Is It Malware Or Is It Something Else???

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by insan_art, Jul 10, 2024.

  1. insan_art

    insan_art Private First Class

    Hi! Long time user but it's been a while! I used to help family clean up their systems with your help, but I just got tired of it. Haha.

    Anyways, I have a laptop here that started acting funny last fall. I was in the middle of a huge Photoshop project and it (Photoshop) stopped working. I tried getting it working again, but in the end, I ended up buying a new desktop for my Photoshop work. It's business. I had to. But, after that, the laptop started overheating like crazy. I cleaned the fans, and have it propped for extra air. This system is now only for email, surfing and Youtube for music while I do my business on the other computer. Got to the point where I can only listen to Youtube for about 10 minutes before it starts getting hot and angry.
    About two months ago, I got an update from Avast and then suddenly my power profile seems like it was hijacked. The system will not sleep. It goes to sleep and immediately wakes. I dumped Avast and installed Avira instead. Tried to tweak the power settings multiple times but nothing works.

    So ya, sorry, long story short I have a system that won't sleep and also overheats. It was also getting cranky while I ran the scans.

    I have been not really experiencing malware behavior specifically, things are just acting funny, band I figured it's been a while so I have run your malware scan regimen and maybe I have some lurkers. They came back clean for the most part I think. I wasn't able to get a RK log, maybe because it found nothing? It wouldn't let me save anything.
    I also ran into a missing .NET file during the MGTools scan. I did successfully install the update during that, but I didn't run MGTools again, per the instructions. I can certainly run it again if you'd like.

    Again, sorry for the longwinded post.
    Thank you.
     

    Attached Files:

    insan_art, Jul 10, 2024
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome back to the Major Geeks Malware Forum.

    I would like to get some additional information. Please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Jul 10, 2024
    #2
  3. insan_art

    insan_art Private First Class

    Hi there!

    FRST logs attached.

    Thank you for looking!
     

    Attached Files:

    insan_art, Jul 11, 2024
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    You are quite welcome.
    Do you recognize this file?

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\Windows\Minidump
HKU\S-1-5-21-4204037411-4225835458-3463069789-1001\...\MountPoints2: {5240e524-80c3-11ee-bb02-b86b239a7d74} - "E:\setup.exe"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 06.11.2016_13.24.50.zip. Please attach the file to your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Recognize file?
    • Fixlog
    • Attached file
     
    Oh My!, Jul 11, 2024
    #4
  5. insan_art

    insan_art Private First Class

    So, I do recognize the file. It is a photo of a chanterelle mushroom that I probably snagged from Twitter as a reference for my project (I'm currently writing and illustrating a guidebook for edible and medicinal mushrooms in Pennsylvania and the Northeast).
    I'm guessing it's from Twitter based on the file name and it was likely a .jfif file that I changed to a .jpeg (just changed the file extension).
    Is there something suspicious about that file?

    Anyways, the files you requested are attached.

    Thanks!

    EDIT: Oops, I'm sorry, I didn't copy and paste the log. Here you go:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12.07.2024
    Ran by Sarah Nevins (12-07-2024 15:53:41) Run:1
    Running from C:\Users\Sarah Nevins\Desktop
    Loaded Profiles: Sarah Nevins
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    Zip: C:\Windows\Minidump
    HKU\S-1-5-21-4204037411-4225835458-3463069789-1001\...\MountPoints2: {5240e524-80c3-11ee-bb02-b86b239a7d74} - "E:\setup.exe"
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    ================== Zip: ===================
    C:\Windows\Minidump -> copied successfully to C:\Users\Sarah Nevins\Desktop\12.07.2024_15.53.53.zip
    =========== Zip: End ===========
    HKU\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5240e524-80c3-11ee-bb02-b86b239a7d74} => removed successfully

    ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled =========


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power
    HiberbootEnabled REG_DWORD 0x1



    ========= End of Reg: =========


    ========= sfc /scannow =========



    Beginning system scan. This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection found corrupt files and successfully repaired them.

    For online repairs, details are included in the CBS log file located at

    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

    repairs, details are included in the log file provided by the /OFFLOGFILE flag.



    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.19041.3636

    Image Version: 10.0.19045.4651

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 15:58:07 ====
     

    Attached Files:

    insan_art, Jul 12, 2024
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the information.

    Any file with a randomized name needs to be verified as legitimate. There is no evidence of malicious software on your computer.

    I would like to gather additional information to look at some system issues..

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
Zip: C:\Windows\Logs\CBS
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • A SystemSummary file will be created on your Desktop. Attach the file to your reply
    • The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please attach the file to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
    • Attached files
     
    Oh My!, Jul 12, 2024
    #6
  7. insan_art

    insan_art Private First Class

    Good to know. I try to run a tight ship.

    It won't let me upload the .zip, it says it's too big. I uploaded it to my Google Drive, here's the link:
    https://drive.google.com/file/d/1dPU7tUR_tBYt6e7vuGjD_D6rzEo_z5dF/view?usp=sharing

    Haha, ok, it won't let me upload the system summary either. What's the limit? 5 MB? It's 5.03 MB lol.
    I uploaded that to my Google drive, too. Here's the link:
    https://drive.google.com/file/d/1_GkR5uINorTGZm_mASLEx2JAjEimkcVp/view?usp=sharing


    Below is the fixlog contents. Thank you!


    Fix result of Farbar Recovery Scan Tool (x64) Version: 13.07.2024
    Ran by Sarah Nevins (13-07-2024 14:52:35) Run:2
    Running from C:\Users\Sarah Nevins\Desktop
    Loaded Profiles: Sarah Nevins
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    Zip: C:\Windows\Logs\CBS
    cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
    End::
    *****************

    ================== Zip: ===================
    C:\Windows\Logs\CBS -> copied successfully to C:\Users\Sarah Nevins\Desktop\13.07.2024_14.52.35.zip
    =========== Zip: End ===========

    ========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========

    0

    ========= End of CMD: =========


    ==== End of Fixlog 14:54:29 ====
     
    insan_art, Jul 13, 2024
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    Somehow the System Summary report ended up being a VLC file. Let's do it this way.

    ===================================================

    System Summary Information

    --------------------
    • Press the Windows Key + R at the same time
    • Type msinfo32 then select Run as administrator
    • Left click on System Summary
    • Click File, Save, name the file Summary and save it to your Desktop
    • Zip and upload the file again
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Uploaded zip file
     
    Oh My!, Jul 13, 2024
    #8
  9. insan_art

    insan_art Private First Class

    Ok, I'm sorry about that. Let's try this.

    Proper ZIP attached, I think.
    Thank you again.
     

    Attached Files:

    insan_art, Jul 13, 2024
    #9
  10. insan_art

    insan_art Private First Class

    One other thing I'm noticing. It's like my Chrome profile is getting reset every once in a while. All of my settings are being dumped. It's happening more frequently. I'm doing nothing, it's just happening.
     
    insan_art, Jul 13, 2024
    #10
  11. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the information.

    In addition to the Chrome issue can you confirm these symptoms are still present?

    ===================================================

    Please download Samsung Magician Software and review the Magician Software Installation Guide. Run the program and report the results.

    ===================================================

    Wireless Adapter Driver Version

    --------------

    • Click Start, type devmgmt.msc then hit Enter
    • Double click on Network adapters to expand the category
    • Right click on Intel(R) Dual Band Wireless-AC 7260 and select Properties
    • Click on the Driver tab
    • Report the Driver Date: and Driver Version: information
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------

    Note: This process will take at least 60 seconds to complete

    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CloseProcesses:
CreateRestorePoint:
cmd: powercfg -devicequery wake_armed
cmd: powercfg.exe /energy
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Upon completion an energy-report.html report will be placed on the Desktop. Zip and attach the file report to your reply
    ===================================================

    Open Hardware Monitor

    -------------------

    • Download Open Hardware Monitor and save it to your desktop
    • Unzip the folder onto your Desktop
    • Inside the OpenHardwareMonitor folder right click the OpenHardwareMonitor and select Run as administrator
    • Monitor the temperature readings for both the CPU and the drive when the computers to be running hot
    • Report the findings in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Symptoms still present?
    • Samsung Magician results?
    • Wireless adapter information
    • Fixlog
    • Zipped and attached energy-report.html report
    • Open Hardware results
     
    Oh My!, Jul 14, 2024
    #11
  12. insan_art

    insan_art Private First Class

    Hello sir, my apologies for taking so long to respond, some things came up over the past few days that have kept me very busy!

    Also, I apologize, I did download/install the Samsung software but I'm unsure of what I am supposed to "run" on it? There seem to be several diagnostics available.

    Yes, the symptoms are still present.

    Wireless adapter info:
    Driver Date: 9/3/2018
    Version: 18.33. 14.3

    Here is the fixlog, the energy profile is attached:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
    Ran by Sarah Nevins (16-07-2024 17:26:51) Run:3
    Running from C:\Users\Sarah Nevins\Desktop
    Loaded Profiles: Sarah Nevins
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CloseProcesses:
    CreateRestorePoint:
    cmd: powercfg -devicequery wake_armed
    cmd: powercfg.exe /energy
    End::
    *****************

    Processes closed successfully.
    Restore point was successfully created.

    ========= powercfg -devicequery wake_armed =========

    HID-compliant mouse



    ========= End of CMD: =========


    ========= powercfg.exe /energy =========

    Enabling tracing for 60 seconds...
    Observing system behavior...
    Analyzing trace data...
    Analysis complete.

    Energy efficiency problems were found.

    4 Errors
    8 Warnings
    17 Informational

    See C:\Users\Sarah Nevins\Desktop\energy-report.html for more details.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 17:28:15 ====



    So, I played a bunch of Youtube to try to get things to overheat. While I was doing that, the CPU was hitting 50-55C and the drive was around 48C.
    Then I let it sit for a while with nothing running. Came back to it and it was freaking out even more than while I was running Youtube! CPU was hitting 66-68C while the drive was jumping to 56-58C. While it was doing nothing. Weird.
    I rebooted and then walked away for a while. When I came back it wasn't freaking out anymore and the drive temp was at 44C.


    Thanks for looking and please let me know what more I need to do with the Samsung thing!
     

    Attached Files:

    insan_art, Jul 17, 2024
    #12
  13. Oh My!

    Oh My! Malware Expert Staff Member

    No problem at all on the delay. Thank you for your patience, there was a lot to sort through.

    Since I don't have a Sasmsung SSD I was unable to test things, like I normally do. For that reason I referred to Magician Software Installation Guide. At this point we have other issues to address so we can put that on hold.

    I am assuming you have a wireless mouse. If so, disconnect it then try to enter the computer sleep state.

    I would like us to uninstall Avira. It can be reinstalled if you wish after we finish our troubleshooting. Please do this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Avira Security
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    SearchAll: Avira;Avast
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Attach the report to your reply. If it is too large zip the file, upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Sleep state?
    • Avira uninstalled?
    • Search.txt
    • Fixlog
     
    Oh My!, Jul 18, 2024
    #13
  14. insan_art

    insan_art Private First Class

    Well well well! I disconnected the mouse and sure enough. The laptop went to sleep!

    So, I did have a wireless mouse on this until Nov 2023 when I bought a new system for work. Swapped that wireless mouse to the new system and have been using the cheap wired ASUS mouse that came with that other system. I don't think that matters. I went in to the device manager and I see that something was changed with the mouse driver or something on 4/30/2024. That's the day that Avast updated and my problems started.

    I went and purchased another wireless mouse today and have it on here now. System is still sleeping properly. So, something in that other mouse profile was definitely the problem with the sleep issues!

    Also, please be assured I did review the Samsung Magician Installation guide. It appears to be just system requirements for install and a description of what capabilities the software has. I installed the program and opened it, but there are so many diagnostic options and I wasn't sure what you were looking for exactly from that program. I can provide a screenshot of the control panel, if you'd like.

    I have to get to work now, the boss is calling (I'm the boss, haha, yay, self employment) so I will try to get through the rest of your requests tonight or tomorrow morning.
    Just wanted to let you know about the progress with the mouse issue.
    Thank you!
     
    insan_art, Jul 18, 2024
    #14
  15. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the update. No rush on my end.

    Glad the sleep issue was resolved.

    If you get to the Samsung Magician GUI we would want to do a Diagnostic Scan. But like I said we can put this on hold while we address the other issues.
     
    Oh My!, Jul 18, 2024
    #15
    xrobwx71 likes this.
  16. Oh My!

    Oh My! Malware Expert Staff Member

    How are we doing?
     
    Oh My!, Jul 27, 2024
    #16
  17. insan_art

    insan_art Private First Class

    Hi! Sorry, I've been extremely busy. I hope I can get back to you tomorrow. Thank you for your patience.
     
    insan_art, Aug 3, 2024
    #17
  18. Oh My!

    Oh My! Malware Expert Staff Member

    No problem at all. Thanks for the update.
     
    Oh My!, Aug 3, 2024
    #18
  19. insan_art

    insan_art Private First Class

    Hello.
    Again, sorry for the delay.

    As I mentioned before, the sleep state is back to normal after installing a new mouse.

    Avira has been uninstalled, Search.txt is attached and here are the contents of fixlog.txt

    Thank you again for your assistance.


    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08.2024
    Ran by Sarah Nevins (12-08-2024 14:30:58) Run:4
    Running from C:\Users\Sarah Nevins\Desktop
    Loaded Profiles: Sarah Nevins
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
    Powershell: Get-MpComputerStatus
    End::
    *****************


    ========= Set-MpPreference -DisableRealtimeMonitoring $false =========


    ========= End of Powershell: =========


    ========= Get-MpComputerStatus =========



    AMEngineVersion : 1.1.24070.3
    AMProductVersion : 4.18.24070.5
    AMRunningMode : Normal
    AMServiceEnabled : True
    AMServiceVersion : 4.18.24070.5
    AntispywareEnabled : True
    AntispywareSignatureAge : 1
    AntispywareSignatureLastUpdated : 8/11/2024 11:36:39 AM
    AntispywareSignatureVersion : 1.417.71.0
    AntivirusEnabled : True
    AntivirusSignatureAge : 1
    AntivirusSignatureLastUpdated : 8/11/2024 11:36:39 AM
    AntivirusSignatureVersion : 1.417.71.0
    BehaviorMonitorEnabled : True
    ComputerID : C1E3B737-D4DC-4BAB-8D49-F9A5B74FE477
    ComputerState : 0
    DefenderSignaturesOutOfDate : False
    DeviceControlDefaultEnforcement :
    DeviceControlPoliciesLastUpdated : 12/31/1600 7:00:00 PM
    DeviceControlState : Disabled
    FullScanAge : 4294967295
    FullScanEndTime :
    FullScanOverdue : False
    FullScanRequired : False
    FullScanSignatureVersion :
    FullScanStartTime :
    InitializationProgress : ServiceStartedSuccessfully
    IoavProtectionEnabled : True
    IsTamperProtected : True
    IsVirtualMachine : False
    LastFullScanSource : 0
    LastQuickScanSource : 2
    NISEnabled : True
    NISEngineVersion : 1.1.24070.3
    NISSignatureAge : 1
    NISSignatureLastUpdated : 8/11/2024 11:36:39 AM
    NISSignatureVersion : 1.417.71.0
    OnAccessProtectionEnabled : True
    ProductStatus : 524288
    QuickScanAge : 91
    QuickScanEndTime : 5/12/2024 6:59:55 PM
    QuickScanOverdue : False
    QuickScanSignatureVersion : 1.411.106.0
    QuickScanStartTime : 5/12/2024 6:57:27 PM
    RealTimeProtectionEnabled : True
    RealTimeScanDirection : 0
    RebootRequired : False
    SmartAppControlExpiration :
    SmartAppControlState : Off
    TamperProtectionSource : Signatures
    TDTCapable : N/A
    TDTMode : N/A
    TDTSiloType : N/A
    TDTStatus : N/A
    TDTTelemetry : N/A
    TroubleShootingDailyMaxQuota :
    TroubleShootingDailyQuotaLeft :
    TroubleShootingEndTime :
    TroubleShootingExpirationLeft :
    TroubleShootingMode :
    TroubleShootingModeSource :
    TroubleShootingQuotaResetTime :
    TroubleShootingStartTime :
    PSComputerName :




    ========= End of Powershell: =========


    ==== End of Fixlog 14:31:03 ====
     

    Attached Files:

    insan_art, Aug 12, 2024
    #19
  20. Oh My!

    Oh My! Malware Expert Staff Member

    No problem at all.

    Now this please.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\Avira_Spotlight_Bootstrapper_2024-08-07_20-55-50.log
C:\Windows\Temp\sentry_temp\Avira.Optimizer.Common.Updater.exe.747B123ED67CF4A33E50531BB2FEE947
C:\Windows\Temp\sentry_temp\Avira.Spotlight.Common.Updater.exe.C3F4E5C1C2C14533D26581903792E68F
C:\Windows\Temp\sentry_temp\Avira.Spotlight.Service.Worker.exe.C3F4E5C1C2C14533D26581903792E68F
C:\Windows\Temp\sentry_temp\Avira.Spotlight.Systray.Application.exe.22132884C09C0E88F00843932F74E171
C:\Windows\Temp\sentry_temp\Avira.Spotlight.UI.AdministrativeRightsProvider.exe.7D4D86A0ED14B2E44CA0EC06333DFE26
C:\Windows\Temp\sentry_temp\Avira.SystemSpeedup.Maintenance.exe.CD380C3CE86BA1C1D1F58F9F1811F390
C:\Windows\Temp\is-0IOQE.tmp\avira_speedup_setup.tmp
C:\Windows\Prefetch\AVIRA.OPTIMIZERHOST.EXE-4DB66CAB.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-742D2627.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.COMMON.UPDATE-D7BBA9C1.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.FALLBACKUPDAT-5B4F7A8F.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.EXE-C417491A.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.WORKE-12C61AF2.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-33617D91.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-1E109885.pf
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-FCB29A99.pf
C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.MAINTENAN-DAB4F4C4.pf
C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.REALTIMEO-10F14473.pf
C:\Users\Sarah Nevins\Downloads\avast_free_antivirus_setup_online.exe
C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510 DLL.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_optimizer_host_uninstall_20240812141421123.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-03.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-20.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-14-08.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-15-08.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_03.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_20.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08_1.log
C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_15_08.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_setup_20240512204513679.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_uninstall_20240812141421138.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_setup_20240512204525303.log
C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_uninstall_20240812141421138.log
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.GUARDS.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.MIXPANEL.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FILEDOWNLOADER.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FUNCTIONAL.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE.CONFIG
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE.CONFIG
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE.CONFIG
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-TW\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-CN\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\TR-TR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\RU-RU\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\PT-BR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\NL-NL\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\JA-JP\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\IT-IT\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\FR-FR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ES-ES\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\DE-DE\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
C:\Users\Sarah Nevins\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Avira_Security_Avira_Spotlight_UI_Application_exe
C:\Users\Sarah Nevins\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
C:\ProgramData\Avast Software\Subscriptions\license.avastlic
2024-03-18 20:26 - 2024-05-07 12:15 _____ C:\Windows\Temp\avast_ash2
2021-01-05 20:09 - 2024-05-13 10:06 _____ C:\Windows\Temp\_avast_
2024-03-18 20:36 - 2024-03-18 20:36 _____ C:\Windows\Temp\avast_ash2\Avast Antivirus
2024-03-18 20:36 - 2024-03-18 20:36 _____ C:\Windows\Temp\avast_ash2\Avast Antivirus with BCU
2024-08-12 14:14 - 2024-08-12 14:14 _____ C:\Windows\System32\Tasks\Avira
2024-05-12 20:45 - 2024-05-12 20:48 _____ C:\Users\Sarah Nevins\AppData\Local\Avira
2024-05-12 20:46 - 2024-05-12 20:46 _____ C:\Users\Sarah Nevins\AppData\Local\AviraWebView2Cache
2024-03-18 20:26 - 2024-03-18 20:26 _____ C:\Users\Sarah Nevins\AppData\Local\Temp\_avast_
2024-05-12 18:32 - 2024-05-12 18:32 _____ C:\Users\Sarah Nevins\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb
2021-01-05 20:08 - 2024-05-12 18:36 _____ C:\ProgramData\Avast Software
2021-01-05 20:08 - 2024-05-12 18:36 _____ C:\ProgramData\Avast Software\Persistent Data\Avast
2024-05-12 20:45 - 2024-08-12 14:19 _____ C:\Program Files (x86)\Avira
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe|DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32\1.0.0.0|CodeBase
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4204037411-4225835458-3463069789-1001|\Device\HarddiskVolume2\Program Files (x86)\Avira\System Speedup\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL|Avira.Spotlight.UI.Application.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL|Avira.Spotlight.UI.Application.Messaging.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Spotlight.UI.Application.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Spotlight.UI.Application.Messaging.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5678bc11_0|""
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\Avast\AvastUI.exe
DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\Avast\setup\instup.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira.Optimizer.Common.Updater
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\avast! Antivirus
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
    Oh My!, Aug 12, 2024
    #20
  21. insan_art

    insan_art Private First Class

    Hi, thank you for the speedy reply.

    Fixlog is below.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08.2024
    Ran by Sarah Nevins (12-08-2024 16:35:25) Run:5
    Running from C:\Users\Sarah Nevins\Desktop
    Loaded Profiles: Sarah Nevins
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    C:\Windows\Temp\Avira_Spotlight_Bootstrapper_2024-08-07_20-55-50.log
    C:\Windows\Temp\sentry_temp\Avira.Optimizer.Common.Updater.exe.747B123ED67CF4A33E50531BB2FEE947
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Common.Updater.exe.C3F4E5C1C2C14533D26581903792E68F
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Service.Worker.exe.C3F4E5C1C2C14533D26581903792E68F
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Systray.Application.exe.22132884C09C0E88F00843932F74E171
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.UI.AdministrativeRightsProvider.exe.7D4D86A0ED14B2E44CA0EC06333DFE26
    C:\Windows\Temp\sentry_temp\Avira.SystemSpeedup.Maintenance.exe.CD380C3CE86BA1C1D1F58F9F1811F390
    C:\Windows\Temp\is-0IOQE.tmp\avira_speedup_setup.tmp
    C:\Windows\Prefetch\AVIRA.OPTIMIZERHOST.EXE-4DB66CAB.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-742D2627.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.COMMON.UPDATE-D7BBA9C1.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.FALLBACKUPDAT-5B4F7A8F.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.EXE-C417491A.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.WORKE-12C61AF2.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-33617D91.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-1E109885.pf
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-FCB29A99.pf
    C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.MAINTENAN-DAB4F4C4.pf
    C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.REALTIMEO-10F14473.pf
    C:\Users\Sarah Nevins\Downloads\avast_free_antivirus_setup_online.exe
    C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510 DLL.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_optimizer_host_uninstall_20240812141421123.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-03.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-20.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-14-08.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-15-08.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_03.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_20.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08_1.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_15_08.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_setup_20240512204513679.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_uninstall_20240812141421138.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_setup_20240512204525303.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_uninstall_20240812141421138.log
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.GUARDS.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.MIXPANEL.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FILEDOWNLOADER.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FUNCTIONAL.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE.CONFIG
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE.CONFIG
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE.CONFIG
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-TW\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-CN\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\TR-TR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\RU-RU\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\PT-BR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\NL-NL\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\JA-JP\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\IT-IT\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\FR-FR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ES-ES\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\DE-DE\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL
    C:\Users\Sarah Nevins\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Avira_Security_Avira_Spotlight_UI_Application_exe
    C:\Users\Sarah Nevins\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
    C:\ProgramData\Avast Software\Subscriptions\license.avastlic
    2024-03-18 20:26 - 2024-05-07 12:15 _____ C:\Windows\Temp\avast_ash2
    2021-01-05 20:09 - 2024-05-13 10:06 _____ C:\Windows\Temp\_avast_
    2024-03-18 20:36 - 2024-03-18 20:36 _____ C:\Windows\Temp\avast_ash2\Avast Antivirus
    2024-03-18 20:36 - 2024-03-18 20:36 _____ C:\Windows\Temp\avast_ash2\Avast Antivirus with BCU
    2024-08-12 14:14 - 2024-08-12 14:14 _____ C:\Windows\System32\Tasks\Avira
    2024-05-12 20:45 - 2024-05-12 20:48 _____ C:\Users\Sarah Nevins\AppData\Local\Avira
    2024-05-12 20:46 - 2024-05-12 20:46 _____ C:\Users\Sarah Nevins\AppData\Local\AviraWebView2Cache
    2024-03-18 20:26 - 2024-03-18 20:26 _____ C:\Users\Sarah Nevins\AppData\Local\Temp\_avast_
    2024-05-12 18:32 - 2024-05-12 18:32 _____ C:\Users\Sarah Nevins\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb
    2021-01-05 20:08 - 2024-05-12 18:36 _____ C:\ProgramData\Avast Software
    2021-01-05 20:08 - 2024-05-12 18:36 _____ C:\ProgramData\Avast Software\Persistent Data\Avast
    2024-05-12 20:45 - 2024-08-12 14:19 _____ C:\Program Files (x86)\Avira
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe|DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32|CodeBase
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32\1.0.0.0|CodeBase
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4204037411-4225835458-3463069789-1001|\Device\HarddiskVolume2\Program Files (x86)\Avira\System Speedup\unins000.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL|Avira.Spotlight.UI.Application.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL|Avira.Spotlight.UI.Application.Messaging.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Spotlight.UI.Application.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Spotlight.UI.Application.Messaging.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5678bc11_0|""
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|avast! Antivirus
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\Avast\AvastUI.exe
    DeleteValue: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Avast Software\Avast\setup\instup.exe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira.Optimizer.Common.Updater
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
    DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Avast Software
    DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\AvastAdSDK
    DeleteKey: HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\avast! Antivirus
    End::
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Windows\Temp\Avira_Spotlight_Bootstrapper_2024-08-07_20-55-50.log => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.Optimizer.Common.Updater.exe.747B123ED67CF4A33E50531BB2FEE947 => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Common.Updater.exe.C3F4E5C1C2C14533D26581903792E68F => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Service.Worker.exe.C3F4E5C1C2C14533D26581903792E68F => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.Systray.Application.exe.22132884C09C0E88F00843932F74E171 => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.Spotlight.UI.AdministrativeRightsProvider.exe.7D4D86A0ED14B2E44CA0EC06333DFE26 => moved successfully
    C:\Windows\Temp\sentry_temp\Avira.SystemSpeedup.Maintenance.exe.CD380C3CE86BA1C1D1F58F9F1811F390 => moved successfully
    C:\Windows\Temp\is-0IOQE.tmp\avira_speedup_setup.tmp => moved successfully
    "C:\Windows\Prefetch\AVIRA.OPTIMIZERHOST.EXE-4DB66CAB.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-742D2627.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SPOTLIGHT.COMMON.UPDATE-D7BBA9C1.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SPOTLIGHT.FALLBACKUPDAT-5B4F7A8F.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.EXE-C417491A.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SPOTLIGHT.SERVICE.WORKE-12C61AF2.pf" => not found
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-33617D91.pf => moved successfully
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-1E109885.pf => moved successfully
    C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-FCB29A99.pf => moved successfully
    "C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.MAINTENAN-DAB4F4C4.pf" => not found
    "C:\Windows\Prefetch\AVIRA.SYSTEMSPEEDUP.REALTIMEO-10F14473.pf" => not found
    C:\Users\Sarah Nevins\Downloads\avast_free_antivirus_setup_online.exe => moved successfully
    C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510 DLL.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_endpoint_protection_sdk_setup_20240512204510.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_optimizer_host_uninstall_20240812141421123.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-03.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-05-12_20-45-20.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-14-08.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_2024-08-12_14-15-08.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_03.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-05_12_20_45_20.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_14_08_1.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\Avira_Spotlight_Bootstrapper_Presetup_2024-08_12_14_15_08.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_setup_20240512204513679.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_spotlight_uninstall_20240812141421138.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_setup_20240512204525303.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\avira_system_speedup_uninstall_20240812141421138.log => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.GUARDS.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.COMMON.MIXPANEL.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FILEDOWNLOADER.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.FUNCTIONAL.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE.CONFIG => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REPORTINGTOOL.EXE.CONFIG => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RUNNER.EXE.CONFIG => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-TW\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ZH-CN\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\TR-TR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\RU-RU\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\PT-BR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\NL-NL\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\JA-JP\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\IT-IT\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\FR-FR\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\ES-ES\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Temp\.CR.4515\DE-DE\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL => moved successfully
    C:\Users\Sarah Nevins\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Avira_Security_Avira_Spotlight_UI_Application_exe => moved successfully

    "C:\Users\Sarah Nevins\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip" Folder move:

    C:\Users\Sarah Nevins\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip => moved successfully
    C:\ProgramData\Avast Software\Subscriptions\license.avastlic => moved successfully

    "C:\Windows\Temp\avast_ash2" Folder move:

    C:\Windows\Temp\avast_ash2 => moved successfully

    "C:\Windows\Temp\_avast_" Folder move:

    C:\Windows\Temp\_avast_ => moved successfully
    "C:\Windows\Temp\avast_ash2\Avast Antivirus" => not found
    "C:\Windows\Temp\avast_ash2\Avast Antivirus with BCU" => not found

    "C:\Windows\System32\Tasks\Avira" Folder move:

    C:\Windows\System32\Tasks\Avira => moved successfully

    "C:\Users\Sarah Nevins\AppData\Local\Avira" Folder move:

    C:\Users\Sarah Nevins\AppData\Local\Avira => moved successfully

    "C:\Users\Sarah Nevins\AppData\Local\AviraWebView2Cache" Folder move:

    C:\Users\Sarah Nevins\AppData\Local\AviraWebView2Cache => moved successfully

    "C:\Users\Sarah Nevins\AppData\Local\Temp\_avast_" Folder move:

    C:\Users\Sarah Nevins\AppData\Local\Temp\_avast_ => moved successfully

    "C:\Users\Sarah Nevins\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb" Folder move:

    C:\Users\Sarah Nevins\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb => moved successfully

    "C:\ProgramData\Avast Software" Folder move:

    C:\ProgramData\Avast Software => moved successfully
    "C:\ProgramData\Avast Software\Persistent Data\Avast" => not found

    "C:\Program Files (x86)\Avira" Folder move:

    C:\Program Files (x86)\Avira => moved successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe|DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32" => not found
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE10D625-CC60-30A4-B3DF-4B349785BE6B}\InprocServer32\1.0.0.0\\CodeBase" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4204037411-4225835458-3463069789-1001\\\Device\HarddiskVolume2\Program Files (x86)\Avira\System Speedup\unins000.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\\Avira.Spotlight.UI.Application.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\\Avira.Spotlight.UI.Application.Messaging.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Avira.Spotlight.UI.Application.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Avira.Spotlight.UI.Application.Messaging.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\Sarah Nevins\Downloads\avira_en_sptl1_1242829742-1715553143-1715553143-1__pavwws-spotlight-release.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5678bc11_0\\" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\avast! Antivirus" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Avast Software\Avast\AvastUI.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Avast Software\Avast\setup\instup.exe" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32 => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32 => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira.Optimizer.Common.Updater => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage => removed successfully
    RegLink Found. Source: "" => Target: "HKLM\SOFTWARE\Avast Software"
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software" => removed successfully
    HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Avast Software => removed successfully
    HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\AvastAdSDK => removed successfully
    HKEY_USERS\S-1-5-21-4204037411-4225835458-3463069789-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\avast! Antivirus => removed successfully


    The system needed a reboot.

    ==== End of Fixlog 16:35:49 ====
     
    insan_art, Aug 12, 2024
    #21
  22. Oh My!

    Oh My! Malware Expert Staff Member

    Looks good. Are you currently experiencing any issues?
     
    Oh My!, Aug 12, 2024
    #22
  23. insan_art

    insan_art Private First Class

    Everything seems good.

    Do you recommend reinstalling Avira?
     
    insan_art, Aug 14, 2024
    #23
  24. Oh My!

    Oh My! Malware Expert Staff Member

    Glad things are running well.

    Which antivirus to use is an individual choice and I don't make any recommendations. However I don't mind sharing what I have chosen. Personally I use Windows Security (the new name for Windows Defender) along with the paid version of Malwarebytes, Malwarebytes Premium.

    Windows Security takes care of updates automatically and is integrated with Windows Update. It works behind the scenes without the need for interaction on my part. I prefer this approach rather than what I experienced with other programs.

    Malwarebytes Premium is also very low maintenance and it provides real time monitoring. The free version, although very good, is launched manually and therefore addresses what is already on the computer rather than monitoring the computer in real time to stop potential threats. You can Run Malwarebytes in Side-by-Side Mode (not generally recommend to run 2 programs at once) so I have 2 real time protection programs running at the same time, Windows Security and Malwarebytes Premium. So far I have not become infected.

    Having said all of that, it is a personal decision.
     
    Oh My!, Aug 14, 2024
    #24
  25. insan_art

    insan_art Private First Class

    Thanks, I was wondering if Windows Security alone was enough. (vs Avira or something else) I know that originally when it came out, Defender wasn't really enough.

    I am pretty careful about my behaviors, but there are always driveby viruses, even on trusted sites.
     
    insan_art, Aug 14, 2024
    #25
  26. Oh My!

    Oh My! Malware Expert Staff Member

    Being careful is the key. Antivirus programs won't always protect us against our own reckless computer habits.

    I think we are all set.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

    Thank you for placing your trust in Major Geeks. It was a pleasure serving you.
     
    Oh My!, Aug 15, 2024
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds