• Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

unwanted driver scans [Solved]

mij

Valued Donating Member
Joined
Aug 6, 2009
Messages
1,015
Location
East Sussex
Some Experience
Without thinking it through, I clicked on checking my drivers. I now get requests to scan/update when I am in the middle of something else. What do I need to do to get rid of them?
jim
 
Hi Jim - I was hoping Starbuck would have replied ......

Which specific driver software do you get pop-ups for?
 
Hi Jim,

Sorry for the delay ..... it's been a rough couple of days.

Because of the problems you are experiencing in the other thread, It's probably easier to deal with everything here.

Let's get a scan done of your system so that we can see what the problem is being caused by....

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on the downloaded icon and select Run As Administrator
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    YO62v3X.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


If you get the Windows Protected your PC message when installing FRST, follow these instructions....

T2fy5ew.png

Thanks
 
Last edited:
Thank you Starbuck for coming to my aid on this. It is a very loud and obnoxious add.
I hope I have done everything correctly.
Jim.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022 02
Ran by mijje (16-08-2022 08:34:18)
Running from C:\Users\mijje\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2022-04-12 10:54:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-68675055-564967560-4285980964-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-68675055-564967560-4285980964-503 - Limited - Disabled)
Guest (S-1-5-21-68675055-564967560-4285980964-501 - Limited - Disabled)
mijje (S-1-5-21-68675055-564967560-4285980964-1001 - Administrator - Enabled) => C:\Users\mijje
WDAGUtilityAccount (S-1-5-21-68675055-564967560-4285980964-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.14 - AnyDesk Software GmbH)
Apeaksoft Video Converter Ultimate 2.3.10 (HKLM-x32\...\{10F275CC-5C6B-4167-899F-7ECE71988402}_is1) (Version: 2.3.10 - Apeaksoft Studio)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 104.1.42.95 - Brave Software Inc)
Dynamic Application Loader Host Interface Service (HKLM\...\{5F54270D-753A-4210-8E92-12CEEEC17638}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Intel(R) Icls (HKLM\...\{82510056-8197-4D5E-9CD3-5C789D4281B9}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) OEM Extension (HKLM\...\{ADC4822C-C699-4A15-825C-367A7B02CE2A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{101CB0C6-E608-417E-95F7-726AC3226194}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{819a7466-271e-4830-83f6-aa4b5505bd7d}) (Version: 2004.4.0.1076 - Intel Corporation)
Intel(R) Trusted Execution Engine Driver (HKLM\...\{A521B884-5453-4368-9471-7503F91F1254}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) TXE Storage Proxy Driver (HKLM\...\{E558B5A3-CC28-45EA-8C7F-036C82B5BE0C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan)
Malwarebytes version 4.5.12.204 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.12.204 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{0BAED66D-86B5-45EA-8499-808BBA701AC7}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{B11021FE-D247-4EED-8B4C-05915FCD9F60}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.12 (HKLM-x32\...\{E9F3BF94-AA18-42B6-8B6D-245BBF585C8C}) (Version: 4.112.9809 - Apache Software Foundation)
Opera Stable 89.0.4447.83 (HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Opera 89.0.4447.83) (Version: 89.0.4447.83 - Opera Software)
PC HelpSoft Driver Updater v6.1.765 (HKLM-x32\...\PC HelpSoft Driver Updater_is1) (Version: 6.1.765 - PC HelpSoft)
PDFHub (HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\PDFHub) (Version: 1.0 - PDFHub)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
searchtoolshub (HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\searchtoolshub) (Version: 1.0 - searchtoolshub)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\ZoomUMX) (Version: 5.11.1 (6602) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2022-04-12] (Amazon.com)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2022-07-23] (Priceline Partner Network)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.34.1.0_x64__6rarf9sa4v8jt [2022-07-28] (Disney)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.17.0_x64__xbfy0k16fey96 [2022-07-23] (Dropbox Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.29.257.0_x64__v10z8vjag6ke6 [2022-07-23] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.2.0_x64__v10z8vjag6ke6 [2022-08-06] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-07-23] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_137.1.291.0_x64__v10z8vjag6ke6 [2022-07-12] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.19.52.0_x64__v10z8vjag6ke6 [2022-08-06] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2022-08-13] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-07-23] (INTEL CORP) [Startup Task]
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2022-07-23] (McAfee LLC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_6.52219.341.0_x64__v10z8vjag6ke6 [2022-07-23] (HP Inc.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-04-12] (Netflix, Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-04] (Spotify AB) [Startup Task]
The Solitaire -> C:\Program Files\WindowsApps\thesolitaire.com-5C91E068_1.0.0.0_neutral__2s6w969necew6 [2022-06-04] (thesolitaire.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{77CB610F-0C15-4CA8-A839-79C3AD7A400E}\InprocServer32 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\psuser_64.dll => No File
ContextMenuHandlers1: [ {8FB25AA2-8527-4BBC-8696-28B9D890066B}] -> {8FB25AA2-8527-4BBC-8696-28B9D890066B} => C:\Program Files\Common Files\Apeaksoft Studio\Apeaksoft Video Converter Ultimate Shell Extension.dll [2022-02-09] (Keysun Software Co.,Ltd -> Aiseesoft Studio)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-09] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-09] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=h9SrGnH7AiKGCvjPpsVbiYq%2fXTU1UAQrXEdsBNtubAq2rNX2GIzodSE3JE%2bh%2fKzvPsw23QNE49N%2bVYOMO7NzyCSShq9MXl1TQKO99mF6TNF%2bEd9IknGFUp%2fV%2b%2fEl%2brGllKg6P7wrTG3QnLMJGzZGAK9zOMBoyHhqtCd1oqtUGBg%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utomik - Play over 1000 games.lnk -> C:\Program Files (x86)\Online Services\Utomik\WizLink.exe () -> hxxps://www.utomik.com/hp_desktop

==================== Loaded Modules (Whitelisted) =============

2021-01-08 13:49 - 2021-01-08 13:49 - 008725504 _____ () [File not signed] C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t\WindowsShoppingApp.dll
2022-06-16 12:15 - 2022-06-16 12:15 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4a3769626565d5b38994a350ecd077f7\Interop.IWshRuntimeLibrary.ni.dll
2022-08-13 11:47 - 2022-08-13 11:47 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\289e5e61a3d9c4d1c153bab9e0a8ea20\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-03-31 07:47 - 2022-03-31 07:47 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2022-08-13 11:48 - 2022-08-13 11:48 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\efe163b558638e9fb242156e70bf6a2c\NAudio.ni.dll
2022-08-13 11:48 - 2022-08-13 11:48 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\560d954a3cb11a16e5bb702527d0ce6f\Newtonsoft.Json.ni.dll
2022-08-13 11:47 - 2022-08-13 11:47 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\c5f568d2836f9802ad9b9d337cc0c57a\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {41A8C7C3-EEE6-4AB3-B5CB-0C2F9F65498D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {41A8C7C3-EEE6-4AB3-B5CB-0C2F9F65498D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-68675055-564967560-4285980964-1001 -> {41A8C7C3-EEE6-4AB3-B5CB-0C2F9F65498D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-07-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-07-27] (HP Inc. -> HP Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-68675055-564967560-4285980964-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4F84F0EA-AED0-48A7-8FCF-F16E7B32D54F}] => (Allow) C:\Users\mijje\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{01DBBBA5-1D18-4BC9-985E-62D0CD2B83F1}] => (Allow) C:\Users\mijje\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{24CF4125-2E93-425C-93AD-3EA677994C55}] => (Allow) C:\Users\mijje\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3EA96598-6173-4657-81C0-C82979DCE902}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdblockerUltimateGUI.exe => No File
FirewallRules: [{9FE5078E-37E6-4931-B3BD-D0FFD8B52892}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe => No File
FirewallRules: [{918F7027-5B9E-4ECF-974B-5C0B1D2DE5B3}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe => No File
FirewallRules: [{D44BED33-7D82-491A-A7C9-568398FBA404}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F47585F3-8FCF-40F9-BC5F-69D59FC43427}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C9E4E3C-E101-4526-9522-0B9EA62CF7C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12894020-5F89-4F2D-A3A4-4FAF3561D4FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7FD6277B-DB08-40B2-B3D6-D1035CF12498}C:\users\mijje\appdata\local\programs\opera\86.0.4363.59_0\opera.exe] => (Block) C:\users\mijje\appdata\local\programs\opera\86.0.4363.59_0\opera.exe => No File
FirewallRules: [UDP Query User{EE078D53-48CE-400F-A133-258276673552}C:\users\mijje\appdata\local\programs\opera\86.0.4363.59_0\opera.exe] => (Block) C:\users\mijje\appdata\local\programs\opera\86.0.4363.59_0\opera.exe => No File
FirewallRules: [{32D16DB8-FC62-4273-BD5B-C6C6E1CDF68D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B806C4C-ED5A-44CC-9FFA-BC4A3709D44C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B3BB8BB-5CAF-4200-83A9-DB24C7DE76E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{361688C6-BCDF-4AAE-A199-A001F59851F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{35E4C5B2-1371-4BC8-B996-6E7EB6D8AEE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CED31B1-558A-41AF-9601-50DA067D7B36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1968D6B4-A8E5-4BEE-9B2E-48194F00C2D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74DE358A-D51B-4F1F-A5A8-8D50EA97C3FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8CE3AC35-8826-49FE-A48D-D9D87727B3B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DC55832-DF06-4809-96CD-E16051603332}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CAB01DA6-C5AE-44D7-A134-1F24D4E70E33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F728D7AF-E4ED-47C0-8F55-B2C86F2EC3C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D989336-5B73-405D-9715-FB5AE355775F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{09547822-173B-49D2-B672-3FF21B78306D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{41647895-4F79-498C-9BEF-92239DB6A892}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{0129D7E0-2234-48C3-94D4-E28293CBA771}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{CCA9A58F-7B22-4370-BA12-BFADB85D172D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{219CBC17-BF86-4F6D-993B-ADD7DFB3F935}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{F5B1781F-F65F-4FA6-98E1-F9BE5B59210C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{8EBD38FE-553A-4740-B436-9DFBD7091011}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{077FB038-599E-40F0-9D7D-6DE0F3B6B5B9}C:\users\mijje\appdata\local\programs\opera\opera.exe] => (Block) C:\users\mijje\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{D975AAB8-7F79-4A7A-915C-8B74E3118CB1}C:\users\mijje\appdata\local\programs\opera\opera.exe] => (Block) C:\users\mijje\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{EC9BDF01-1F5F-4C86-8491-656FCDC01DBE}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.43 GB) (Free:70.48 GB) (60%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/12/2022 08:04:42 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (08/15/2022 01:01:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NA46OO2)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.

Error: (08/12/2022 08:30:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P4W8RFN9M2T-AD2F1837.HPSystemEventUtility.

Error: (08/12/2022 07:45:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The RstMwService service terminated with the following error:
%%2684420176

Error: (08/12/2022 07:45:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ABUService service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/12/2022 01:24:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The RstMwService service terminated with the following error:
%%2684420176

Error: (08/12/2022 01:24:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ABUService service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/09/2022 10:19:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The RstMwService service terminated with the following error:
%%2684420176

Error: (08/09/2022 10:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ABUService service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2022-08-09 10:28:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-08 09:40:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-05 10:23:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-04 09:50:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-03 09:50:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-07-15 07:44:11
Description:
Microsoft Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000006
Resource: file:C:\Users\mijje\AppData\Roaming\Opera Software\Opera Stable\default_partner_content.json

CodeIntegrity:
===============
Date: 2022-08-16 08:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2022-08-16 08:17:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.32 01/20/2022
Motherboard: HP 86F0
Processor: Intel(R) Pentium(R) Silver J5040 CPU @ 2.00GHz
Percentage of memory in use: 89%
Total physical RAM: 3840.06 MB
Available physical RAM: 389.1 MB
Total Virtual: 11296.66 MB
Available Virtual: 6494.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.43 GB) (Free:70.48 GB) (Model: SAMSUNG MZNLH128HBHQ-000H1) NTFS
Drive d: (USB DISK) (Removable) (Total:59.51 GB) (Free:3.08 GB) FAT32

\\?\Volume{25a110ef-0bf4-4513-8237-ecb6a9e1cbef}\ (Windows RE tools) (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{7de9f505-3e29-4ded-8ebb-683f8c78cf61}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 5FFF6734)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 59.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=59.5 GB) - (Type=0C)

==================== End of Addition.txt =======================
 
Hi Jim,

That's just the addition.txt I also need the frst.txt, It'll be in the same location ( Desktop) as the addition.txt
When you post that I can start to sort it all out.

Thanks.
 
Sorry Starbuck but it's all double Dutch to me. I hovered over the file on the desk-top and chose copy. I wonder if that is right?
Jim

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022 02
Ran by mijje (administrator) on DESKTOP-NA46OO2 (HP HP All-in-One 22-df0xxx) (16-08-2022 08:32:52)
Running from C:\Users\mijje\OneDrive\Desktop
Loaded Profiles: mijje
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United Kingdom)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(csrss.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(csrss.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointGpuInfo.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\BridgeCommunication.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <10>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\mijje\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_931bbe844e2165dc\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_931bbe844e2165dc\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe <2>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-08-12] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Run: [Avast Browser] => C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\AvastBrowserUpdateCore.exe (No File)
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Run: [MicrosoftEdgeAutoLaunch_D93B6878C4BC79F7874F046FC01A569D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Run: [Opera Browser Assistant] => C:\Users\mijje\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4110832 2022-07-06] (Opera Norway AS -> Opera Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-08] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\104.1.42.95\Installer\chrmstp.exe [2022-08-15] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2022-05-18]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07CEC5E7-DB3D-4233-B2A6-C0D543A66F90} - System32\Tasks\AdBlocker Ultimate Updater => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateUpdater.exe hidden (No File) <==== ATTENTION
Task: {34401422-0A54-4317-9F59-54307033257F} - System32\Tasks\Opera scheduled assistant Autoupdate 1657635893 => C:\Users\mijje\AppData\Local\Programs\Opera\launcher.exe [2527216 2022-08-03] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\mijje\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {38E2C2FD-5E4B-482D-85F8-1BC9AF9F4B29} - System32\Tasks\GoogleUpdateTaskMachineCore{9FA1EF69-F917-4F85-9E71-DCA90AAD3DD5} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-17] (Google LLC -> Google LLC)
Task: {41EDDF57-C70D-44C7-8DD6-010AE7BBF2D9} - System32\Tasks\GoogleUpdateTaskMachineUA{C81FA7C6-F96A-4EAD-A1FA-F3F2DFBA09EC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-17] (Google LLC -> Google LLC)
Task: {424D4424-3464-494E-88BB-DB1496B16DCE} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe [3379808 2021-11-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5018136A-924E-44BB-B251-A693A804FBBC} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-05-11] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5EDB39B5-4BA3-416C-B6E7-355C540C63AF} - System32\Tasks\AdBlocker Ultimate Sync => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateGUI.exe /verify (No File) <==== ATTENTION
Task: {60C8B341-11FD-4C85-84AF-C9EE3BB6DF7C} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {72E18035-FEEB-460A-9AB9-AECF4A57285C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {92C2527D-4568-4C99-B024-AB40374F20D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2022-07-27] (HP Inc. -> HP Inc.)
Task: {92E2FA3E-D0B1-4381-BF8F-E0D7A2DFBC9D} - \HPAudioSwitch -> No File <==== ATTENTION
Task: {AB7ECA51-7E8A-49DB-99B3-378FDFB8A0B3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-05-11] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C57EBBC5-AAFE-4089-8FB8-449B6599F8C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149512 2022-07-27] (HP Inc. -> HP Inc.)
Task: {C6AC63B3-E6A2-4C83-A3AA-3FDA9923F78B} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {D5F0926E-9FB6-43DC-B6E0-09C0AF74EEA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149512 2022-07-27] (HP Inc. -> HP Inc.)
Task: {DC240388-C4E4-4D7E-B2D4-DEBCC904AED0} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E718D044-8F6E-48E7-953D-85D8F0FF19E2} - \OneDrive Standalone Update Task-S-1-5-21-2024600284-1515572505-3624664209-500 -> No File <==== ATTENTION
Task: {FB7C31A5-6854-45B0-B78E-4542465E4656} - System32\Tasks\Opera scheduled Autoupdate 1657635886 => C:\Users\mijje\AppData\Local\Programs\Opera\launcher.exe [2527216 2022-08-03] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{94d80f12-ab2e-416d-b937-c052f94b6329}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\mijje\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-16]
Edge Notifications: Default -> hxxps://lifeindigo.com; hxxps://www.buzzfond.com
Edge DefaultSearchURL: Default -> hxxps://find.searchtoolshub.com?2ba4e03bfc98ed613d9d865d7b57a55c=H1xAXFNGX1hbVVQNEQQwBw9cQ1pRR1heXVRKXFVCWltcVFQJDB0LUyknNy4nNikoW1FCW1FCLlY4VTopLyxdIClXQF9TRFlaXSJKXCdAV1opVw%253D%253D&q={searchTerms}
Edge DefaultSearchKeyword: Default -> find.searchtoolshub.com
Edge DefaultSuggestURL: Default -> hxxps://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02

FireFox:
========
FF DefaultProfile: q4wfjfd8.default
FF ProfilePath: C:\Users\mijje\AppData\Roaming\Mozilla\Firefox\Profiles\q4wfjfd8.default [2022-04-12]
FF ProfilePath: C:\Users\mijje\AppData\Roaming\Mozilla\Firefox\Profiles\9oi080y3.default-release-1652278107526 [2022-08-06]
FF Plugin HKU\S-1-5-21-68675055-564967560-4285980964-1001: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-68675055-564967560-4285980964-1001: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\mijje\AppData\Local\Google\Chrome\User Data\Default [2022-08-16]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (uBlock - free ad blocker) - C:\Users\mijje\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2022-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\mijje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mijje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-02]

Opera:
=======
OPR Profile: C:\Users\mijje\AppData\Roaming\Opera Software\Opera Stable [2022-08-16]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\mijje\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-07-12]
OPR Extension: (Opera Crypto Wallet) - C:\Users\mijje\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-07-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\mijje\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-05-11]

Brave:
=======
BRA Profile: C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-08-16]
BRA Notifications: Default -> hxxps://www.youtube.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
BRA DefaultSearchKeyword: Default -> duckduckgo.com
BRA DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (DuckDuckGo) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-08-10]
BRA Extension: (uBlock - free ad blocker) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2022-05-11]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-08-16]
BRA Extension: (Brave NTP background images) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-07-11]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-08-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-05-11]
BRA Extension: (Brave NTP sponsored images) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2022-08-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\mijje\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-08-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3853384 2022-08-12] (philandro Software GmbH -> AnyDesk Software GmbH)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-05-11] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-05-11] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [891256 2020-07-30] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe [770544 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe [762376 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointAnalyticsClientService.exe [489696 2022-05-26] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8680192 2022-08-09] (Malwarebytes Inc. -> Malwarebytes)
R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [224416 2020-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ABUService; C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe [X]
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\104.1.42.95\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-08-12] (Malwarebytes Inc. -> Malwarebytes)
R3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [222320 2020-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [96984 2020-04-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S1 adavoid; system32\drivers\adavoid.sys [X]
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-16 08:32 - 2022-08-16 08:33 - 000000000 ____D C:\FRST
2022-08-16 08:30 - 2022-08-16 08:30 - 002371072 _____ (Farbar) C:\Users\mijje\Downloads\FRST64.exe
2022-08-13 08:57 - 2022-08-13 08:57 - 000000000 ____D C:\Users\mijje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-08-12 19:45 - 2022-08-12 19:45 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-08-12 19:45 - 2022-08-12 19:45 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-08-12 19:45 - 2022-08-12 19:45 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-08-09 23:00 - 2022-08-09 23:00 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-09 23:00 - 2022-08-09 23:00 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-09 23:00 - 2022-08-09 23:00 - 000120704 _____ C:\Users\mijje\Downloads\Extras.Txt
2022-08-09 23:00 - 2022-08-09 23:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-09 23:00 - 2022-08-09 23:00 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-09 22:59 - 2022-08-09 22:59 - 000469692 _____ C:\Users\mijje\Downloads\OTL.Txt
2022-08-09 22:59 - 2022-08-09 22:59 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-09 22:59 - 2022-08-09 22:59 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-09 22:59 - 2022-08-09 22:59 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-09 22:59 - 2022-08-09 22:59 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-09 22:49 - 2022-08-09 22:49 - 000000000 ___HD C:\$WinREAgent
2022-08-09 22:36 - 2022-08-09 22:36 - 000601088 _____ (OldTimer Tools) C:\Users\mijje\Downloads\OTL.exe
2022-08-09 22:20 - 2022-08-09 22:21 - 000000000 ____D C:\Users\mijje\AppData\Local\CrashDumps
2022-08-09 22:12 - 2022-08-09 22:12 - 000000000 ____D C:\Users\mijje\AppData\Local\mbam
2022-08-09 22:11 - 2022-08-12 01:24 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-08-09 22:11 - 2022-08-09 22:11 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-08-09 22:11 - 2022-08-09 22:11 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-08-09 22:11 - 2022-08-09 22:10 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-08-09 22:11 - 2022-08-09 22:10 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-08-09 22:10 - 2022-08-09 22:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-08-09 22:10 - 2022-08-09 22:10 - 000000000 ____D C:\Program Files\Malwarebytes
2022-08-09 22:09 - 2022-08-09 22:09 - 002556344 _____ (Malwarebytes) C:\Users\mijje\Downloads\MBSetup-37335.37335-consumer.exe
2022-08-09 22:08 - 2022-08-09 22:08 - 002556344 _____ (Malwarebytes) C:\Users\mijje\Downloads\MBSetup-37335.37335.exe
2022-08-05 20:08 - 2022-08-05 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater
2022-08-05 19:52 - 2022-08-05 19:52 - 000000000 ____D C:\Users\mijje\OneDrive\Documents\FeedbackHub
2022-07-17 20:56 - 2022-08-08 23:02 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-17 20:56 - 2022-08-08 23:02 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-17 20:55 - 2022-07-17 20:55 - 001414600 _____ (Google LLC) C:\Users\mijje\Downloads\ChromeSetup (1).exe
2022-07-17 20:55 - 2022-07-17 20:55 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{C81FA7C6-F96A-4EAD-A1FA-F3F2DFBA09EC}
2022-07-17 20:55 - 2022-07-17 20:55 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{9FA1EF69-F917-4F85-9E71-DCA90AAD3DD5}

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-16 08:34 - 2022-04-12 20:20 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-16 08:32 - 2022-04-12 20:18 - 000000000 ____D C:\WINDOWS\INF
2022-08-16 08:03 - 2022-04-12 20:20 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-16 08:03 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-16 08:00 - 2022-04-12 12:30 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-16 07:57 - 2022-04-12 12:16 - 000000000 __SHD C:\Users\mijje\IntelGraphicsProfiles
2022-08-15 23:36 - 2022-04-12 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-15 21:01 - 2022-05-11 00:36 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-08-15 11:48 - 2022-04-12 12:19 - 000000000 ____D C:\Users\mijje\AppData\Local\D3DSCache
2022-08-15 10:55 - 2022-05-11 00:35 - 000003442 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2022-08-15 10:55 - 2022-05-11 00:35 - 000003318 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2022-08-13 08:57 - 2022-04-16 09:01 - 000000000 ____D C:\Users\mijje\AppData\Roaming\Zoom
2022-08-13 07:41 - 2022-04-12 11:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-12 19:52 - 2022-04-12 11:57 - 000820298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-12 19:45 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-12 19:45 - 2022-04-12 11:43 - 000574056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-12 19:45 - 2022-04-12 11:43 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-12 19:45 - 2022-04-12 11:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-12 19:45 - 2022-04-12 11:43 - 000000000 ____D C:\Intel
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-12 19:44 - 2022-04-12 20:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-12 19:44 - 2022-04-12 20:14 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-12 08:04 - 2022-05-18 13:26 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2022-08-10 18:52 - 2022-04-12 20:15 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-09 22:59 - 2022-04-12 11:45 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-09 22:49 - 2022-04-12 20:20 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-09 22:48 - 2022-04-13 07:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-09 22:46 - 2022-04-13 07:42 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-09 22:11 - 2022-04-12 20:20 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-06 01:38 - 2022-04-12 12:05 - 000000000 ____D C:\Users\mijje
2022-08-05 19:52 - 2022-04-12 13:14 - 000000000 ____D C:\Users\mijje\AppData\Local\ElevatedDiagnostics
2022-08-05 09:47 - 2022-07-12 15:24 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1657635886
2022-08-05 09:47 - 2022-07-12 15:24 - 000001408 _____ C:\Users\mijje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2022-08-03 23:00 - 2022-05-05 07:17 - 000000000 ____D C:\Program Files\Speccy
2022-07-27 08:53 - 2022-04-12 11:43 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-27 08:53 - 2022-04-12 11:43 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2022-07-05 00:32 - 2022-07-05 00:32 - 000000017 _____ () C:\Users\mijje\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

Last edited by a moderator:
That's fine Jim.
I copied the attachment and added it to your post ( makes reading it easier )
I'll go through the reports after I've had food.
Just a couple of questions before I start though.......
Where did all this come from?
2022-08-09 23:00 - 2022-08-09 23:00 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-09 23:00 - 2022-08-09 23:00 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-09 23:00 - 2022-08-09 23:00 - 000120704 _____ C:\Users\mijje\Downloads\Extras.Txt
2022-08-09 23:00 - 2022-08-09 23:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-09 23:00 - 2022-08-09 23:00 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-09 22:59 - 2022-08-09 22:59 - 000469692 _____ C:\Users\mijje\Downloads\OTL.Txt
2022-08-09 22:59 - 2022-08-09 22:59 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-09 22:59 - 2022-08-09 22:59 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-09 22:59 - 2022-08-09 22:59 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-09 22:59 - 2022-08-09 22:59 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-09 22:49 - 2022-08-09 22:49 - 000000000 ___HD C:\$WinREAgent
2022-08-09 22:36 - 2022-08-09 22:36 - 000601088 _____ (OldTimer Tools) C:\Users\mijje\Downloads\OTL.exe

We haven't used OTL in years and It's certainly not compatible with Win10.
Also, did you download and install ' AnyDesk '
 
Hi Jim,

Ok, a bit of work for you.
Just take it slow and if you have any questions, just ask.

Step 1

Please uninstall the following:

searchtoolshub

PC HelpSoft Driver Updater


Step 2


Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

same.png

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.
If the fix seems to stall part way through ... don't worry just leave it and it will finish.

HbL7sAI.png

The tool will make a log on the Desktop (Fixlog.txt).

Please post this in your next reply.


Step 3

As you have Malwarebytes installed, please run a scan.
Just start Malwarebytes
  • When Malwarebytes opens, click on the Scan button..
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine.
  • When complete, click on View Report
  • Select Export in the bottom left corner, and click Copy to clipboard.
  • Paste this report in your next post.

In your next reply, please submit:
Fixlog.txt ( from FRST )
Malwarebytes report
Also let me know if there's any problems with the system still.


Thanks.
 

Attachments

Thanks Starbuck, I have un-installed searchtoolshub and PC HelpSoft Driver Updater.
I hope I have the rest ok🤞.
I am unsure of the malwarebytes report as I did what you said and exported it's report but to where? It just disappeared. There was nothing to be quarantined. But it's on the clip board some where.
Ok let's see if I can paste the two that you need, Fixlog.txt (from FRST)

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022 02
Ran by mijje (16-08-2022 23:53:37) Run:1
Running from C:\Users\mijje\OneDrive\Desktop
Loaded Profiles: mijje
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-68675055-564967560-4285980964-1001\...\Run: [Avast Browser] => C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\AvastBrowserUpdateCore.exe (No File)
Task: {07CEC5E7-DB3D-4233-B2A6-C0D543A66F90} - System32\Tasks\AdBlocker Ultimate Updater => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateUpdater.exe hidden (No File) <==== ATTENTION
Task: {5EDB39B5-4BA3-416C-B6E7-355C540C63AF} - System32\Tasks\AdBlocker Ultimate Sync => C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateGUI.exe /verify (No File) <==== ATTENTION
Task: {6CBEF361-EE00-46F9-B3B8-D803788F07C8} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {92E2FA3E-D0B1-4381-BF8F-E0D7A2DFBC9D} - \HPAudioSwitch -> No File <==== ATTENTION
Task: {E718D044-8F6E-48E7-953D-85D8F0FF19E2} - \OneDrive Standalone Update Task-S-1-5-21-2024600284-1515572505-3624664209-500 -> No File <==== ATTENTION
Edge Notifications: Default -> hxxps://lifeindigo.com; hxxps://www.buzzfond.com
Edge DefaultSearchURL: Default -> hxxps://find.searchtoolshub.com?2ba4e03bfc98ed613d9d865d7b57a55c=H1xAXFNGX1hbVVQNEQQwBw9cQ1pRR1heXVRKXFVCWltcVFQJDB0LUyknNy4nNikoW1FCW1FCLlY4VTopLyxdIClXQF9TRFlaXSJKXCdAV1opVw%253D%253D&q={searchTerms}
Edge DefaultSearchKeyword: Default -> find.searchtoolshub.com
FF Plugin HKU\S-1-5-21-68675055-564967560-4285980964-1001: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-68675055-564967560-4285980964-1001: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [No File]
CustomCLSID: HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{77CB610F-0C15-4CA8-A839-79C3AD7A400E}\InprocServer32 -> C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\psuser_64.dll => No File
C:\Users\mijje\AppData\Local\AVAST Software
FirewallRules: [{3EA96598-6173-4657-81C0-C82979DCE902}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdblockerUltimateGUI.exe => No File
FirewallRules: [{9FE5078E-37E6-4931-B3BD-D0FFD8B52892}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe => No File
FirewallRules: [{918F7027-5B9E-4ECF-974B-5C0B1D2DE5B3}] => (Allow) C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe => No File
S2 ABUService; C:\Program Files\AdBlocker Ultimate\AdBlockerUltimateService.exe [X]
S1 adavoid; system32\drivers\adavoid.sys [X]
U3 aspnet_state; no ImagePath
2022-08-09 22:36 - 2022-08-09 22:36 - 000601088 _____ (OldTimer Tools) C:\Users\mijje\Downloads\OTL.exe
2022-08-09 22:59 - 2022-08-09 22:59 - 000469692 _____ C:\Users\mijje\Downloads\OTL.Txt
2022-08-09 23:00 - 2022-08-09 23:00 - 000120704 _____ C:\Users\mijje\Downloads\Extras.Txt
2022-08-05 20:08 - 2022-08-05 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater
*****************

Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-68675055-564967560-4285980964-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Avast Browser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07CEC5E7-DB3D-4233-B2A6-C0D543A66F90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07CEC5E7-DB3D-4233-B2A6-C0D543A66F90}" => removed successfully
C:\WINDOWS\System32\Tasks\AdBlocker Ultimate Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdBlocker Ultimate Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EDB39B5-4BA3-416C-B6E7-355C540C63AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EDB39B5-4BA3-416C-B6E7-355C540C63AF}" => removed successfully
C:\WINDOWS\System32\Tasks\AdBlocker Ultimate Sync => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdBlocker Ultimate Sync" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6CBEF361-EE00-46F9-B3B8-D803788F07C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CBEF361-EE00-46F9-B3B8-D803788F07C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\PostResetBoot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92E2FA3E-D0B1-4381-BF8F-E0D7A2DFBC9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92E2FA3E-D0B1-4381-BF8F-E0D7A2DFBC9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E718D044-8F6E-48E7-953D-85D8F0FF19E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E718D044-8F6E-48E7-953D-85D8F0FF19E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2024600284-1515572505-3624664209-500" => removed successfully
"Edge Notifications" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => removed successfully
HKU\S-1-5-21-68675055-564967560-4285980964-1001\Software\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=3 => removed successfully
"C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll" => not found
HKU\S-1-5-21-68675055-564967560-4285980964-1001\Software\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=9 => removed successfully
"C:\Users\mijje\AppData\Local\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll" => not found
HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663} => removed successfully
HKU\S-1-5-21-68675055-564967560-4285980964-1001_Classes\CLSID\{77CB610F-0C15-4CA8-A839-79C3AD7A400E} => removed successfully
"C:\Users\mijje\AppData\Local\AVAST Software" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EA96598-6173-4657-81C0-C82979DCE902}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FE5078E-37E6-4931-B3BD-D0FFD8B52892}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{918F7027-5B9E-4ECF-974B-5C0B1D2DE5B3}" => removed successfully
HKLM\System\CurrentControlSet\Services\ABUService => removed successfully
ABUService => service removed successfully
HKLM\System\CurrentControlSet\Services\adavoid => removed successfully
adavoid => service removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
aspnet_state => service removed successfully
C:\Users\mijje\Downloads\OTL.exe => moved successfully
C:\Users\mijje\Downloads\OTL.Txt => moved successfully
C:\Users\mijje\Downloads\Extras.Txt => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HelpSoft Driver Updater => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44433870 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 6416926 B
Edge => 0 B
Chrome => 465339449 B
Brave => 514266280 B
Firefox => 27282854 B
Opera => 38581141 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 47186 B
NetworkService => 403436 B
mijje => 22270259 B

RecycleBin => 4634 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:54:29 ====
 

Attachments

Last edited by a moderator:
Hi Jim,

The fix looks to have been successful :thumb:
I did what you said and exported it's report but to where? It just disappeared.
There was nothing to be quarantined. But it's on the clip board some where.
If the report is on the clipboard all you have to do is right click in your next post and select 'paste' .... that will add the report to the post.
As nothing was found it doesn't matter too much though.
How is the system running now ..... have the loud noises gone from Edge?
 
Thanks Starbuck. I haven't had any obnoxious adds since so yes, success! Solved!
Ok I will try to paste the clipboard------

no nothing there. Ah well do I run it again?
Jim.
 
Hi Jim,

I haven't had any obnoxious adds since so yes, success! Solved!
That's good to hear.

no nothing there. Ah well do I run it again?
There's no need, nothing was found any way and your problem has been solved.

To uninstall FRST and remove all its files, please do the following ...
  • Rename FRST64.exe to Uninstall.exe (by Right clicking on FRST64.exe icon and selecting rename)
  • Double click on Uninstall.exe to launch it.
  • Your computer will reboot, and on reboot will remove FRST and all its files.

As your system restore was turned off, I suggest that you manually turn it on .... it'll save a lot of trouble in the future if you ever need it.
I have a tutorial here that explains how to turn it on...


As always, any questions just shout out.
 
I have now done that and it was off!
Thanks again Starbuck, perhaps I will get less interruptions and no loud adds now.
Jim
 
Back
Top