Tech Support Guy banner
Cancel
Create thread New Forums

How can I get rid of Avast Secure Browser?

Jump to Latest
6.7K views 82 replies 4 participants last post by  DR M  
K
#1 ·
I'm looking for help finding a way to remove a security browser that I didn't install that appears to be infecting my computer. I'm finding many sites are being blocked by an Avast Security program. I haven't used Avast for many years...In fact, I'm not sure that the last time I used it, that it was on this computer. Nevertheless, when I try to access sites, I get this:
Image


I'm guessing that this is what's called Avast Secure Browser and it's a complete pain in the ass. I just want it gone. I tried Googling "How to remove Avast Secure Browser" and found a site describing the procedure that involved downloading a program called Avast Secure Browser Download. I downloaded it, have activated the "Run" mode, and it seems to start and then just stop....There's no indication that the uninstall program has finished. When I try to go to a site that was previously blocked, it's still blocked. I would really appreciate some advice on how to get rid of the Avast program, which I now regard as Malware. Thank you.


OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit, Build 7601, Installed 20120529081952.000000-420
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7, CPU Count: 4
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics
Hard Drives: C: 224 GB (170 GB Free);
Motherboard: Hewlett-Packard 1495, s/n 2UA2310V4Z
System: Hewlett-Packard, ver HPQOEM - 1072009, s/n 2UA2310V4Z
Antivirus: Microsoft Security Essentials, Enabled and Updated
Malwarebytes, Enabled and Updated
 
K
#82 ·
I have the brand new external hard drive that I bought when I originally intended to do the OS upgrade myself. The lady-friend who started the project got as far as creating a clone of the Windows 7 program before I ended up turning the job over to the service shop that did the upgrade. S, I actually have a brand new external copy of my Windows 7 program if it's needed.

I'm going to set anything further aside for now because I've developed a new issue that's fairly pressing for me. As it's browser-related, rather than a specific Windows 10 issue, I'll open a dedicated thread in the correct area of the forum. I may return to the remaining issues you mentioned after I've sorted out the browser issues.
 
#81 ·
I'm not sure I understood what the tech said.

The slowness disappearance proves that I had right about the disk. As soon as bad sectors appear, it is wise to replace the disk.

If you just kept the old disk as a backup, this is a major mistake.

If you have things you want to keep, then you should ask the technician to save them in a new external disk. Since the old disk is failing, you may wake up one morning and just can't access its content. So, if you haven't yet made a backup, please do that as soon as you can.

Something else:

I noticed that you are using the built-in Administrator account. This is a powerful account, and we shouldn't use it unless we are dealing with specific issues. So, I recommend you to create a new account with administrator privileges and copy there your data (documents, videos, music, pictures, destop etc.).

See Method 1 here, to add an account with admin privileges and do the data transfer there. When you finish, let me know, so I can guide you how to disable the built-in Administrator account.

Changing operating systems has really taken the joy out of something that used to be a major part of my life and I feel a lot of regret and wish I could take back the changes I've made.
Click to expand...
You were in a GREAT SECURITY RISK with Windows 7. Having said that, taking things back, should not be even a thought. You will get used of it, and day by day you will give your system the "personality" you would like. :)
 
K
#80 ·
I had the computer into the service shop yesterday and the disc was replaced with a new SSD. The speed problems are gone. As per the technician's instructions, I've put the original drive into storage as a backup in case the new drive fails. I expected to hear that the new SSD was the answer to any reliability issues, but the tech left me with the impression that SSD's were less than great (He said one failed solder joint and everything on the computer would be unrecoverable, so it was crucial to keep the original disc as a backup). In any case, speed no longer seems to be an issue.

I think at this point, I should say thanks, and consider my problems solved. I have to say though that I'm having major problems adapting to the new operating system. I've spent hours trying to do things that used to be so simple and often walk away from the computer in frustration. Changing operating systems has really taken the joy out of something that used to be a major part of my life and I feel a lot of regret and wish I could take back the changes I've made.
 
#79 ·
Kenneth,

Apologies for the delay. The C looks good. What about D?

Regardless the result, however, and considering the repairs done on the disk already as well as the issues you are dealing with, I recommend you to go for a disk replacement. Of course, a backup is necessary first. In case you don't want to replace the disk now and you can work on the computer, do the backup and run CrystalDiskInfo every day, to watch the disk's health. As soon as the result turns to yellow, then go for a replacement immediately.
 
#77 ·
It made an hour to restart, because there was a disk check in progress.

Although the last disk check shows no errors, the previous checks did find errors. Meaning that your disk started failing. I believe this is the cause of the slowness you are experiencing.

To have another opinion:
  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
  • Do that for C and D (actually all your disks) and take a screenshot of what you get each time.

In any case, please backup your data (documents, videos, photos, music etc.) now, if you haven't already done this.
 
K
#76 · (Edited)
Sorry it took so long to reply. When I tried to Restart the computer, it took about an hour.....It seemed to be going through a complete defragmentation (or at least that's what it appeared to be).
Here is the results you requested...
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 27/09/2023 2:10:43 PM >------
Category: 0
Computer Name: user-HP
Event Code: 1001
Record Number: 822
Source Name: Microsoft-Windows-Wininit
Time Written: 09-27-2023 @ 20:23:29
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
413440 file records processed.


File verification completed.
Phase duration (File record verification): 10.15 seconds.
6882 large file records processed.


Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.


Phase duration (Bad file record checking): 0.90 milliseconds.

Stage 2: Examining file name linkage ...
5067 reparse records processed.


603004 index entries processed.


Index verification completed.
Phase duration (Index verification): 1.17 minutes.
0 unindexed files scanned.


Phase duration (Orphan reconnection): 1.97 seconds.
0 unindexed files recovered to lost and found.


Phase duration (Orphan recovery to lost and found): 203.07 milliseconds.
5067 reparse records processed.


Phase duration (Reparse point and Object ID verification): 15.44 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 350 unused index entries from index $SII of file 0x9.
Cleaning up 350 unused index entries from index $SDH of file 0x9.
Cleaning up 350 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 121.52 milliseconds.
94783 data files processed.


Phase duration (Data attribute verification): 0.99 milliseconds.
CHKDSK is verifying Usn Journal...
34788160 USN bytes processed.


Usn Journal verification completed.
Phase duration (USN journal verification): 892.13 milliseconds.

Stage 4: Looking for bad clusters in user file data ...
413424 files processed.


File data verification completed.
Phase duration (User file recovery): 23.14 minutes.

Stage 5: Looking for bad, free clusters ...
45760098 free clusters processed.


Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.

Windows has scanned the file system and found no problems.
No further action is required.

234411552 KB total disk space.
50680068 KB in 253233 files.
165408 KB in 94784 indexes.
0 KB in bad sectors.
525684 KB in use by the system.
65536 KB occupied by the log file.
183040392 KB available on disk.

4096 bytes in each allocation unit.
58602888 total allocation units on disk.
45760098 allocation units available on disk.
Total duration: 24.54 minutes (1472801 ms).

Internal Info:
00 4f 06 00 79 4f 05 00 8e 9d 09 00 00 00 00 00 .O..yO..........
91 02 00 00 3a 11 00 00 00 00 00 00 00 00 00 00 ....:...........

-----------------------------------------------------------------------
Category: 0
Computer Name: user-HP
Event Code: 1001
Record Number: 552
Source Name: Microsoft-Windows-Wininit
Time Written: 09-26-2023 @ 04:41:36
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
356864 file records processed.


File verification completed.
Phase duration (File record verification): 9.05 seconds.
6505 large file records processed.


Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.


Phase duration (Bad file record checking): 0.91 milliseconds.

Stage 2: Examining file name linkage ...
1708 reparse records processed.


546132 index entries processed.


Index verification completed.
Phase duration (Index verification): 1.33 minutes.
0 unindexed files scanned.


Phase duration (Orphan reconnection): 1.64 seconds.
0 unindexed files recovered to lost and found.


Phase duration (Orphan recovery to lost and found): 819.06 milliseconds.
1708 reparse records processed.


Phase duration (Reparse point and Object ID verification): 7.97 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 1659 unused index entries from index $SII of file 0x9.
Cleaning up 1659 unused index entries from index $SDH of file 0x9.
Cleaning up 1659 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 107.13 milliseconds.
94635 data files processed.


Phase duration (Data attribute verification): 1.00 milliseconds.
CHKDSK is verifying Usn Journal...
37199352 USN bytes processed.


Usn Journal verification completed.
Phase duration (USN journal verification): 284.05 milliseconds.

Windows has scanned the file system and found no problems.
No further action is required.

234411552 KB total disk space.
50847344 KB in 255248 files.
166460 KB in 94636 indexes.
0 KB in bad sectors.
470416 KB in use by the system.
65536 KB occupied by the log file.
182927332 KB available on disk.

4096 bytes in each allocation unit.
58602888 total allocation units on disk.
45731833 allocation units available on disk.
Total duration: 1.53 minutes (92071 ms).

Internal Info:
00 72 05 00 c4 56 05 00 3a b3 09 00 00 00 00 00 .r...V..:.......
86 02 00 00 26 04 00 00 00 00 00 00 00 00 00 00 ....&...........

-----------------------------------------------------------------------
Category: 0
Computer Name: user-HP
Event Code: 26226
Record Number: 541
Source Name: Chkdsk
Time Written: 09-26-2023 @ 01:18:45
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume5
Volume label is One Touch.

Stage 1: Examining basic file system structure ...
512 file records processed.

File verification completed.
Phase duration (File record verification): 80.11 milliseconds.
0 large file records processed.

Phase duration (Orphan file record recovery): 0.04 milliseconds.
0 bad file records processed.

Phase duration (Bad file record checking): 0.01 milliseconds.

Stage 2: Examining file name linkage ...
562 index entries processed.

Index verification completed.
Phase duration (Index verification): 168.94 milliseconds.

Phase duration (Orphan reconnection): 0.09 milliseconds.

Phase duration (Orphan recovery to lost and found): 0.05 milliseconds.
0 reparse records processed.

0 reparse records processed.

Phase duration (Reparse point and Object ID verification): 0.05 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 23.24 milliseconds.
25 data files processed.

Phase duration (Data attribute verification): 0.01 milliseconds.
Windows has found problems that must be fixed offline.
Please run "chkdsk /f" to fix the issues.

1953513471 KB total disk space.
81374628 KB in 293 files.
208 KB in 27 indexes.
126083 KB in use by the system.
65536 KB occupied by the log file.
1872012552 KB available on disk.

4096 bytes in each allocation unit.
488378367 total allocation units on disk.
468003138 allocation units available on disk.
Total duration: 272.69 milliseconds (272 ms).

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

-----------------------------------------------------------------------
Category: 0
Computer Name: user-HP
Event Code: 26226
Record Number: 540
Source Name: Chkdsk
Time Written: 09-26-2023 @ 01:18:24
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume2
Volume label is OS.

Stage 1: Examining basic file system structure ...
356864 file records processed.

File verification completed.
Phase duration (File record verification): 10.12 seconds.
6505 large file records processed.

Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.

Phase duration (Bad file record checking): 0.01 milliseconds.

Stage 2: Examining file name linkage ...
1708 reparse records processed.

546308 index entries processed.

Index verification completed.
Phase duration (Index verification): 1.02 minutes.

Phase duration (Orphan reconnection): 0.00 milliseconds.

Found 4 lost files (...\components{2efb0208-9811-11eb-b338-24be05136ac1}.TxR.blf <0x333,0x19741>, ...); requesting reconnection to index "$I30" of directory "\Device\HarddiskVolume2\found.000"
was not able to send command for self-healing due to lack of memory.
Found lost file "\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\storage\default\moz-extension+++ecef3e79-0fb5-4e2a-94a9-c81b5a8ea288^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm <0xcd,0x22658>"; requesting reconnection to index "$I30" of directory "\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\storage\default\moz-extension+++ecef3e79-0fb5-4e2a-94a9-c81b5a8ea288^userContextId=4294967295\idb <0x1f5,0x196ab>"
was not able to send command for self-healing due to lack of memory.
Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
1708 reparse records processed.

Phase duration (Reparse point and Object ID verification): 6.93 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 54.45 milliseconds.
94723 data files processed.

Phase duration (Data attribute verification): 0.01 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and some were fixed online;
the remaining problems must be fixed offline.
Please run "chkdsk /f" to fix the issues.

234411552 KB total disk space.
50963084 KB in 255356 files.
166468 KB in 94726 indexes.
434064 KB in use by the system.
65536 KB occupied by the log file.
182847936 KB available on disk.

4096 bytes in each allocation unit.
58602888 total allocation units on disk.
45711984 allocation units available on disk.
Total duration: 1.24 minutes (74535 ms).

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file 364722~3.SQL (22658) into directory file 196AB.
Recovering orphaned file 3647222921wleabcEoxlt-eengsairo.sqlite-shm (22658) into directory file 196AB.
Recovering orphaned file 364722~3.SQL (22658) into directory file 196AB.
Recovering orphaned file 3647222921wleabcEoxlt-eengsairo.sqlite-shm (22658) into directory file 196AB.
1 unindexed files recovered to original directory.
CHKDSK is recovering remaining unindexed files.
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.
Lost and found is located at \found.000


Stage 3: Examining security descriptors ...

-----------------------------------------------------------------------
 
#75 ·
The biggest issue is how incredibly slow the computer is running.
Click to expand...
Using a new operating system can take time. But have in mind that Windows 10 is way far more good and secure than 7. What concerns me is that the above statement you made about slowness, is not something expected.

I would like you to check the disk, just in case.

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code: 
       chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.
 
K
#74 ·
I guess it's running okay, although I'm having a great deal of difficulty executing tasks that seemed very easy on W7. Screenshots and transferring photographs from my camera to my computer have been a major struggle. The biggest issue is how incredibly slow the computer is running. I'm taking it back to the computer shop on Friday to have it upgraded to an SSD drive which I'm told will help. In all honesty, I'm already feeling quite disillusioned with how problematic Windows 10 seems to be. I'm not quite ready to give up yet, but I'm considering my backup plan of going back to Windows 7. I was really happy with it, had no speed or operation problems, and my homeowner's insurance policy covers the problems caused by security breeches, so I'm not as afraid of W7 as most people. I'll get the SSD upgrade done, but I'm told there are no further upgrades possible with this computer, so I'm thinking that I might be better off with what I had, which I was really happy with.
 
#69 ·
Kenneth, there is a clip icon at the bottom of the reply area, which is the attachments button. When you click the clip, you will be able to attach the fixlog. By the way, you don't need to zip the files anymore. You can just attach the text file as it is.
 
K
#70 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by Administrator (27-09-2023 09:28:11) Run:6
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {6CE6A5F6-96B7-47CF-A129-4CDE6B32E5CA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {AFA212C1-4A95-4A1E-898A-0CD590116DE0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {ADA682EF-E974-43CE-B606-DDA981E19747} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {71003BBF-106D-4FAD-B581-8C616A876A55} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe -Daily (No File)
Task: {9695DE37-9381-4035-B6F8-6D87A95ACD84} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {D7E0CF17-06D5-44F2-B771-80EF50DB8F9A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {1611D121-7B64-40AF-BF38-1F74EB55E852} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {04348BDF-EBDA-4329-AFA1-9FBDC6263BF2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {89A17677-59F5-434B-9248-445146887D6A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {9AB9104D-D336-4C67-A7B3-19C1141932CA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {89FDCBD5-A671-4D46-8144-D14A191C0BA5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {73B79E09-060B-420C-9E07-6CB8A0FF35CB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {C4535B3A-90BA-4974-BEFC-60461E871949} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {DA8317C0-F9F6-4136-9D31-B55F53C08A4D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D9DBEA6A-3973-4C77-AA14-45BB43A0DDD9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {DBB2270E-8D38-4611-923A-54DAA084D826} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {F245C407-79D9-4F1C-9758-651D2E6B7731} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {C33A8D5A-9B4A-403C-9DAC-C74D6D66A849} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {218CA032-9F1C-4429-93AB-1B735E0F04AF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {35FA3322-1292-4DB0-B960-CBEF29046E4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {E03820A8-5DB7-4080-A9AF-094B3DDCACA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {B90B3A32-D90E-418B-9CF2-FBE32EEDC5A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {A7FCFDE0-7B73-4AB6-8391-388204C9EA76} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {71FA6689-4987-49CF-9E2D-C6D001032601} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {4D0FF355-5DFF-4978-B15D-94DD0B644C67} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {C1A30949-4D31-40E1-88D0-36EC23BD4F49} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {A8DADF29-6409-4ACD-BB62-B2ED483E1FC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {EC88C89E-13B5-4DFA-9CE0-D84B5DBF5F22} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {B5CD31AB-03D2-4055-B993-3F32CF3FD6BE} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {FA0E5323-44DC-46C1-823B-C485D20D222C} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {49EFF950-C080-45D4-BDDD-805C3F22ED3E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {16E5E50E-5053-4B32-A55A-D70DB7232EFD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Edge Extension: (Avira Safe Shopping) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-09-25]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
U3 idsvc; no ImagePath
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CE6A5F6-96B7-47CF-A129-4CDE6B32E5CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CE6A5F6-96B7-47CF-A129-4CDE6B32E5CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFA212C1-4A95-4A1E-898A-0CD590116DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFA212C1-4A95-4A1E-898A-0CD590116DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADA682EF-E974-43CE-B606-DDA981E19747}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA682EF-E974-43CE-B606-DDA981E19747}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71003BBF-106D-4FAD-B581-8C616A876A55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71003BBF-106D-4FAD-B581-8C616A876A55}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9695DE37-9381-4035-B6F8-6D87A95ACD84}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9695DE37-9381-4035-B6F8-6D87A95ACD84}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7E0CF17-06D5-44F2-B771-80EF50DB8F9A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7E0CF17-06D5-44F2-B771-80EF50DB8F9A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1611D121-7B64-40AF-BF38-1F74EB55E852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1611D121-7B64-40AF-BF38-1F74EB55E852}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04348BDF-EBDA-4329-AFA1-9FBDC6263BF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04348BDF-EBDA-4329-AFA1-9FBDC6263BF2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89A17677-59F5-434B-9248-445146887D6A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89A17677-59F5-434B-9248-445146887D6A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AB9104D-D336-4C67-A7B3-19C1141932CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AB9104D-D336-4C67-A7B3-19C1141932CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89FDCBD5-A671-4D46-8144-D14A191C0BA5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89FDCBD5-A671-4D46-8144-D14A191C0BA5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B79E09-060B-420C-9E07-6CB8A0FF35CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B79E09-060B-420C-9E07-6CB8A0FF35CB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4535B3A-90BA-4974-BEFC-60461E871949}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4535B3A-90BA-4974-BEFC-60461E871949}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA8317C0-F9F6-4136-9D31-B55F53C08A4D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA8317C0-F9F6-4136-9D31-B55F53C08A4D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9DBEA6A-3973-4C77-AA14-45BB43A0DDD9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9DBEA6A-3973-4C77-AA14-45BB43A0DDD9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBB2270E-8D38-4611-923A-54DAA084D826}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBB2270E-8D38-4611-923A-54DAA084D826}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F245C407-79D9-4F1C-9758-651D2E6B7731}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F245C407-79D9-4F1C-9758-651D2E6B7731}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C33A8D5A-9B4A-403C-9DAC-C74D6D66A849}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C33A8D5A-9B4A-403C-9DAC-C74D6D66A849}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{218CA032-9F1C-4429-93AB-1B735E0F04AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218CA032-9F1C-4429-93AB-1B735E0F04AF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35FA3322-1292-4DB0-B960-CBEF29046E4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FA3322-1292-4DB0-B960-CBEF29046E4C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E03820A8-5DB7-4080-A9AF-094B3DDCACA3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E03820A8-5DB7-4080-A9AF-094B3DDCACA3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B90B3A32-D90E-418B-9CF2-FBE32EEDC5A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B90B3A32-D90E-418B-9CF2-FBE32EEDC5A9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7FCFDE0-7B73-4AB6-8391-388204C9EA76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7FCFDE0-7B73-4AB6-8391-388204C9EA76}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71FA6689-4987-49CF-9E2D-C6D001032601}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71FA6689-4987-49CF-9E2D-C6D001032601}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D0FF355-5DFF-4978-B15D-94DD0B644C67}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D0FF355-5DFF-4978-B15D-94DD0B644C67}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A30949-4D31-40E1-88D0-36EC23BD4F49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A30949-4D31-40E1-88D0-36EC23BD4F49}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8DADF29-6409-4ACD-BB62-B2ED483E1FC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8DADF29-6409-4ACD-BB62-B2ED483E1FC3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC88C89E-13B5-4DFA-9CE0-D84B5DBF5F22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC88C89E-13B5-4DFA-9CE0-D84B5DBF5F22}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5CD31AB-03D2-4055-B993-3F32CF3FD6BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5CD31AB-03D2-4055-B993-3F32CF3FD6BE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA0E5323-44DC-46C1-823B-C485D20D222C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0E5323-44DC-46C1-823B-C485D20D222C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49EFF950-C080-45D4-BDDD-805C3F22ED3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49EFF950-C080-45D4-BDDD-805C3F22ED3E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16E5E50E-5053-4B32-A55A-D70DB7232EFD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16E5E50E-5053-4B32-A55A-D70DB7232EFD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
Edge Extension: (Avira Safe Shopping) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-09-25] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\emgfgdclgfeldebanedpihppahgngnle => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
"AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}" => removed successfully
"AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.3448


[== 3.8% ]

[== 3.8% ]

[== 3.9% ]

[== 4.1% ]

[== 4.2% ]

[== 4.5% ]

[== 4.6% ]

[== 4.7% ]

[== 4.8% ]

[== 4.8% ]

[== 5.0% ]

[== 5.1% ]

[=== 5.2% ]

[=== 5.4% ]

[=== 5.7% ]

[=== 5.9% ]

[=== 6.1% ]

[=== 6.3% ]

[=== 6.4% ]

[=== 6.6% ]

[=== 6.9% ]

[==== 7.0% ]

[==== 7.1% ]

[==== 7.2% ]

[==== 7.2% ]

[==== 7.5% ]

[==== 7.8% ]

[==== 7.8% ]

[==== 8.1% ]

[==== 8.3% ]

[==== 8.5% ]

[===== 8.8% ]

[===== 9.1% ]

[===== 9.2% ]

[===== 9.4% ]

[===== 9.7% ]

[===== 9.7% ]

[===== 10.0% ]

[===== 10.0% ]

[===== 10.3% ]

[====== 10.6% ]

[====== 10.8% ]

[====== 11.1% ]

[====== 11.3% ]

[====== 11.6% ]

[====== 11.8% ]

[======= 12.2% ]

[======= 12.4% ]

[======= 12.5% ]

[======= 12.8% ]

[======= 13.1% ]

[======= 13.4% ]

[======= 13.7% ]

[======== 14.0% ]

[======== 14.4% ]

[======== 14.6% ]

[======== 14.7% ]

[======== 14.9% ]

[======== 14.9% ]

[======== 15.1% ]

[======== 15.2% ]

[========= 15.5% ]

[========= 15.8% ]

[========= 16.2% ]

[========= 16.5% ]

[========= 16.8% ]

[========= 17.1% ]

[========== 17.3% ]

[========== 17.7% ]

[========== 17.9% ]

[========== 17.9% ]

[========== 18.2% ]

[========== 18.4% ]

[========== 18.5% ]

[========== 18.9% ]

[=========== 19.1% ]

[=========== 19.1% ]

[=========== 19.1% ]

[=========== 19.5% ]

[=========== 19.7% ]

[=========== 20.1% ]

[============ 21.1% ]

[============ 22.0% ]

[============= 22.5% ]

[============= 22.9% ]

[============= 23.3% ]

[============= 23.6% ]

[============== 24.3% ]

[============== 24.6% ]

[============== 25.3% ]

[=============== 26.1% ]

[=============== 26.6% ]

[=============== 26.8% ]

[=============== 27.1% ]

[=============== 27.5% ]

[=============== 27.5% ]

[================ 27.7% ]

[================ 27.9% ]

[================ 28.2% ]

[================ 28.5% ]

[================ 28.8% ]

[================ 28.8% ]

[================ 28.9% ]

[================ 28.9% ]

[================ 29.0% ]

[================ 29.1% ]

[================ 29.3% ]

[================= 29.4% ]

[================= 29.6% ]

[================= 30.0% ]

[================= 30.3% ]

[================= 30.6% ]

[================= 31.0% ]

[================== 31.2% ]

[================== 31.4% ]

[================== 31.8% ]

[================== 32.2% ]

[================== 32.5% ]

[=================== 32.9% ]

[=================== 33.1% ]

[=================== 33.1% ]

[=================== 33.5% ]

[=================== 33.9% ]

[=================== 34.3% ]

[==================== 34.6% ]

[==================== 34.8% ]

[==================== 34.8% ]

[==================== 34.9% ]

[==================== 35.0% ]

[==================== 35.2% ]

[==================== 35.5% ]

[==================== 35.6% ]

[==================== 35.9% ]

[==================== 35.9% ]

[==================== 36.0% ]

[===================== 36.2% ]

[===================== 36.4% ]

[===================== 36.5% ]

[===================== 36.6% ]

[===================== 36.7% ]

[===================== 36.8% ]

[===================== 36.9% ]

[===================== 37.0% ]

[===================== 37.1% ]

[===================== 37.4% ]

[===================== 37.6% ]

[===================== 37.7% ]

[===================== 37.8% ]

[====================== 38.0% ]

[====================== 38.1% ]

[====================== 38.1% ]

[====================== 38.2% ]

[====================== 38.3% ]

[====================== 38.3% ]

[====================== 38.3% ]

[====================== 38.5% ]

[====================== 38.6% ]

[====================== 38.6% ]

[====================== 38.7% ]

[====================== 38.9% ]

[====================== 39.3% ]

[====================== 39.4% ]

[====================== 39.5% ]

[====================== 39.5% ]

[====================== 39.5% ]

[====================== 39.6% ]

[======================= 39.7% ]

[======================= 39.8% ]

[======================= 39.8% ]

[======================= 40.1% ]

[======================= 40.2% ]

[======================= 40.3% ]

[======================= 40.4% ]

[======================= 40.5% ]

[======================= 40.6% ]

[======================= 40.8% ]

[======================= 40.8% ]

[======================= 40.9% ]

[======================= 41.0% ]

[======================= 41.1% ]

[======================= 41.4% ]

[======================= 41.4% ]

[======================== 41.6% ]

[======================== 41.7% ]

[======================== 41.8% ]

[======================== 41.9% ]

[======================== 42.0% ]

[======================== 42.1% ]

[======================== 42.3% ]

[======================== 42.4% ]

[======================== 42.5% ]

[======================== 42.6% ]

[======================== 42.6% ]

[======================== 42.7% ]

[======================== 42.7% ]

[======================== 42.8% ]

[======================== 42.8% ]

[======================== 42.9% ]

[======================== 42.9% ]

[======================== 42.9% ]

[======================== 43.0% ]

[======================== 43.0% ]

[======================== 43.1% ]

[======================== 43.1% ]

[========================= 43.2% ]

[========================= 43.2% ]

[========================= 43.2% ]

[========================= 43.2% ]

[========================= 43.3% ]

[========================= 43.3% ]

[========================= 43.5% ]

[========================= 43.5% ]

[========================= 43.5% ]

[========================= 43.7% ]

[========================= 43.8% ]

[========================= 43.8% ]

[========================= 43.9% ]

[========================= 44.0% ]

[========================= 44.0% ]

[========================= 44.1% ]

[========================= 44.2% ]

[========================= 44.3% ]

[========================= 44.3% ]

[========================= 44.5% ]

[========================= 44.7% ]

[========================= 44.7% ]

[========================= 44.8% ]

[========================== 44.8% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.2% ]

[========================== 45.3% ]

[========================== 45.4% ]

[========================== 45.5% ]

[========================== 45.6% ]

[========================== 45.6% ]

[========================== 45.7% ]

[========================== 45.7% ]

[========================== 45.7% ]

[========================== 45.9% ]

[========================== 45.9% ]

[========================== 46.0% ]

[========================== 46.0% ]

[========================== 46.1% ]

[========================== 46.3% ]

[========================== 46.3% ]

[========================== 46.3% ]

[========================== 46.4% ]

[===========================46.6% ]

[===========================46.6% ]

[===========================46.8% ]

[===========================46.9% ]

[===========================46.9% ]

[===========================46.9% ]

[===========================47.0% ]

[===========================47.2% ]

[===========================47.4% ]

[===========================47.5% ]

[===========================47.5% ]

[===========================47.6% ]

[===========================47.8% ]

[===========================47.9% ]

[===========================48.2% ]

[===========================48.5% ]

[===========================48.7% ]

[===========================48.8% ]

[===========================49.1% ]

[===========================49.4% ]

[===========================49.9% ]

[===========================50.4% ]

[===========================50.7% ]

[===========================51.1% ]

[===========================51.4% ]

[===========================51.6% ]

[===========================51.8% ]

[===========================52.1% ]

[===========================52.2% ]

[===========================52.3% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.3% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.5% ]

[===========================53.5% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.6% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================53.9% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.1% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.4% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.6% ]

[===========================55.6% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.7% ]

[===========================55.9% ]

[===========================56.1% ]

[===========================56.4% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================56.8% ]

[===========================57.0%= ]

[===========================57.1%= ]

[===========================57.1%= ]

[===========================57.1%= ]

[===========================57.3%= ]

[===========================57.6%= ]

[===========================57.7%= ]

[===========================57.7%= ]

[===========================58.7%== ]

[===========================59.5%== ]

[===========================59.6%== ]

[===========================59.9%== ]

[===========================60.1%== ]

[===========================62.3%==== ]

[===========================77.4%============ ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36911012 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 5335542 B
Edge => 0 B
Chrome => 0 B
Vivaldi => 0 B
Firefox => 1175101604 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1176 B
user => 1176 B
Administrator => 183219782 B

RecycleBin => 373177058 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:12:18 ====
 
#66 ·
OK, this is OK. It shows that the license is a Retail one.

Let's continue from here:

FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Task: {6CE6A5F6-96B7-47CF-A129-4CDE6B32E5CA} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {AFA212C1-4A95-4A1E-898A-0CD590116DE0} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {ADA682EF-E974-43CE-B606-DDA981E19747} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => %windir%\system32\sipnotify.exe  -LogonOrUnlock (No File)
Task: {71003BBF-106D-4FAD-B581-8C616A876A55} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => %windir%\system32\sipnotify.exe  -Daily (No File)
Task: {9695DE37-9381-4035-B6F8-6D87A95ACD84} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {D7E0CF17-06D5-44F2-B771-80EF50DB8F9A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {1611D121-7B64-40AF-BF38-1F74EB55E852} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {04348BDF-EBDA-4329-AFA1-9FBDC6263BF2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {89A17677-59F5-434B-9248-445146887D6A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {9AB9104D-D336-4C67-A7B3-19C1141932CA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {89FDCBD5-A671-4D46-8144-D14A191C0BA5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {73B79E09-060B-420C-9E07-6CB8A0FF35CB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {C4535B3A-90BA-4974-BEFC-60461E871949} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {DA8317C0-F9F6-4136-9D31-B55F53C08A4D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {D9DBEA6A-3973-4C77-AA14-45BB43A0DDD9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {DBB2270E-8D38-4611-923A-54DAA084D826} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {F245C407-79D9-4F1C-9758-651D2E6B7731} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {C33A8D5A-9B4A-403C-9DAC-C74D6D66A849} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {218CA032-9F1C-4429-93AB-1B735E0F04AF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {35FA3322-1292-4DB0-B960-CBEF29046E4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {E03820A8-5DB7-4080-A9AF-094B3DDCACA3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {B90B3A32-D90E-418B-9CF2-FBE32EEDC5A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {A7FCFDE0-7B73-4AB6-8391-388204C9EA76} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {71FA6689-4987-49CF-9E2D-C6D001032601} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {4D0FF355-5DFF-4978-B15D-94DD0B644C67} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {C1A30949-4D31-40E1-88D0-36EC23BD4F49} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {A8DADF29-6409-4ACD-BB62-B2ED483E1FC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
Task: {EC88C89E-13B5-4DFA-9CE0-D84B5DBF5F22} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {B5CD31AB-03D2-4055-B993-3F32CF3FD6BE} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {FA0E5323-44DC-46C1-823B-C485D20D222C} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {49EFF950-C080-45D4-BDDD-805C3F22ED3E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {16E5E50E-5053-4B32-A55A-D70DB7232EFD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Edge Extension: (Avira Safe Shopping) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-09-25]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
U3 idsvc; no ImagePath
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
 
K
#63 ·
Sorry, having an issue doing this. I know how to take a screenshot, paste it to paint, and add to pictures, but I can't seem to get it to display to be able to add it to reply. This new OS is very different from Windows 7. Do you just want the licensing information? I can type that into my reply.
 
#62 ·
Hi, Keneth.

Before make some tidiness, I would like to check something:
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
Code: 
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply.
 
#60 ·
Hi, Kenneth.

I would like to see some logs now, so I can understand better how the system runs.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
K
#59 ·
I got my upgrade to Windows 10 done today. I just finished hooking the computer up again. In a lot of respects, it's fairly easy to operate because I had them use Firefox as the browser. However, I'm really, really dissatisfied with the speed of this thing now......It was quite fast on Windows 7, but it's turned into an absolute turd speed-wise since it was upgraded to W10. I'm wondering if there are things I can strip out that I'll never use, such as the Edge browser, gaming modes, etc.
 
#58 ·
OK as you wish
It really is rather simple and most people have achieved it with the guide I sent that is full of images concerning the process and a few pointers from me, but it is certainly easier if you have a means of using the site on another computer, tablet or phone whilst the 7 is updating
I wish you the best of luck with it and hope all goes well
 
Save
Reply Quote Like Like
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking