512B72A9FEA2257458C8B8 [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-fontext_31bf3856ad364e35_10.0.19041.4355_none_133fb84ca8d781b5\desktop.ini
    [2019-12-07 04:08][2019-12-07 04:08] 000000065 _____ () CB6B1DA3363DC3265434BA22175FC78B [File is digitally signed]

    C:\Windows\Web\Wallpaper\Theme2\Desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000081 ___SH () 14E3838089D535329BA635A74364DE70 [File is digitally signed]

    C:\Windows\Web\Wallpaper\Theme1\Desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000081 ___SH () 77D16B447FD71115B5C9AFE48D93FC58 [File is digitally signed]

    C:\Windows\SysWOW64\config\systemprofile\Saved Games\desktop.ini
    [2022-02-13 17:03][2022-02-13 17:03] 000000282 ___SH () B441CF59B5A64F74AC3BED45BE9FADFC [File not signed]

    C:\Windows\SysWOW64\config\systemprofile\Desktop\desktop.ini
    [2021-08-24 17:40][2021-08-24 17:40] 000000282 ___SH () 9E36CC3537EE9EE1E3B10FA4E761045B [File not signed]

    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
    [2021-08-24 17:40][2021-08-24 17:40] 000000174 ___SH () A2D31A04BC38EEAC22FCA3E30508BA47 [File is digitally signed]

    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2021-08-24 17:40][2021-08-24 17:40] 000000174 ___SH () 17D5D0735DEAA1FB4B41A7C406763C0A [File is digitally signed]

    C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.5011.1.13\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.4474_none_8bc3e36c6aca02bc\f\desktop.ini
    [2024-10-09 12:04][2024-08-15 18:27] 000000050 _____ () 38F78176F61AB580286940F9EE2FF5A4 [File not signed]

    C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4894.1.9\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.4474_none_8bc3e36c6aca02bc\f\desktop.ini
    [2024-09-10 14:33][2024-08-15 18:27] 000000050 _____ () 38F78176F61AB580286940F9EE2FF5A4 [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000047 ___SH () 024FF9603456E7CB27B8F1A74BC65666 [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000934 ___SH () 255FAE4332DAE10C0E1ED178EDD7755C [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000170 ___SH () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000218 ___SH () 8E87F55B014FECA6665CE80419D72D4B [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000568 ___SH () 2D12B758AD8C23155099DD2BE6DEDF7D [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000558 ___SH () 4AF9E982FC27CE9D7EAA756E71E73042 [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000148 ___SH () 623A388DA0F5A5C9892D3EABF1BBD52A [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000941 ___SH () 2B0C0EEC15142B600F38CE1BB2507AFB [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000325 ___SH () E7DC96F8AE6D279D7B3DE9BAF1F4A0BE [File not signed]

    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000075 ___SH () 22F192FB4C42DF0A72A2FA00F41CE01A [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000047 ___SH () 024FF9603456E7CB27B8F1A74BC65666 [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000934 ___SH () 255FAE4332DAE10C0E1ED178EDD7755C [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000170 ___SH () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000218 ___SH () 8E87F55B014FECA6665CE80419D72D4B [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000568 ___SH () 2D12B758AD8C23155099DD2BE6DEDF7D [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000558 ___SH () 4AF9E982FC27CE9D7EAA756E71E73042 [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000148 ___SH () 623A388DA0F5A5C9892D3EABF1BBD52A [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000941 ___SH () 2B0C0EEC15142B600F38CE1BB2507AFB [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000325 ___SH () E7DC96F8AE6D279D7B3DE9BAF1F4A0BE [File not signed]

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
    [2021-08-20 20:02][2021-08-20 20:02] 000000075 ___SH () 22F192FB4C42DF0A72A2FA00F41CE01A [File not signed]

    C:\Windows\Offline Web Pages\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000065 ___SH () 5079E25C0E9F1B5640B856225F5F5560 [File is digitally signed]

    C:\Windows\Media\Desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000003050 ___SH () FDCF9E314A2166FA4FFB979AC2563D0E [File is digitally signed]

    C:\Windows\Fonts\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000065 _____ () CB6B1DA3363DC3265434BA22175FC78B [File is digitally signed]

    C:\Windows\Downloaded Program Files\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000065 ___SH () 878B2E099C512B72A9FEA2257458C8B8 [File is digitally signed]

    C:\Windows\assembly\Desktop.ini
    [2022-12-03 00:49][2022-12-03 00:49] 000000227 __RSH () F7F759A5CD40BC52172E83486B6DE404 [File not signed]

    C:\Users\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 6B1A6A9959CE35FA0DF98F8E602BB191 [File is digitally signed]

    C:\Users\Public\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 7220FAD57A4B3D9D9755C51198CC0386 [File is digitally signed]

    C:\Users\Public\Videos\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000380 ___SH () 582BD0FACB013808C1C4804D894CD9FD [File is digitally signed]

    C:\Users\Public\Pictures\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000380 ___SH () 2F145CCA0196FB928EE5656F2CFC2934 [File is digitally signed]

    C:\Users\Public\Music\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000380 ___SH () 48F5AC70AAEDAFE403B362E41DA1E1D6 [File is digitally signed]

    C:\Users\Public\Libraries\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000175 ___SH () 203ABC35EE1B804C770321D392CAC58C [File is digitally signed]

    C:\Users\Public\Downloads\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 81594CBB270B4099912612CD3C20306A [File is digitally signed]

    C:\Users\Public\Documents\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000278 ___SH () EC659B643B3DC5A57DAFA797BBC83871 [File is digitally signed]

    C:\Users\Public\Desktop\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () DC723B859DEC1526568AD581AEC334D5 [File is digitally signed]

    C:\Users\Public\AccountPictures\desktop.ini
    [2021-08-20 20:38][2021-08-20 20:38] 000000196 ___SH () 2971C89BFB3B06E591694B9A78E467B9 [File not signed]

    C:\Users\User\Videos\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000504 ___SH () 50A956778107A4272AAE83C86ECE77CB [File not signed]

    C:\Users\User\Videos\Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo\desktop.ini
    [2021-11-29 18:36][2021-11-29 18:36] 000000114 ___SH () 2AEACF4DF21D77D66C8FAB42815097D2 [File not signed]

    C:\Users\User\Videos\Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic\desktop.ini
    [2023-05-13 16:45][2023-05-13 16:45] 000000116 ___SH () F2B8DD12632182519FCF8E04CD573EE0 [File not signed]

    C:\Users\User\Videos\Captures\desktop.ini
    [2021-05-29 03:51][2021-05-29 03:51] 000000190 ___SH () B0D27EAEC71F1CD73B015F5CEEB15F9D [File not signed]

    C:\Users\User\Searches\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000524 ___SH () 089D48A11BFF0DF720F1079F5DC58A83 [File not signed]

    C:\Users\User\Saved Games\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000282 ___SH () B441CF59B5A64F74AC3BED45BE9FADFC [File not signed]

    C:\Users\User\Pictures\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000504 ___SH () 29EAE335B77F438E05594D86A6CA22FF [File not signed]

    C:\Users\User\Pictures\Saved Pictures\desktop.ini
    [2021-05-29 09:23][2021-05-29 09:23] 000000190 ___SH () 87A524A2F34307C674DBA10708585A5E [File not signed]

    C:\Users\User\Pictures\Camera Roll\desktop.ini
    [2021-05-29 03:36][2021-05-29 03:36] 000000190 ___SH () D48FCE44E0F298E5DB52FD5894502727 [File not signed]

    C:\Users\User\OneDrive\desktop.ini
    [2021-05-29 03:32][2021-08-02 15:53] 000000107 ___SH () 77EA2B90F8850A2073E4E76ED4C34B43 [File not signed]

    C:\Users\User\Music\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000504 ___SH () 06E8F7E6DDD666DBD323F7D9210F91AE [File not signed]

    C:\Users\User\Links\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000504 ___SH () 3B960DA228CC489B622697659C885D64 [File not signed]

    C:\Users\User\Favorites\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000402 ___SH () 881DFAC93652EDB0A8228029BA92D0F5 [File not signed]

    C:\Users\User\Favorites\Links\desktop.ini
    [2021-05-29 03:29][2024-05-14 23:29] 000000080 ___SH () 3C106F431417240DA12FD827323B7724 [File not signed]

    C:\Users\User\Downloads\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000282 ___SH () 3A37312509712D4E12D27240137FF377 [File not signed]

    C:\Users\User\Documents\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000402 ___SH () ECF88F261853FE08D58E2E903220DA14 [File not signed]

    C:\Users\User\Documents\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App\desktop.ini
    [2021-05-28 16:27][2021-05-28 16:27] 000000120 ___SH () 88571C299F7FDAC5ACC74AE53A08FD6C [File not signed]

    C:\Users\User\Documents\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App\desktop.ini
    [2024-08-21 17:00][2024-08-21 17:00] 000000116 ___SH () 153596C055EAC9DE175E9AA7476AEB0F [File not signed]

    C:\Users\User\Desktop\desktop.ini
    [2021-05-29 03:29][2023-08-22 00:18] 000000454 ___SH () 2A6077DAD3C00F066964CA93AE70C95A [File not signed]

    C:\Users\User\Contacts\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000412 ___SH () 449F2E76E519890A212814D96CE67D64 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000174 ___SH () A2D31A04BC38EEAC22FCA3E30508BA47 [File is digitally signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2021-08-20 19:38][2021-08-20 20:38] 000000264 ___SH () 6B529C1DD6A54057FCB687E13B6A20A4 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
    [2021-08-20 19:38][2019-12-07 04:12] 000000934 ___SH () 255FAE4332DAE10C0E1ED178EDD7755C [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000174 ___SH () 7F1698BAB066B764A314A589D338DAAE [File is digitally signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
    [2021-08-20 19:38][2019-12-07 04:12] 000000170 ___SH () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000174 ___SH () 548B310FBC7A26D0B9DA3A9F2D604A0C [File is digitally signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
    [2021-08-20 19:38][2021-08-20 20:38] 000000338 ___SH () 2050878EFC2315CC685312928C0D0FA2 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini
    [2021-08-20 19:38][2021-08-20 19:23] 000000568 ___SH () 2D12B758AD8C23155099DD2BE6DEDF7D [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini
    [2021-08-20 19:38][2021-08-20 20:40] 000000694 ___SH () C79F725285A59C07B7EDD74D9C4493CC [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
    [2021-08-20 20:38][2021-08-20 20:38] 000000432 ___SH () F107D0270E21A2FE91099FDC15918D44 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000451 ___SH () 65029E5CB3A76E5E3C6F07D1F1DE5431 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini
    [2021-08-20 20:38][2021-08-20 20:38] 000000196 ___SH () 08E1B7B2FD872CDCC42AF67707DC2A98 [File not signed]

    C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2021-08-20 19:38][2019-12-07 04:12] 000000148 ___SH () 623A388DA0F5A5C9892D3EABF1BBD52A [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini
    [2021-05-29 03:24][2019-12-07 04:12] 000000941 ___SH () 2B0C0EEC15142B600F38CE1BB2507AFB [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini
    [2021-05-29 03:24][2019-12-07 04:12] 000000325 ___SH () E7DC96F8AE6D279D7B3DE9BAF1F4A0BE [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
    [2021-05-29 03:24][2019-12-07 04:12] 000000075 ___SH () 22F192FB4C42DF0A72A2FA00F41CE01A [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\History\desktop.ini
    [2021-08-20 16:19][2021-08-20 16:19] 000000130 _____ () 941682911C20B2DABECB20476F91C98A [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
    [2021-08-20 20:40][2021-08-20 20:40] 000000174 ___SH () E0FD7E6B4853592AC9AC73DF9D83783F [File not signed]

    C:\Users\User\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini
    [2021-05-29 03:28][2021-08-20 20:38] 000000174 ___SH () 8F91870452433A5555C9D453F714698C [File not signed]

    C:\Users\User\3D Objects\desktop.ini
    [2021-05-29 03:29][2021-08-20 20:38] 000000298 ___SH () 42DD3B4CD1411DACAE138DEF128485D4 [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2019-12-07 04:52][2019-12-07 04:52] 000000047 ___SH () 024FF9603456E7CB27B8F1A74BC65666 [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000934 ___SH () 255FAE4332DAE10C0E1ED178EDD7755C [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000170 ___SH () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
    [2019-12-07 04:14][2021-04-09 08:51] 000000218 ___SH () 8E87F55B014FECA6665CE80419D72D4B [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini
    [2019-12-07 04:14][2024-05-14 19:06] 000000568 ___SH () F14E70FDDAAAACDE69256791CB07BD41 [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini
    [2019-12-07 04:14][2024-05-14 19:06] 000000558 ___SH () 4AF9E982FC27CE9D7EAA756E71E73042 [File not signed]

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000148 ___SH () 623A388DA0F5A5C9892D3EABF1BBD52A [File not signed]

    C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000941 ___SH () 2B0C0EEC15142B600F38CE1BB2507AFB [File not signed]

    C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000325 ___SH () E7DC96F8AE6D279D7B3DE9BAF1F4A0BE [File not signed]

    C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
    [2019-12-07 04:15][2019-12-07 04:12] 000000075 ___SH () 22F192FB4C42DF0A72A2FA00F41CE01A [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () A2D31A04BC38EEAC22FCA3E30508BA47 [File is digitally signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [2019-12-07 04:14][2024-10-09 11:33] 000000522 ___SH () 26060D6DF208D8B5EDD88B9B6506DE88 [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini
    [2019-12-07 04:52][2019-12-07 04:52] 000000218 ___SH () 3AA1D8D650944F797F80D23D67A2F335 [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini
    [2019-12-07 04:14][2024-10-09 11:33] 000000338 ___SH () AB006EAB28F3CFE4344B7DB45C67092D [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 7F1698BAB066B764A314A589D338DAAE [File is digitally signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000170 ___SH () CAC4D0F604168B35338F40B0FE08C453 [File is digitally signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
    [2019-12-07 04:14][2024-10-09 11:33] 000002566 ___SH () 77A9EC346E78D14799FF4DEE91A967A8 [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
    [2019-12-07 04:14][2024-10-09 11:33] 000001472 ___SH () 26448D1445DF23D394402B5E3C7F1C0D [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini
    [2019-12-07 04:15][2024-05-14 19:06] 000000085 ___SH () 4F6C7327201FEACE952F9435B2EB1F46 [File not signed]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini
    [2019-12-07 04:14][2024-05-14 19:06] 000000370 ___SH () 2DB341606A8D0E39C81A95A64ED33C84 [File not signed]

    C:\Program Files (x86)\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 5B8A2BA3138573583FF9E0158096EC48 [File is digitally signed]

    C:\Program Files\desktop.ini
    [2019-12-07 04:14][2019-12-07 04:12] 000000174 ___SH () 6383522C180BADC4E1D5C30A5C4F4913 [File is digitally signed]

    C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI
    [2021-03-04 23:34][2021-03-04 23:34] 000000070 _____ () 466AFDBDD30770A1A6B47AFD85099E82 [File not signed]


    ====== End of Search ======
     
  18. Oh My!

    Oh My! Malware Expert Staff Member

    No problem on the delay, I know you are busy.

    Can you send me another "tried to delete" screen shot without blocking out any of the information. You can send it to me via Personal Message.

    Please run this.

    ===================================================

    Process Monitor Boot Log

    --------------------
    • Download Process Monitor and save it to your Desktop
    • Right click on Procmon and select Run as administrator
    • Agree to any permission requests
    • Hit Ctrl + E to stop capturing events
    • Hit Ctrl + X at the same time to clear the display
    • Click Options then Enable Boot Logging
    • Place a check mark in Generate thread profiling events
    • Click OK
    • Close Process Monitor
    • Close any open programs and shut down your computer
    • Start your computer and allow the boot up process to complete, including logging in if you use a password
    • Wait 5 minutes then right click on Process Monitor and select Run as administrator
    • Click Yes on the next window that appears and save the boot-time activity log onto your desktop using the default name
    • Please zip and upload the file to GoFile or the file hosting site of your choice and send me a Personal Message with the download link
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Screen shot via PM
    • Download link via PM
     
    Last edited: Oct 16, 2024
  19. Chaos Annihilator

    Chaos Annihilator Private E-2

    Hello,
    As you probably guessed, I'm having issues already. I hope I'm not really frustrating.
    I took the screenshot of the error that happens when I try to delete the shortcut, as well as every tab under properties in case that would be helpful. However, I went to PM you, and cannot figure out how to attach the screenshots. There's no "upload a file" button there, as there is here. I don't know what I'm missing.
    I haven't tried Process Monitor yet, but the first thing you say to do is hit Ctrl+E to stop capturing events. Should I do this immediately, or wait a few seconds to capture events, or what?
    I have never used a file hosting site, so I will use GoFile as you suggested. You said to send the download link, will that just be given to me automatically once I upload the file?
    Sorry I'm fumbling around again. Thanks so much for your help.
     
  20. Oh My!

    Oh My! Malware Expert Staff Member

    For now, just send me a Private Message typing out all the information from the below screen shot without blocking out any of the information.


    tried to delete.png
     
  21. Oh My!

    Oh My! Malware Expert Staff Member

    Please run this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
    CloseProcesses:
    C:\Users\CurrentUserName\Desktop\Amazon.com
    End::
    
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
  22. Oh My!

    Oh My! Malware Expert Staff Member

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Search

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    *.ico
    
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Please zip and upload the file to GoFile, WeTransfer, or the file hosting site of your choice. Send me a Personal Message with the download link.
    ===================================================

    Things I would like to see in your next reply.
    • Personal message with the download link
     
  23. Oh My!

    Oh My! Malware Expert Staff Member

    How are we doing?
     
  24. Chaos Annihilator

    Chaos Annihilator Private E-2

    Sorry, my sister has been having a crisis. I just logged on to do this now, give me a few minutes...
     
  25. Oh My!

    Oh My! Malware Expert Staff Member

    I am sorry to hear that. Family first.
     
    Chaos Annihilator likes this.
  26. Chaos Annihilator

    Chaos Annihilator Private E-2

    Okay, I think I've done it. See if it works. Thanks for hanging in there and continuing to help.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds