Chrome Pop Up Malware Issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sherbee, Feb 24, 2025.

  1. sherbee

    sherbee Private E-2

    Hi I am having an issue when using chrome it seems to be spitting up pop up (mcafee etc) and I can't get rid of them. I did try using malaware bytes but it says I have to pay to get rid of anything. I also have tried using Avast but I actually have to pay to get rid of the problems. I have a new computer and not much on my Hd. Anyways if someone could help I would greatly appreciate it . Thank you. I hope I have made sense if not please don't hesitate to ask me to clarify better. :)
     
    sherbee, Feb 24, 2025
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the Major Geeks Malware Forum.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Feb 24, 2025
    #2
  3. sherbee

    sherbee Private E-2

    Here are my results.
     

    Attached Files:

    sherbee, Feb 24, 2025
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    We can skip quoting my previous post.

    We may need to be a bit aggressive in dealing with the issue so it would be helpful if I understood the situation a bit better.

    Do you have Chrome installed? It is not listed in the reports.

    Did the pop up issue start within the last couple of days?

    There are a number of entries, some of which appear odd to me, that seem to be related to Jasc Paint Shop Pro 9. This is a very old program (2004) and may not be compatible with Windows 11. If necessary, would you be willing to remove the program?

    Do you want Avast as your antivirus program or did you only install it to try to remove the pop up?
     
    Oh My!, Feb 24, 2025
    #4
  5. sherbee

    sherbee Private E-2

    OK I uninstalled Chrome because I couldn't even stop x'ing out the pop ups(MacAfee etc) even with the browser closed it was still popping up on my desktop. Also about Jasc I can uninstall it I installed that to get animation shop. Also you are right I installed Avast to get rid of the pop ups which did not work now I am worried about installing it because I don't know if it is temporarily keeping the pop ups at bay. Also this began today the issue yesterday it was fine. Sorry for the late response I had some errands to do.
     
    sherbee, Feb 24, 2025
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the clarification.

    The symptoms you were experiencing with Chrome are normally caused by a malicious Chrome Push Notification. Removing Chrome removed the Push Notifications.

    We will leave Jasc Paint Shop Pro 9 alone for now but I would like to uninstall Avast.

    Please do this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Avast Free Antivirus
Avast Secure Browser
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\USER\AppData\Local\Total_Security
S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys [X] 
S3 ACE-SSC-DRV64; \??\C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys [X] 
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION 
HKU\S-1-5-21-3190614000-2036166471-2658711317-1001\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (No File) 
Task: {D3EBAE4E-47F7-41CD-AFCC-CDBB7F155514} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File) 
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] 
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] 
FirewallRules: [{A662A805-9DB1-4591-BC8F-B862B0C4B478}] => (Allow) C:\Users\USER\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File 
FirewallRules: [{9FF9C04C-D6F9-48CB-B4EA-247D02898504}] => (Allow) C:\Users\USER\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File 
FirewallRules: [{1E0F3359-08A9-48C8-90DF-C7ABCE51A5AF}] => (Allow) D:\The Sims 4\Game\Bin\TS4_Launcher_x64.exe => No File 
FirewallRules: [{C16BD9D2-1B6A-4D74-8610-A5878C6DCD99}] => (Allow) D:\The Sims 4\Game\Bin\TS4_Launcher_x64.exe => No File 
R3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2025-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION 
AlternateDataStreams: C:\Windows\tracing:? [16] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    SearchAll: Avast;Avira
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Attach the report to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Uninstall Avast?
    • Fixlog
    • Attached report
     
    Oh My!, Feb 24, 2025
    #6
  7. sherbee

    sherbee Private E-2

     
    sherbee, Feb 24, 2025
    #7
  8. sherbee

    sherbee Private E-2

    Ok I tried to copy paste and it said the files were to large. I hope I did this right ..if not please let me know. Thank you so very much for your help. I won't be using Chrome at all this is the second time it went wonky.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 24-02-2025
    Ran by USER (24-02-2025 20:34:35) Run:1
    Running from C:\Users\USER\Desktop
    Loaded Profiles: USER
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    Folder: C:\Users\USER\AppData\Local\Total_Security
    S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys [X]
    S3 ACE-SSC-DRV64; \??\C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys [X]
    S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
    HKU\S-1-5-21-3190614000-2036166471-2658711317-1001\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (No File)
    Task: {D3EBAE4E-47F7-41CD-AFCC-CDBB7F155514} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
    Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
    FirewallRules: [{A662A805-9DB1-4591-BC8F-B862B0C4B478}] => (Allow) C:\Users\USER\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
    FirewallRules: [{9FF9C04C-D6F9-48CB-B4EA-247D02898504}] => (Allow) C:\Users\USER\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File
    FirewallRules: [{1E0F3359-08A9-48C8-90DF-C7ABCE51A5AF}] => (Allow) D:\The Sims 4\Game\Bin\TS4_Launcher_x64.exe => No File
    FirewallRules: [{C16BD9D2-1B6A-4D74-8610-A5878C6DCD99}] => (Allow) D:\The Sims 4\Game\Bin\TS4_Launcher_x64.exe => No File
    R3 cpuz159; C:\Windows\temp\cpuz159\cpuz159_x64.sys [44680 2025-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
    AlternateDataStreams: C:\Windows\tracing:? [16]
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    *****************

    SystemRestore: On => completed
    Restore point was successfully created.
    Processes closed successfully.

    ========================= Folder: C:\Users\USER\AppData\Local\Total_Security ========================

    2025-02-24 10:53 - 2025-02-24 10:53 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\USER\AppData\Local\Total_Security\GUI_Url_wtwi5zfieqnhql4zgnlgms4hq2xysn45
    2025-02-24 10:53 - 2025-02-24 10:53 - 000000199 ____A [2EDFC35753270D25EA80D0C9D9206DBC] () C:\Users\USER\AppData\Local\Total_Security\GUI_Url_wtwi5zfieqnhql4zgnlgms4hq2xysn45\AppCenter.config

    ====== End of Folder: ======

    HKLM\System\CurrentControlSet\Services\ace-game-0 => removed successfully
    ace-game-0 => service removed successfully
    HKLM\System\CurrentControlSet\Services\ACE-SSC-DRV64 => removed successfully
    ACE-SSC-DRV64 => service removed successfully
    HKLM\System\CurrentControlSet\Services\cpuz158 => removed successfully
    cpuz158 => service removed successfully
    "HKU\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Corel Photo Downloader" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3EBAE4E-47F7-41CD-AFCC-CDBB7F155514}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3EBAE4E-47F7-41CD-AFCC-CDBB7F155514}" => removed successfully
    C:\Windows\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
    C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A662A805-9DB1-4591-BC8F-B862B0C4B478}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FF9C04C-D6F9-48CB-B4EA-247D02898504}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E0F3359-08A9-48C8-90DF-C7ABCE51A5AF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C16BD9D2-1B6A-4D74-8610-A5878C6DCD99}" => removed successfully
    cpuz159 => Service stopped successfully.
    HKLM\System\CurrentControlSet\Services\cpuz159 => removed successfully
    cpuz159 => service removed successfully
    C:\Windows\tracing => ":?" ADS removed successfully

    ========= sfc /scannow =========


    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.

    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.


    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.26100.1150

    Image Version: 10.0.26100.3194

    The component store is repairable.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 20:36:11 ====
     

    Attached Files:

    Last edited by a moderator: Feb 25, 2025
    sherbee, Feb 24, 2025
    #8
  9. Oh My!

    Oh My! Malware Expert Staff Member

    It is OK to skip quoting my previous post. It will make things easier to review.

    If you prefer Chrome I would not let this event move you completely away from the browser. It can happen with other browsers as well.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\USER\AppData\Local\Total_Security
C:\Windows\SystemTemp\AvastBrowser_installer.log
C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7CC.pf
C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D0.pf
C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D4.pf
C:\Windows\Prefetch\AVASTBROWSERUNINSTALL.EXE-17F955BE.pf
C:\Windows\Prefetch\AVASTBROWSERUPDATE.EXE-D0CC5D31.pf
C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\USER\AppData\Local\Temp\AvastBrowser_installer.log
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client
C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client,1.2410.4113
C:\ProgramData\Avast Software\Subscriptions\license.avastlic
2025-02-24 11:08 - 2025-02-24 11:09 _____ C:\Users\USER\AppData\Local\Temp\_avast_
2025-02-24 11:06 - 2025-02-24 20:26 _____ C:\ProgramData\Avast Software
2025-02-24 11:08 - 2025-02-24 20:28 _____ C:\Program Files\Avast Software
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5|ProductName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList|PackageName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList|LastUsedSource
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\Net|1
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA|22BA3C918173D4E42B3042F2051065B5
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|InstallSource
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|Publisher
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\WicaAvPathsExpiredTemp|0
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|InstallSource
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|Publisher
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3190614000-2036166471-2658711317-1001|\Device\HarddiskVolume3\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
DeleteValue: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532|ExecutablePath
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532|Publisher
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A24095D0-4A4F-4126-839D-CA0601E0DD1B}|name
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A515ABCE-897D-4F8C-B311-3626B6D6EEB2}|name
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.htm
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.html
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.shtml
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xht
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xhtml
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList|b
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http.ieljn\UserChoice|ProgId
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https.pysyi\UserChoice|ProgId
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw-c49b73a7-03fc-4cc2-8fe8-72359d94a453\common\icarus_ui.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config|AviraRegAcl
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config|AviraFileAcl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\aswSP
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\AVAST Software
DeleteKey: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\AVAST Software
DeleteKey: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/WS/redirect/?q=Avast&form=WSBSTK&cvid=10e01f56d8074d188cd62f81c443270c&rtk=g0sxSNot1fNP%2FALZowPtHuMvDHcEWJsrcNUPoOm%2FGzeDwdumLiDz%2F%2B%2Fw
cmd: DISM /Online /Cleanup-Image /RestoreHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
    Oh My!, Feb 25, 2025
    #9
  10. sherbee

    sherbee Private E-2

    Hi I just got home from work and I am sending you what you asked for .

    Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2025
    Ran by USER (25-02-2025 16:59:10) Run:2
    Running from C:\Users\USER\Desktop
    Loaded Profiles: USER
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    C:\Users\USER\AppData\Local\Total_Security
    C:\Windows\SystemTemp\AvastBrowser_installer.log
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7CC.pf
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D0.pf
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D4.pf
    C:\Windows\Prefetch\AVASTBROWSERUNINSTALL.EXE-17F955BE.pf
    C:\Windows\Prefetch\AVASTBROWSERUPDATE.EXE-D0CC5D31.pf
    C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
    C:\Users\USER\AppData\Local\Temp\AvastBrowser_installer.log
    C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client
    C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client,1.2410.4113
    C:\ProgramData\Avast Software\Subscriptions\license.avastlic
    2025-02-24 11:08 - 2025-02-24 11:09 _____ C:\Users\USER\AppData\Local\Temp\_avast_
    2025-02-24 11:06 - 2025-02-24 20:26 _____ C:\ProgramData\Avast Software
    2025-02-24 11:08 - 2025-02-24 20:28 _____ C:\Program Files\Avast Software
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5|ProductName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList|PackageName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList|LastUsedSource
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\Net|1
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA|22BA3C918173D4E42B3042F2051065B5
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|InstallSource
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|Publisher
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\WicaAvPathsExpiredTemp|0
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|InstallSource
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|Publisher
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3190614000-2036166471-2658711317-1001|\Device\HarddiskVolume3\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
    DeleteValue: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532|ExecutablePath
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532|Publisher
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A24095D0-4A4F-4126-839D-CA0601E0DD1B}|name
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A515ABCE-897D-4F8C-B311-3626B6D6EEB2}|name
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.htm
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.html
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.shtml
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xht
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xhtml
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Avast_Secure_Browser
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|Avast_Secure_Browser
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList|b
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|avast! Antivirus
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|Avast_Secure_Browser
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http.ieljn\UserChoice|ProgId
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https.pysyi\UserChoice|ProgId
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.ApplicationCompany
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.ApplicationCompany
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Windows\Temp\asw-c49b73a7-03fc-4cc2-8fe8-72359d94a453\common\icarus_ui.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.ApplicationCompany
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.FriendlyAppName
    DeleteValue: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.ApplicationCompany
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config|AviraRegAcl
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config|AviraFileAcl
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\aswSP
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
    DeleteKey: HKEY_USERS\.DEFAULT\Software\AVAST Software
    DeleteKey: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\AVAST Software
    DeleteKey: HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/WS/redirect/?q=Avast&form=WSBSTK&cvid=10e01f56d8074d188cd62f81c443270c&rtk=g0sxSNot1fNP%2FALZowPtHuMvDHcEWJsrcNUPoOm%2FGzeDwdumLiDz%2F%2B%2Fw
    cmd: DISM /Online /Cleanup-Image /RestoreHealth
    End::
    *****************

    Restore point was successfully created.
    Processes closed successfully.

    "C:\Users\USER\AppData\Local\Total_Security" Folder move:

    C:\Users\USER\AppData\Local\Total_Security => moved successfully
    C:\Windows\SystemTemp\AvastBrowser_installer.log => moved successfully
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7CC.pf => moved successfully
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D0.pf => moved successfully
    C:\Windows\Prefetch\AVASTBROWSER.EXE-96FDD7D4.pf => moved successfully
    C:\Windows\Prefetch\AVASTBROWSERUNINSTALL.EXE-17F955BE.pf => moved successfully
    C:\Windows\Prefetch\AVASTBROWSERUPDATE.EXE-D0CC5D31.pf => moved successfully
    C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe => moved successfully
    C:\Users\USER\AppData\Local\Temp\AvastBrowser_installer.log => moved successfully
    C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client => moved successfully
    C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\netcore,Avira.Managed.Endpoint.Protection.Client,1.2410.4113 => moved successfully
    C:\ProgramData\Avast Software\Subscriptions\license.avastlic => moved successfully

    "C:\Users\USER\AppData\Local\Temp\_avast_" Folder move:

    C:\Users\USER\AppData\Local\Temp\_avast_ => moved successfully

    "C:\ProgramData\Avast Software" Folder move:

    C:\ProgramData\Avast Software => moved successfully

    "C:\Program Files\Avast Software" Folder move:

    C:\Program Files\Avast Software => moved successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\\ProductName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\\PackageName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\\LastUsedSource" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\Net\\1" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA\\22BA3C918173D4E42B3042F2051065B5" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties\\InstallSource" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties\\Publisher" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\WicaAvPathsExpiredTemp\\0" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\InstallSource" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\Publisher" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3190614000-2036166471-2658711317-1001\\\Device\HarddiskVolume3\Users\USER\Downloads\avast_free_antivirus_setup_online.exe" => removed successfully
    "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532\\ExecutablePath" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Control Panel\NotifyIconSettings\13174215800881350532\\Publisher" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A24095D0-4A4F-4126-839D-CA0601E0DD1B}\\name" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Corel\PCU\installedsoftware\{A515ABCE-897D-4F8C-B311-3626B6D6EEB2}\\name" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_http" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_https" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.htm" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.html" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.shtml" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.xht" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.xhtml" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\Avast_Secure_Browser" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\Avast_Secure_Browser" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\\b" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\\avast! Antivirus" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\\Avast_Secure_Browser" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http.ieljn\UserChoice\\ProgId" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https.pysyi\UserChoice\\ProgId" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\USER\Downloads\avast_free_antivirus_setup_online.exe.ApplicationCompany" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Windows\Temp\asw.6c7dbec1dea75cbd\avast_free_antivirus_online_setup.exe.ApplicationCompany" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Windows\Temp\asw-c49b73a7-03fc-4cc2-8fe8-72359d94a453\common\icarus_ui.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus_ui.exe.ApplicationCompany" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.FriendlyAppName" => removed successfully
    "HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe.ApplicationCompany" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config\\AviraRegAcl" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\ARP Realtime Protection\config\\AviraFileAcl" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\aswSP" => not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => removed successfully
    RegLink Found. Source: "" => Target: "HKLM\SOFTWARE\Avast Software"
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => not found
    HKEY_USERS\.DEFAULT\Software\AVAST Software => removed successfully
    HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\AVAST Software => removed successfully
    HKEY_USERS\S-1-5-21-3190614000-2036166471-2658711317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/WS/redirect/?q=Avast&form=WSBSTK&cvid=10e01f56d8074d188cd62f81c443270c&rtk=g0sxSNot1fNP%2FALZowPtHuMvDHcEWJsrcNUPoOm%2FGzeDwdumLiDz%2F%2B%2Fw => removed successfully

    ========= DISM /Online /Cleanup-Image /RestoreHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.26100.1150

    Image Version: 10.0.26100.3194


    [== 3.8% ]

    [== 4.8% ]

    [=== 5.7% ]

    [=== 6.7% ]

    [==== 7.7% ]

    [===== 8.7% ]

    [===== 9.7% ]

    [====== 10.6% ]

    [====== 11.6% ]

    [======= 12.6% ]

    [======= 13.6% ]

    [======== 14.6% ]

    [========= 15.5% ]

    [========= 16.5% ]

    [========= 17.1% ]

    [========== 18.1% ]

    [=========== 19.1% ]

    [=========== 20.1% ]

    [============ 21.1% ]

    [============ 22.0% ]

    [============= 23.0% ]

    [============= 24.0% ]

    [============== 25.0% ]

    [============== 25.5% ]

    [=============== 26.5% ]

    [=============== 27.5% ]

    [================ 28.5% ]

    [================= 29.4% ]

    [================= 30.4% ]

    [================== 31.4% ]

    [================== 32.4% ]

    [=================== 33.4% ]

    [=================== 34.3% ]

    [==================== 35.3% ]

    [==================== 35.8% ]

    [===================== 36.8% ]

    [===================== 37.7% ]

    [====================== 38.7% ]

    [====================== 39.0% ]

    [======================= 40.0% ]

    [======================= 40.2% ]

    [======================= 41.1% ]

    [======================== 42.1% ]

    [======================== 42.8% ]

    [========================= 43.8% ]

    [========================= 44.8% ]

    [========================== 45.7% ]

    [===========================46.7% ]

    [===========================47.7% ]

    [===========================48.7% ]

    [===========================49.7% ]

    [===========================50.6% ]

    [===========================51.6% ]

    [===========================52.6% ]

    [===========================52.8% ]

    [===========================53.0% ]

    [===========================53.4% ]

    [===========================53.4% ]

    [===========================53.5% ]

    [===========================53.7% ]

    [===========================53.8% ]

    [===========================53.9% ]

    [===========================54.0% ]

    [===========================54.0% ]

    [===========================54.2% ]

    [===========================54.3% ]

    [===========================54.4% ]

    [===========================54.4% ]

    [===========================54.5% ]

    [===========================54.6% ]

    [===========================54.6% ]

    [===========================54.8% ]

    [===========================54.9% ]

    [===========================55.1% ]

    [===========================55.3% ]

    [===========================55.4% ]

    [===========================55.6% ]

    [===========================55.8% ]

    [===========================56.0% ]

    [===========================56.5% ]

    [===========================57.4%= ]

    [===========================58.4%= ]

    [===========================59.2%== ]

    [===========================59.2%== ]

    [===========================60.2%== ]

    [===========================62.3%==== ]

    [===========================77.4%============ ]

    [===========================84.9%================= ]

    [==========================100.0%==========================]
    The restore operation completed successfully.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 17:06:50 ====
     
    sherbee, Feb 25, 2025
    #10
  11. Oh My!

    Oh My! Malware Expert Staff Member

    That looks good.

    What antivirus program do you prefer to use? Which browser are you going to use as your default browser?
     
    Oh My!, Feb 25, 2025
    #11
  12. sherbee

    sherbee Private E-2

    The one I am currently using is the one that came with windows 11 and Malwarebytes(free trial). I am not too sure what to use and what would be the best as I am on a very tight budget. I was using Chrome but I always have a problem with it as this is the second time it attacked my pc. I am using microsoft edge right now but I am open to suggestions.
     
    sherbee, Feb 25, 2025
    #12
  13. Oh My!

    Oh My! Malware Expert Staff Member

    I would recommend sticking with Windows Defender. It is effective, free, and Windows Update automatically keeps the program updated. We need to change a setting in Malwarebytes to allow Windows Defender to be enabled.

    Microsoft Edge is perfectly fine. We need to set that as your default browser.

    Please do this.

    ===================================================

    Setting Microsoft Edge as Default Browser

    --------------------

    • Launch Microsoft Edge
    • Copy and paste edge://settings/defaultBrowser in the address bar then hit Enter
    • To the right of Make Microsoft Edge your default browser click Make default

    ===================================================

    Running Malwarebytes Premium in Side-by-Side Mode

    --------------------

    • Click Start, type Malwarebytes, then select Run as administrator
    • Click Settings
    • Under Windows Security Center turn off Always register Malwarebytes in the Windows Security Center
    • Close Malwarebytes then reboot your computer
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
StartPowershell:
Set-MpPreference -DisableRealtimeMonitoring $false
Set-MpPreference -DisableIOAVProtection $false
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "Real-Time Protection" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -Value 0 -PropertyType DWORD -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 0 -PropertyType DWORD -Force
start-service WinDefend
start-service WdNisSvc
Get-MpComputerStatus
EndPowershell:
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Edge set as default browser?
    • Malwarebytes setting changed?
    • Fixlog
     
    Oh My!, Feb 25, 2025
    #13
  14. Oh My!

    Oh My! Malware Expert Staff Member

    Are you with us?
     
    Oh My!, Mar 3, 2025
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds