[DR M]

I'll need a considerable amount of time to check this and remove the Avast remnants.

[Advertisements]

Back.
 
1. Start in Safe mode
 
See here how to do this: How to Boot Safe Mode in Windows 11 - Microsoft Community Hub
 
 
2. FRST fix
 
Once in Safe mode...

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {A57E628C-F035-4822-9F08-B86702D0669A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.23.11010" --silent
Task: {8A0C1B65-5EE5-44B6-907A-891CD267093C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {32E448FD-2360-4740-B753-0608DE34EC79} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2171640 2024-05-07] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2021-07-14] (Freemake) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{65AE6FC3-31B2-4A1E-95E3-5DF8F563D540}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{756BD03C-ADCD-44A4-A51F-74EF8CA87535}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{862264D6-8207-4058-9A37-0E6FB0BF40AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{C76FDE58-7DD2-4B40-9E36-A65FB99AC5FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{1F6007C5-90DF-4865-91C7-80FC8F034DD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{AD78B310-82A7-4F55-9E1A-1F2AA542DB9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{8137CBA0-B653-4A63-BFA6-DEC9AA9CCF11}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{EA8494E9-78FE-4949-976F-BE6A3FD37724}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
C:\ProgramData\Freemake\FreemakeUtilsService
C:\WINDOWS\system32\Tasks\Avast Software
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 
C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c 
C:\Windows\WinSxS\Fusion\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b 
C:\Windows\WinSxS\Fusion\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 
C:\Windows\WinSxS\Fusion\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 
C:\Windows\WinSxS\Fusion\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580
C:\Users\steve\AppData\Roaming\AVAST Software
C:\Users\Hannah\AppData\Local\AVAST Software
C:\Users\Gillian\AppData\Local\AVAST Software
C:\ProgramData\Intel\ShaderCache\AvastBrowser_1 
C:\ProgramData\AVAST Software
C:\Windows.old\Windows\System32\Tasks_Migrated\Avast Software
C:\Windows\System32\Tasks_Migrated\Avast Software
C:\Windows\System32\Tasks\Avast Software
C:\Users\steve\AppData\Roaming\AVAST Software
C:\Users\steve\AppData\Local\AVAST Software
C:\Users\Hannah\AppData\Local\AVAST Software
C:\Users\Gillian\AppData\Local\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\AVAST Software
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\AvastAdSDK
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\AVAST Software
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https"="0
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http"="0
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_F18475C78DD17143880560FF0E37C17B"="0x020000000000000000000000
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe"="0x020000000000000000000000
DeleteKey: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

[DR M]

Back.
 
1. Start in Safe mode
 
See here how to do this: How to Boot Safe Mode in Windows 11 - Microsoft Community Hub
 
 
2. FRST fix
 
Once in Safe mode...

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {A57E628C-F035-4822-9F08-B86702D0669A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.23.11010" --silent
Task: {8A0C1B65-5EE5-44B6-907A-891CD267093C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {32E448FD-2360-4740-B753-0608DE34EC79} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2171640 2024-05-07] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2021-07-14] (Freemake) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{65AE6FC3-31B2-4A1E-95E3-5DF8F563D540}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{756BD03C-ADCD-44A4-A51F-74EF8CA87535}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{862264D6-8207-4058-9A37-0E6FB0BF40AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{C76FDE58-7DD2-4B40-9E36-A65FB99AC5FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{1F6007C5-90DF-4865-91C7-80FC8F034DD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{AD78B310-82A7-4F55-9E1A-1F2AA542DB9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{8137CBA0-B653-4A63-BFA6-DEC9AA9CCF11}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{EA8494E9-78FE-4949-976F-BE6A3FD37724}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
C:\ProgramData\Freemake\FreemakeUtilsService
C:\WINDOWS\system32\Tasks\Avast Software
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 
C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c 
C:\Windows\WinSxS\Fusion\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b 
C:\Windows\WinSxS\Fusion\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 
C:\Windows\WinSxS\Fusion\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 
C:\Windows\WinSxS\Fusion\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580
C:\Users\steve\AppData\Roaming\AVAST Software
C:\Users\Hannah\AppData\Local\AVAST Software
C:\Users\Gillian\AppData\Local\AVAST Software
C:\ProgramData\Intel\ShaderCache\AvastBrowser_1 
C:\ProgramData\AVAST Software
C:\Windows.old\Windows\System32\Tasks_Migrated\Avast Software
C:\Windows\System32\Tasks_Migrated\Avast Software
C:\Windows\System32\Tasks\Avast Software
C:\Users\steve\AppData\Roaming\AVAST Software
C:\Users\steve\AppData\Local\AVAST Software
C:\Users\Hannah\AppData\Local\AVAST Software
C:\Users\Gillian\AppData\Local\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\AVAST Software
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\AvastAdSDK
DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\AVAST Software
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https"="0
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http"="0
DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_F18475C78DD17143880560FF0E37C17B"="0x020000000000000000000000
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe"="0x020000000000000000000000
DeleteKey: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

[Steviep]

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by steven (10-05-2024 17:57:47) Run:3

Running from C:\Users\steve\Desktop

Loaded Profiles: steven & Hannah & Gillian

Boot Mode: Safe Mode (minimal)

==============================================

 

fixlist content:

*****************

Start::

CreateRestorePoint:

CloseProcesses:

Task: {A57E628C-F035-4822-9F08-B86702D0669A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.23.11010" --silent

Task: {8A0C1B65-5EE5-44B6-907A-891CD267093C} - System32\Tasks\CCleanerSkipUAC - steven => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Task: {32E448FD-2360-4740-B753-0608DE34EC79} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2171640 2024-05-07] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2021-07-14] (Freemake) [File not signed]

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

FirewallRules: [{65AE6FC3-31B2-4A1E-95E3-5DF8F563D540}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{756BD03C-ADCD-44A4-A51F-74EF8CA87535}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{862264D6-8207-4058-9A37-0E6FB0BF40AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{C76FDE58-7DD2-4B40-9E36-A65FB99AC5FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

FirewallRules: [{1F6007C5-90DF-4865-91C7-80FC8F034DD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{AD78B310-82A7-4F55-9E1A-1F2AA542DB9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{8137CBA0-B653-4A63-BFA6-DEC9AA9CCF11}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

FirewallRules: [{EA8494E9-78FE-4949-976F-BE6A3FD37724}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe => No File

C:\ProgramData\Freemake\FreemakeUtilsService

C:\WINDOWS\system32\Tasks\Avast Software

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 

C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c 

C:\Windows\WinSxS\Fusion\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b 

C:\Windows\WinSxS\Fusion\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 

C:\Windows\WinSxS\Fusion\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 

C:\Windows\WinSxS\Fusion\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580

C:\Users\steve\AppData\Roaming\AVAST Software

C:\Users\Hannah\AppData\Local\AVAST Software

C:\Users\Gillian\AppData\Local\AVAST Software

C:\ProgramData\Intel\ShaderCache\AvastBrowser_1 

C:\ProgramData\AVAST Software

C:\Windows.old\Windows\System32\Tasks_Migrated\Avast Software

C:\Windows\System32\Tasks_Migrated\Avast Software

C:\Windows\System32\Tasks\Avast Software

C:\Users\steve\AppData\Roaming\AVAST Software

C:\Users\steve\AppData\Local\AVAST Software

C:\Users\Hannah\AppData\Local\AVAST Software

C:\Users\Gillian\AppData\Local\AVAST Software

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe

DeleteKey: HKEY_USERS\.DEFAULT\Software\AVAST Software

DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Avast Software

DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\AvastAdSDK

DeleteKey: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\AVAST Software

DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https"="0

DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http"="0

DeleteValue: HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_F18475C78DD17143880560FF0E37C17B"="0x020000000000000000000000

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe"="0x020000000000000000000000

DeleteKey: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

EmptyTemp:

End::

 

 

*****************

 

Error: Restore point can only be created in normal mode.

Processes closed successfully.

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A57E628C-F035-4822-9F08-B86702D0669A}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A57E628C-F035-4822-9F08-B86702D0669A}" => removed successfully

C:\WINDOWS\System32\Tasks\CCleanerCrashReporting => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerCrashReporting" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A0C1B65-5EE5-44B6-907A-891CD267093C}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A0C1B65-5EE5-44B6-907A-891CD267093C}" => removed successfully

C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - steven => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC - steven" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32E448FD-2360-4740-B753-0608DE34EC79}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E448FD-2360-4740-B753-0608DE34EC79}" => removed successfully

C:\WINDOWS\System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001 => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta\Messenger-WSP-Helper-S-1-5-21-1741543102-3776721137-2454621359-1001" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully

C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully

C:\WINDOWS\Tasks\CCleanerCrashReporting.job => moved successfully

HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully

WinSetupMon => service removed successfully

HKLM\System\CurrentControlSet\Services\Freemake Improver => removed successfully

Freemake Improver => service removed successfully

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65AE6FC3-31B2-4A1E-95E3-5DF8F563D540}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{756BD03C-ADCD-44A4-A51F-74EF8CA87535}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{862264D6-8207-4058-9A37-0E6FB0BF40AB}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C76FDE58-7DD2-4B40-9E36-A65FB99AC5FB}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F6007C5-90DF-4865-91C7-80FC8F034DD0}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD78B310-82A7-4F55-9E1A-1F2AA542DB9F}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8137CBA0-B653-4A63-BFA6-DEC9AA9CCF11}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA8494E9-78FE-4949-976F-BE6A3FD37724}" => removed successfully

 

"C:\ProgramData\Freemake\FreemakeUtilsService" Folder move:

 

C:\ProgramData\Freemake\FreemakeUtilsService => moved successfully

 

"C:\WINDOWS\system32\Tasks\Avast Software" Folder move:

 

C:\WINDOWS\system32\Tasks\Avast Software => moved successfully

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat => moved successfully

 

"C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41" Folder move:

 

C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 => moved successfully

 

"C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c" Folder move:

 

C:\Windows\WinSxS\Fusion\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c => moved successfully

 

"C:\Windows\WinSxS\Fusion\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b" Folder move:

 

C:\Windows\WinSxS\Fusion\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b => moved successfully

 

"C:\Windows\WinSxS\Fusion\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86" Folder move:

 

C:\Windows\WinSxS\Fusion\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 => moved successfully

 

"C:\Windows\WinSxS\Fusion\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96" Folder move:

 

C:\Windows\WinSxS\Fusion\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 => moved successfully

 

"C:\Windows\WinSxS\Fusion\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580" Folder move:

 

C:\Windows\WinSxS\Fusion\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580 => moved successfully

 

"C:\Users\steve\AppData\Roaming\AVAST Software" Folder move:

 

C:\Users\steve\AppData\Roaming\AVAST Software => moved successfully

 

"C:\Users\Hannah\AppData\Local\AVAST Software" Folder move:

 

C:\Users\Hannah\AppData\Local\AVAST Software => moved successfully

 

"C:\Users\Gillian\AppData\Local\AVAST Software" Folder move:

 

C:\Users\Gillian\AppData\Local\AVAST Software => moved successfully

C:\ProgramData\Intel\ShaderCache\AvastBrowser_1 => moved successfully

 

"C:\ProgramData\AVAST Software" Folder move:

 

C:\ProgramData\AVAST Software => moved successfully

 

"C:\Windows.old\Windows\System32\Tasks_Migrated\Avast Software" Folder move:

 

C:\Windows.old\Windows\System32\Tasks_Migrated\Avast Software => moved successfully

 

"C:\Windows\System32\Tasks_Migrated\Avast Software" Folder move:

 

C:\Windows\System32\Tasks_Migrated\Avast Software => moved successfully

"C:\Windows\System32\Tasks\Avast Software" => not found

"C:\Users\steve\AppData\Roaming\AVAST Software" => not found

 

"C:\Users\steve\AppData\Local\AVAST Software" Folder move:

 

C:\Users\steve\AppData\Local\AVAST Software => moved successfully

"C:\Users\Hannah\AppData\Local\AVAST Software" => not found

"C:\Users\Gillian\AppData\Local\AVAST Software" => not found

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast => removed successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage => removed successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => removed successfully

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software" => removed successfully

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software => removed successfully

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => not found

HKEY_USERS\.DEFAULT\Software\AVAST Software => removed successfully

HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Avast Software => removed successfully

HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\AvastAdSDK => removed successfully

HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\AVAST Software => removed successfully

"HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_https"="0" => not found

"HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_http"="0" => not found

"HKEY_USERS\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastBrowserAutoLaunch_F18475C78DD17143880560FF0E37C17B"="0x020000000000000000000000" => not found

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe"="0x020000000000000000000000" => not found

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service => removed successfully

 

=========== EmptyTemp: ==========

 

FlushDNS => completed

BITS transfer queue => 786432 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35942852 B

Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B

Windows/system/drivers => 4651185 B

Edge => 0 B

Chrome => 348689172 B

Firefox => 0 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 651896 B

NetworkService => 653078 B

steve => 6438516 B

Hannah => 6438516 B

Gillian => 6438516 B

 

RecycleBin => 20088 B

EmptyTemp: => 391.7 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 17:58:19 ====

[DR M]

Please let me know if things remain the same.

 

Also, give me fresh FRST logs.