How can I temporarily disable anti-virus?

Macboatmaster

Trusted Advisor
Spam Fighter
Joined
Jan 14, 2010
Messages
24,793
DR. M
Thank you for taking the thread for me.

kenneth7379

I asked my colleague DR.M to have a look for you, as having seen TotalAV - which is often acquired when downloading free software, unless it is installed intentionally as the TotalAV from the link I sent, which you say it was not, I thought you would be best served with the help of an expert in Malware/Adware etc, which I am not and I am not allowed to use the tools that DR.M can, as this requires specialist qualifications in Malware and Virsu removal.

IF the problem is not solved by my colleague afer he has declared your system clean, then I will resume, to assist you with the topic being moved back toi the Windows 7 forum
 
Last edited:

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
Regarding your first question.....I'm okay with the system being Avast instead of Avira.


I have moved the FRST download to Desktop.

Followed instructions to do FRST Fix and the results are posted below

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2021
Ran by Administrator (13-09-2021 12:41:16) Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
DriverUpdate (HKLM\...\{4839D0D2-24F2-47F6-B050-8A4C3C38EE36}) (Version: 5.8.13 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
Hewlett-Packard ACLM.NET v1.1.1.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4024106872-1649823565-1726780474-500 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
FirewallRules: [{F5E88B39-61E0-422A-AF67-3444132C44B7}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{105F89E6-8FD7-4B87-B1D5-0DDA8C219F94}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{A44ECA1F-7F4F-40A7-95DC-D62F04EDF94D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\...\Run: [] => [X]
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\...\MountPoints2: {13bc5530-1b30-11e9-80e8-24be05136ac1} - E:\SISetup.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {921BA14C-57DA-456A-A4AE-8325DAD50050} - System32\Tasks\Driver Support One Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [39448 2020-12-01] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [86880 2020-05-29] (Protected Antivirus Limited -> Windows (R) Win 7 DDK provider) <==== ATTENTION
S3 cpuz136; \??\C:\Users\ADMINI~2\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
2021-09-11 08:46 - 2020-01-31 15:37 - 000000000 ____D C:\Program Files (x86)\Avira
2021-09-10 17:04 - 2020-01-31 15:37 - 000000000 ____D C:\ProgramData\Avira
Task: {180DC784-261B-41AF-830D-4D530077B5CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {209483A1-B789-4D8B-9BA5-DDC6544B04D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [743224 2013-02-19] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {3E4D9914-95FB-4D25-BA8B-3A5CFEBAAAC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {519975F2-F2DC-4208-A909-1FA39C07D475} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {9A6DBA64-866F-4F0C-A84D-CC1096582936} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [743224 2013-02-19] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {B2F32E07-EFDB-4A18-A7BA-4254A0ADCE78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {D410435F-D194-4E89-A1F5-12A40EDCD24C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe
C:\Program Files (x86)\Driver Support One\DSOne.exe
C:\Windows\System32\DRIVERS\phantomtap.sys
C:\Windows\System32\drivers\webshieldfilter.sys
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework
C:\ProgramData\Hewlett-Packard\HP Support Framework
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4839D0D2-24F2-47F6-B050-8A4C3C38EE36}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\\SystemComponent" => removed successfully
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\ucrtbase.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL" => Symbolic linkcould not remove.
Symbolic link found: "C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll" => "C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\vcruntime140.dll"
"C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll" => Symbolic linkcould not remove.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5E88B39-61E0-422A-AF67-3444132C44B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{105F89E6-8FD7-4B87-B1D5-0DDA8C219F94}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A44ECA1F-7F4F-40A7-95DC-D62F04EDF94D}" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-4024106872-1649823565-1726780474-500\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13bc5530-1b30-11e9-80e8-24be05136ac1} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{921BA14C-57DA-456A-A4AE-8325DAD50050}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{921BA14C-57DA-456A-A4AE-8325DAD50050}" => removed successfully
C:\Windows\System32\Tasks\Driver Support One Agent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support One Agent" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\System\CurrentControlSet\Services\HP Support Assistant Service => removed successfully
HP Support Assistant Service => service removed successfully
HKLM\System\CurrentControlSet\Services\hpqwmiex => removed successfully
hpqwmiex => service removed successfully
HKLM\System\CurrentControlSet\Services\phantomtap => removed successfully
phantomtap => service removed successfully
webshieldfilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\webshieldfilter => removed successfully
webshieldfilter => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz136 => removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => removed successfully
IntcAzAudAddService => service removed successfully
C:\Program Files (x86)\Avira => moved successfully
C:\ProgramData\Avira => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{180DC784-261B-41AF-830D-4D530077B5CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{180DC784-261B-41AF-830D-4D530077B5CF}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209483A1-B789-4D8B-9BA5-DDC6544B04D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209483A1-B789-4D8B-9BA5-DDC6544B04D1}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E4D9914-95FB-4D25-BA8B-3A5CFEBAAAC8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4D9914-95FB-4D25-BA8B-3A5CFEBAAAC8}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Tuneup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{519975F2-F2DC-4208-A909-1FA39C07D475}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519975F2-F2DC-4208-A909-1FA39C07D475}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A6DBA64-866F-4F0C-A84D-CC1096582936}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A6DBA64-866F-4F0C-A84D-CC1096582936}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Update Check" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2F32E07-EFDB-4A18-A7BA-4254A0ADCE78}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F32E07-EFDB-4A18-A7BA-4254A0ADCE78}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D410435F-D194-4E89-A1F5-12A40EDCD24C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D410435F-D194-4E89-A1F5-12A40EDCD24C}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" => removed successfully
"C:\Program Files (x86)\Driver Support One\DSOne.exe" => not found
C:\Windows\System32\DRIVERS\phantomtap.sys => moved successfully
C:\Windows\System32\drivers\webshieldfilter.sys => moved successfully
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework => moved successfully
C:\ProgramData\Hewlett-Packard\HP Support Framework => moved successfully
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll => moved successfully
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => moved successfully
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7040173 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 200881516 B
Edge => 0 B
Chrome => 1020 B
Vivaldi => 13115133 B
Firefox => 193993468 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42326619 B
systemprofile32 => 42392975 B
LocalService => 42509368 B
NetworkService => 42510616 B
user => 42577702 B
Administrator => 118106218 B

RecycleBin => 17489556 B
EmptyTemp: => 735.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:41:58 ====
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Hi, Kenneth.

Avast can be "very persistent" when you want to remove it and the lines I included in the fix regarding it (even zero files) didn't get moved. We are letting them there.

I would like to run Malwarebytes (although you said that you already did that) with the settings I'll geve you and then, once more, AdwCleaner.

1. Run AdwCleaner (Scan mode)
  • Double click AdwCleaner.exe to run it, as you did before.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
I have run AdwCleaner as requested. Below the results of the SO Log Scan

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-13-2021
# Duration: 00:00:07
# OS: Windows 7 Professional
# Scanned: 31997
# Detected: 28


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Program Files (x86)\TotalAV
PUP.Optional.Legacy C:\ProgramData\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.Reimage HKLM\Software\Reimage
PUP.Optional.TotalAV HKLM\SOFTWARE\Classes\*\shell\TotalAV
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav
PUP.Optional.TotalAV HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForAdministrator
Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Preinstalled.HPHealthCheck Registry HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|NCPluginUpdater
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPOdometer Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP ODOMETER
Preinstalled.HPOdometer Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B8AC1A89-FFD1-4F97-8051-E505A160F562}
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Preinstalled.HPSupportAssistant Folder C:\Users\Administrator\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Administrator\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}


AdwCleaner[S00].txt - [4505 octets] - [12/09/2021 15:13:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

I ran Malwarebytes with the settings requested. There were no threats detected, but I could not find a way to copy the results here.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Thank you, Kenneth.

It’s OK with Malwarebytes.

Let's continue. Note that it is midnight here, so this is my last post to you for today. I will be back to you tomorrow.

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. I also recommend you to remove everything there.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.


In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, Addition and FRST.
 

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
Here is the AdwCleaner latest clean log

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-13-2021
# Duration: 00:00:03
# OS: Windows 7 Professional
# Cleaned: 28
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\TotalAV
Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Classes\*\shell\TotalAV
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Reimage
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForAdministrator
Deleted Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Deleted Preinstalled.HPHealthCheck Registry HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|NCPluginUpdater
Deleted Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted Preinstalled.HPOdometer Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP ODOMETER
Deleted Preinstalled.HPOdometer Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B8AC1A89-FFD1-4F97-8051-E505A160F562}
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Administrator\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Administrator\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}


AdwCleaner[S00].txt - [4505 octets] - [12/09/2021 15:13:50]
AdwCleaner[S01].txt - [4291 octets] - [13/09/2021 13:19:04]
AdwCleaner[S02].txt - [4352 octets] - [13/09/2021 13:56:42]
AdwCleaner[S03].txt - [4413 octets] - [13/09/2021 13:59:40]
AdwCleaner[S04].txt - [4474 octets] - [13/09/2021 14:01:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

I ran FRST again. The fresh FRST logs are posted below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2021
Ran by Administrator (administrator) on USER-HP (Hewlett-Packard HP Compaq 8200 Elite SFF PC) (13-09-2021 14:17:54)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_8.3.0(2).exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [124184 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-07-23] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [509952 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1338368 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6917A6-6CB0-45B5-8D40-CCF5DEB377EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {7B2C27BC-648D-4C0A-9CD3-44D92D94E0AE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-10] (Avast Software s.r.o. -> Avast Software)
Task: {A90D2986-B9AA-409A-9C6A-E6659CE077BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-10] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.160.15 64.59.161.69
Tcpip\..\Interfaces\{DA268DF5-4E96-4DE9-A335-3C17747F081B}: [DhcpNameServer] 64.59.160.15 64.59.161.69

FireFox:
========
FF DefaultProfile: 0it5wmdg.default-1631463861643
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643 [2021-09-13]
FF Homepage: Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643 -> hxxps://www.google.com/?gws_rd=ssl
FF Session Restore: Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\@contain-facebook.xpi [2021-09-12]
FF Extension: (web.skype.com for Firefox) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\firefox-web-skype@phts.xpi [2021-09-12]
FF Extension: (clean-facebook) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2021-09-12]
FF Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\wrc@avast.com.xpi [2021-09-12]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-13]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-12]
FF Extension: (JustAnswer) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0it5wmdg.default-1631463861643\Extensions\{db22bb66-069e-4148-83cf-3fb2676118ba}.xpi [2021-09-12]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-23] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Vivaldi:
=======
VIV Profile: C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default [2021-09-13]
VIV Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-09-10]
VIV Extension: (Malwarebytes Browser Guard) - C:\Users\Administrator\AppData\Local\Vivaldi\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-02] (Malwarebytes Inc -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35712 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221584 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367632 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250384 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184120 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538464 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2021-09-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107840 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [553496 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-09-10] (Avast Software s.r.o. -> AVAST Software)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel Corporation -> Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel Corporation -> Intel(R) Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-07-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-22] (Malwarebytes Inc -> Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-13 14:17 - 2021-09-13 14:18 - 000012208 _____ C:\Users\Administrator\Desktop\FRST.txt
2021-09-13 13:55 - 2021-09-12 15:05 - 008553680 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_8.3.0(2).exe
2021-09-13 13:50 - 2021-09-13 13:52 - 000019992 _____ C:\Users\Administrator\Downloads\FRST.txt
2021-09-13 12:24 - 2021-09-13 12:42 - 000022444 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2021-09-13 12:21 - 2021-09-13 10:15 - 002303488 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2021-09-13 10:20 - 2021-09-13 13:52 - 000023122 _____ C:\Users\Administrator\Downloads\Addition.txt
2021-09-13 10:16 - 2021-09-13 14:18 - 000000000 ____D C:\FRST
2021-09-13 10:15 - 2021-09-13 10:15 - 002303488 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2021-09-12 21:22 - 2021-09-12 12:47 - 017226844 _____ C:\Users\Administrator\Documents\COMPUTER.pdf
2021-09-12 15:08 - 2021-09-13 14:02 - 000000000 ____D C:\AdwCleaner
2021-09-12 15:04 - 2021-09-12 15:05 - 008553680 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_8.3.0(2).exe
2021-09-12 12:47 - 2021-09-12 12:47 - 017226844 _____ C:\Users\Administrator\Downloads\c04224518.pdf
2021-09-12 08:17 - 2021-09-12 09:24 - 000000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2021-09-10 15:32 - 2021-09-13 06:56 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-09-10 15:32 - 2021-09-11 22:36 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Avast Software
2021-09-10 15:32 - 2021-09-11 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2021-09-10 15:32 - 2021-09-11 08:48 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-09-10 15:32 - 2021-09-10 15:32 - 000002077 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-09-10 15:31 - 2021-09-12 06:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-10 15:31 - 2021-09-11 22:36 - 000000000 ____D C:\Program Files\Avast Software
2021-09-10 15:31 - 2021-09-10 15:32 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000553496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000538464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000367632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-09-10 15:31 - 2021-09-10 15:31 - 000250384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000221584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000184120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000107840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2021-09-10 15:31 - 2021-09-10 15:31 - 000035712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-09-10 15:02 - 2021-09-10 15:02 - 000000926 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-10 14:59 - 2021-09-10 15:01 - 000000527 _____ C:\Users\Administrator\.vivaldi_reporting_data
2021-09-10 14:58 - 2021-09-10 15:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\Vivaldi
2021-09-10 14:20 - 2021-09-10 14:43 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-13 14:13 - 2009-07-13 21:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-09-13 14:13 - 2009-07-13 21:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-09-13 14:12 - 2019-02-05 05:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-13 14:11 - 2019-01-14 19:40 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2021-09-13 14:06 - 2019-01-16 12:20 - 000000000 ____D C:\ProgramData\AVAST Software
2021-09-13 14:05 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-13 14:02 - 2014-05-09 10:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2021-09-13 14:02 - 2014-05-09 10:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2021-09-13 14:02 - 2012-05-29 08:21 - 000000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard
2021-09-13 14:02 - 2011-10-01 05:27 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-09-13 14:02 - 2011-08-24 11:24 - 000000000 _RSHD C:\hp
2021-09-13 12:41 - 2019-11-21 21:46 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Temp
2021-09-13 12:41 - 2011-10-01 05:28 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-09-13 06:56 - 2020-01-03 11:41 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-12 21:34 - 2019-01-31 23:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\AVAST Software
2021-09-12 21:10 - 2020-12-18 13:30 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-09-12 13:50 - 2021-07-06 18:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2021-09-11 22:37 - 2019-01-14 16:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2021-09-10 17:01 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2021-09-10 15:39 - 2014-05-09 10:52 - 000000000 ____D C:\Windows\system32\MRT
2021-09-10 15:36 - 2013-06-28 08:25 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-10 14:59 - 2014-05-09 10:14 - 000000000 ____D C:\Users\Administrator
2021-09-10 14:43 - 2019-01-14 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 14:36 - 2020-01-03 11:41 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-10 14:33 - 2019-01-15 12:47 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-10 14:16 - 2019-01-16 12:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-10 14:06 - 2021-07-06 20:32 - 000000000 ___RD C:\Users\Administrator\Dropbox
2021-09-10 14:06 - 2020-02-20 00:26 - 000000000 ____D C:\Windows\SysWOW64\GPUCache
2021-09-10 14:06 - 2020-01-31 15:39 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2021-09-10 14:06 - 2019-01-16 12:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2021-09-10 14:06 - 2019-01-15 12:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mailbird
2021-09-10 14:06 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2021-09-10 14:05 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2021-08-28 08:38 - 2019-04-05 12:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2020-03-25 18:36 - 2020-07-15 23:59 - 000007597 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-28 15:13
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2021
Ran by Administrator (13-09-2021 14:18:42)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-05-29 15:19:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4024106872-1649823565-1726780474-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-4024106872-1649823565-1726780474-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4024106872-1649823565-1726780474-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon TS3300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS3300_series) (Version: 1.01 - Canon Inc.)
DriverUpdate (HKLM\...\{4839D0D2-24F2-47F6-B050-8A4C3C38EE36}) (Version: 5.8.13 - Slimware Utilities Holdings, Inc.) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Mailbird (HKLM\...\{0949F610-2CD6-4ABC-9A03-71E08FB8F805}) (Version: 2.8.23 - Mailbird)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 92.0 (x64 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.0 - Canon Inc.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4222 - CyberLink Corp.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-10] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2011-10-01 05:36 - 2011-01-17 09:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2011-10-01 05:36 - 2011-01-17 09:14 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\ucrtbase.DLL
2021-09-10 15:31 - 2021-09-10 15:31 - 000000000 ____L (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) C:\Program Files\Avast Software\Avast\1033\avast.local_vc142.crt\VCRUNTIME140.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Administrator\Documents\Camera Uploads:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-4024106872-1649823565-1726780474-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl#spf=1631308762002
HKU\S-1-5-21-4024106872-1649823565-1726780474-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/31
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4024106872-1649823565-1726780474-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4024106872-1649823565-1726780474-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4024106872-1649823565-1726780474-500 -> {EA2C534D-0BB9-4A99-AE4C-7D0E124D933B} URL = hxxp://www.google.com/search?q={searchTerms}

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4024106872-1649823565-1726780474-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.160.15 - 64.59.161.69
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{81321663-9237-4CAC-89A7-CCF1BBB26AE7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0E202883-6D6C-4943-BDB2-BBF44903C399}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D4C230D-F4EF-4E2F-9E77-380EEDC04003}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F37699A3-D1C8-4801-9B99-50549688F89A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

10-09-2021 11:20:31 Restore Operation
10-09-2021 13:49:35 Removed Avira Software Updater
10-09-2021 13:59:30 Restore Operation
10-09-2021 15:36:23 Windows Update
10-09-2021 17:01:04 Removed Avira Software Updater
13-09-2021 12:41:16 Restore Point Created by FRST
13-09-2021 14:02:17 AdwCleaner_BeforeCleaning_13/09/2021_14:02:17

==================== Faulty Device Manager Devices ============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/13/2021 12:41:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c73e75f5-d535-4138-a46e-475106e5a760}

Error: (09/10/2021 05:00:12 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (09/10/2021 05:00:12 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (09/10/2021 02:46:57 PM) (Source: ESENT) (EventID: 489) (User: )
Description: Avira.Spotlight.Service (2040) An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/10/2021 02:22:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (09/10/2021 02:22:54 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: (-2146885628) Cannot find object or property.

Error: (09/10/2021 01:05:59 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (09/10/2021 12:56:53 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.


System errors:
=============
Error: (09/13/2021 12:42:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Identity Protection Technology Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2021 12:41:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

BIOS: Hewlett-Packard J01 v02.32 05/10/2018
Motherboard: Hewlett-Packard 1495
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8080.04 MB
Available physical RAM: 4410.55 MB
Total Virtual: 16158.23 MB
Available Virtual: 12494.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.08 GB) (Free:172.16 GB) NTFS

\\?\Volume{e10534c3-9e07-11e1-9572-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{06a3aea6-ec2e-11e0-9226-806e6f6e6963}\ (HP_RECOVERY) (Fixed) (Total:8.71 GB) (Free:1.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 810A03F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.7 GB) - (Type=27)

==================== End of Addition.txt =======================

Please note: Your latest post gave instructions for AdwCleaner run and FRST run, which I've included. At the end of the post, it listed three things, rather than two - It also listed a Malwarebytes report as well, although there had been no instructions included for it. On the off-chance that you need it, I'm re-running Malbytes, and, as before, there are no threats indicated.
 

Macboatmaster

Trusted Advisor
Spam Fighter
Joined
Jan 14, 2010
Messages
24,793
To save you waiting for a reply from DR.M
in case you did not see his post 50 comment
Let's continue. Note that it is midnight here, so this is my last post to you for today. I will be back to you tomorrow.
He has gone offline. as above.

I presume you saw my post 46 comment to you.

Good luck with it.
As I said, if necessary I will work with you again after DR.M has finished and pronoucned the system clean, IF there are still problems.
 

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
Hi Macboatmaster, Yes, I saw your post to me and I much appreciate you handing me off to Dr. M for his expertise, and your offer to help again afterward if it's needed. I'm very grateful to the people at Tech Guys support forum for the generous help over the years.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Hi, Kenneth.

I apologize I didn't reply yet. It was a very difficult day for me. I will be back to you tomorrow morning my time.

DR. M
Thank you for taking the thread for me.
Macboatmaster, I just saw the post above. You are very welcome.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Hi, Kenneth.

Asking for the Malwarebytes report again, was a mistake by me. You already told me that the scan returned clean.

1. Uninstall DriverUpdate
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
DriverUpdate
  • Select the above program and click Uninstall.
  • Restart the computer.

Are you still getting errors when you open your browsers? If yes, can you please take a screenshot of the errors?
 

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
Hello, I have uninstalled Driver Update as requested and done restart.

When computer is started, it's very slow to load programs.....This is most noticeable on my email program (Mailbird) and Mozilla Firefox and, to a lesser degree, on Internet Explorer.

I'm still getting errors on both browsers, most frequently when I try to load video programs but also, to a lesser degree, on text programs. I'll attempt to do screen shots, which will basically be screen messages that say "You are not connected to a network". As I've tried to learn to do screenshots in the past and have had difficulties, it may take a while, but I'll continue trying until I've succeeded.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Hi, Kenneth.

This article may be helpful regarding screenshots (method 1 or 2). I would like to see the screenshots and then try something else.

I'm still getting errors on both browsers, most frequently when I try to load video programs but also, to a lesser degree, on text programs.
What do you mean by "load video programs" using browsers?

What are the text programs you are referring to?
 

kenneth7379

Ken
Thread Starter
Joined
Oct 19, 2008
Messages
304
By loading programs, I mean that if I open my browser and try to click on a site, either words (text) or video I want to watch, I get the "You're not connected to a network" message. The first image is what comes up on Firefox. The second image is what comes up on Internet Explorer.

Screenshot 2.png

Untitled.png
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,195
Thank you, Kenneth.
  • Right click on the Start button in the right corner of your screen and select Device manager.
  • Find Network adapters and click on the little arrow to expand it.
  • Take a screenshot and attach it for me.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top