Google Result Links Going To Ad Sites

continuityerror · Jun 9, 2023

Hi (apologizes if this is the wrong forum):

When I do a Google search now, clicking on a result link takes me to an ad page. I'm guessing some malware is to blame, but don't know where to start re: finding it and removing it. The last time I dealt with any issue like this was over 15 years ago!

I'm using the Brave browser. Can anyone offer some guidance on rooting out this problem. Thanks!

Oh My! · Jun 9, 2023

Greetings and welcome to the MajorGeeks Malware Forum.

You have come to the right place. We would be happy to assist you.

Please do these things for me.

===================================================

Malwarebytes AdwCleaner

-------------------

Please download AdwCleaner and save it to your Desktop

Close all open programs and browsers

Right click on the icon and select Run as administrator

Click Scan now

Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep

When completed click View Scan Log File

Copy and paste the contents in your reply

Click Skip Basic Repair if it appears then close the program

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important

If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen

2 Notepad documents should now be open on your desktop.

Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

AdwCleaner report

FRST.txt

Addition.txt

continuityerror · Jun 9, 2023

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-09-2023
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.1265)
# Cleaned: 12
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games\BlackJack Plus.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games.lnk
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\SHORTCUTPROVIDER
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5082 octets] - [09/06/2023 11:02:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-09-2023
# Duration: 00:00:05
# OS: Windows 11 (Build 22621.1265)
# Scanned: 32083
# Detected: 30

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games\BlackJack Plus.lnk

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D02CA41A-35F1-4E24-9365-D181FFAFC368}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\rgwis\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games.lnk
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\SHORTCUTPROVIDER
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}
Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

continuityerror · Jun 9, 2023

This is the Farbar Recovery Scan Tool (FRST) log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by rgwis (administrator) on LAPTOP-M246IQSC (HP HP Laptop 15t-dy100) (09-06-2023 11:11:29)
Running from C:\Users\rgwis\OneDrive\Desktop\FRST64.exe
Loaded Profiles:
Platform: Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointGpuInfo.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <33>
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2302.16.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\WaaSMedicAgent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138976 2020-08-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2023-05-12] (Apple Inc. -> Apple Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\Installer\setup.exe [4065216 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-11-23] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\Installer\chrmstp.exe [2023-06-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BD04F48-C785-4440-9131-3FBBAFB3B367} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1780D256-2EF0-4C5E-804A-E64F31616EEC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1974F7E0-3E1A-466F-A4E4-EF491C0D7DC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A725E55-E2D3-468F-A470-AAA89DE76E3C} - System32\Tasks\GoogleUpdateTaskMachineUA{2344FDDA-C5DB-46A5-90E6-F333E732C58A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-18] (Google LLC -> Google LLC)
Task: {35C7E13F-0151-4AAD-847F-F1EC63A7D3F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D66942D-1F40-4E6F-8957-640962173B73} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {43D8E114-BBB7-479B-BEBA-FE439CBCF5F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {47FFDF9C-EF5B-4E87-BAA8-E30311C6C176} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {4DC28200-81F7-4E30-94B5-BA91353F8DE0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {4EC60CE2-A9F8-43BF-9FAD-1613DF24B4D7} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{DE731537-4025-4445-BDD9-FB6B496A142D} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5E5D0DC7-AF44-400C-82E4-1421E47545FD} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {6428DD9A-EFC7-44A2-9002-024E535CB30F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {80EFD5F4-5E87-4F64-A6FF-EB2B39D70CA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-03-10] (HP Inc. -> HP Inc.)
Task: {9CD75CE3-03B6-4C55-A96B-08FCB6EB63B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DFD6907-104B-49DD-A83A-DD2A0804A66A} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{B32BDC0E-CFC7-415B-9D3C-1DF9B44163D6} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A789F9ED-30AD-41B6-897F-3D81AA7A2BF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFE751DB-97F3-49B5-A731-47B6C173DBBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-03-10] (HP Inc. -> HP Inc.)
Task: {B2FA8A3A-9661-48F7-AA37-8B75CEFF2279} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {B6CC1CAB-CD32-443E-BCF4-4BDC47EAD11E} - System32\Tasks\GoogleUpdateTaskMachineCore{F61CD8C6-9269-4B36-8726-5E83056C23EB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-18] (Google LLC -> Google LLC)
Task: {BAA71BBA-A97E-4B98-BF74-B6970343E40C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C0284ACB-3E87-47A2-8C96-AA78072F6E29} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5E9B4DB-F22D-42D1-A2AB-49E2E837FE1C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA99D91B-A699-4B69-AE72-6EFC56305B59} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {D02CA41A-35F1-4E24-9365-D181FFAFC368} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {D73EB1C7-ABA4-4496-913B-C80DCF28AC12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-03-10] (HP Inc. -> HP Inc.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {F47D1707-01C2-4080-9300-1E3B127B7105} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-03-10] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b6f0b023-7aac-4125-bc24-fa7f9c9b35a0}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-24]
Edge Extension: (Edge relevant text changes) - C:\Users\\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-29]

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\\AppData\Local\Google\Chrome\User Data\Default [2023-06-09]
CHR DownloadDir: C:\Users\\Downloads
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Docs Offline) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-18]
CHR Extension: (Save quickly and repost) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlphjjfielecalmmjjdhjjninkbjdod [2023-04-23]

Brave:
=======
BRA Profile: C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-06-09]
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Image downloader - Imageye) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\agionbommeaifngbhincahgmoflcikhm [2023-01-30]
BRA Extension: (Youtube Image Downloader) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bjchdihmmgfbfheblpmfpaojmjchdioi [2022-11-27]
BRA Extension: (Foxified) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cldmemdnllncchfahbcnjijheaolemfk [2022-12-03]
BRA Extension: (Image Downloader) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2023-02-03]
BRA Extension: (MP3 Converter) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\flildjghnbmjppbenicihiaaadkpkika [2023-05-01]
BRA Extension: (Screenshot YouTube) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2022-11-27]
BRA Extension: (Download All Images) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ifipmflagepipjokmbdecpmjbibjnakm [2023-02-03]
BRA Extension: (Text to Speech for Google Chrome™) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihjphbgdciilclbpcmagkacpohgokpep [2022-12-30]
BRA Extension: (Imagus) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2022-11-18]
BRA Extension: (Video DownloadHelper) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-12-30]
BRA Extension: (CrossPilot) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\migomhggnppjdijnfkiimcpjgnhmnale [2022-12-03]
BRA Extension: (Download All Images) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nnffbdeachhbpfapjklmpnmjcgamcdmm [2023-04-02]
BRA Extension: (Text Reader (Text to Speech) TTS by Read me) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\npdkkcjlmhcnnaoobfdjndibfkkhhdfn [2023-06-05]
BRA Extension: (Save & Repost for Instagram) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\olmfgbcgfadifpdcompkdbgdifojjdlg [2023-02-27]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-06-09]
BRA Extension: (Brave NTP background images) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-06-09]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-06-09]
BRA Extension: (Wallet Data Files Updater) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-06-05]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-11]
BRA Extension: (Brave NTP sponsored images) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-06-09]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-06-05]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2022-11-18]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-06-09]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-06-09]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-06-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103264 2023-03-01] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\brave_vpn_helper.exe [3055640 2023-06-06] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe [797600 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe [796584 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe [792984 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe [796576 2023-01-19] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe [493712 2022-12-19] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\elevation_service.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-07-16] (Alcorlink Corp. -> )
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-06-29] (Intel Corporation -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 MpKslb55d7a30; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD228517-543B-4C7F-8850-DC65EFD7AF5D}\MpKslDrv.sys [213288 2023-06-09] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2022-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-09 11:10 - 2023-06-09 11:11 - 000000000 ____D C:\FRST
2023-06-09 11:01 - 2023-06-09 11:04 - 000000000 ____D C:\AdwCleaner
2023-05-28 07:48 - 2023-05-28 07:48 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2023-05-28 07:48 - 2023-05-28 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2023-05-28 07:48 - 2023-05-28 07:48 - 000000000 ____D C:\Program Files\iTunes

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-09 10:58 - 2022-11-18 16:02 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-09 10:58 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-06-09 10:57 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-09 08:43 - 2022-11-18 13:23 - 000000000 ____D C:\Users\\AppData\Local\D3DSCache
2023-06-09 07:40 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-09 07:08 - 2020-12-22 07:13 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-08 19:31 - 2022-11-25 16:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-08 19:06 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-08 04:58 - 2022-12-18 12:29 - 000000000 ____D C:\Users\\OneDrive\Documents\My Kindle Content
2023-06-07 19:34 - 2020-12-22 06:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-06 19:38 - 2022-11-18 15:05 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-06-05 19:49 - 2022-11-18 16:03 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-05 19:48 - 2022-11-18 13:23 - 000000000 __SHD C:\Users\\IntelGraphicsProfiles
2023-06-04 19:37 - 2022-12-04 13:11 - 000000000 ____D C:\Users\rgwis\OneDrive\Documents\Notepad & PDF Documents
2023-06-03 07:15 - 2022-11-25 17:01 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-287006484-2376131663-1300187197-1001
2023-06-03 07:15 - 2022-11-25 17:01 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-287006484-2376131663-1300187197-1001
2023-06-03 07:15 - 2022-11-18 13:20 - 000002386 _____ C:\Users\rgwis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-02 19:28 - 2022-12-12 07:27 - 000000000 ____D C:\Users\rgwis\AppData\Roaming\calibre
2023-06-01 06:19 - 2020-05-06 04:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-31 20:16 - 2022-12-03 17:32 - 000000000 ____D C:\Users\rgwis\OneDrive\Documents\COMICS
2023-05-18 19:28 - 2022-11-25 17:01 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{2344FDDA-C5DB-46A5-90E6-F333E732C58A}
2023-05-18 19:28 - 2022-11-25 17:01 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{F61CD8C6-9269-4B36-8726-5E83056C23EB}
2023-05-17 19:50 - 2022-11-18 13:20 - 000000000 ___SD C:\Users\rgwis\AppData\Roaming\Microsoft\Protect
2023-05-13 04:13 - 2022-11-25 17:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-13 04:13 - 2022-11-25 17:01 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2023-01-01 16:40 - 2023-01-01 16:40 - 000000943 _____ () C:\Users\rgwis\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

continuityerror · Jun 9, 2023

Second Farbar:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by rgwis (09-06-2023 11:12:39)
Running from C:\Users\rgwis\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) (2022-11-25 21:01:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-287006484-2376131663-1300187197-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287006484-2376131663-1300187197-503 - Limited - Disabled)
Guest (S-1-5-21-287006484-2376131663-1300187197-501 - Limited - Disabled)
rgwis (S-1-5-21-287006484-2376131663-1300187197-1001 - Administrator - Enabled) => C:\Users\rgwis
WDAGUtilityAccount (S-1-5-21-287006484-2376131663-1300187197-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\Amazon Kindle) (Version: 1.39.2.65383 - Amazon)
Apple Mobile Device Support (HKLM\...\{CA8EDE78-7A08-4F27-9B31-D6161C095986}) (Version: 16.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 114.1.52.122 - Brave Software Inc)
calibre 64bit (HKLM\...\{FD4283DA-1E54-490D-B836-DD06AA5AB5DC}) (Version: 6.9.0 - Kovid Goyal)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
GIMP 2.10.32-1 (HKLM\...\GIMP-2_is1) (Version: 2.10.32 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}) (Version: 12.12.9.4 - Apple Inc.)
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\OneDriveSetup.exe) (Version: 23.101.0514.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
PeaZip 8.9.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 8.9.0 - Giorgio Tani)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-11-18] (Amazon.com)
Booking.com USA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comUSABigsavingson_2.0.5.0_x64__mgae2k3ys4ra0 [2022-11-18] (Priceline Partner Network)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.48.2.0_x64__6rarf9sa4v8jt [2023-03-15] (Disney)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.15.226.0_x64__v10z8vjag6ke6 [2022-11-18] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.1.0.0_x64__v10z8vjag6ke6 [2023-01-13] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.1.54.0_x64__v10z8vjag6ke6 [2022-11-21] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-11-25] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_143.1.1136.0_x64__v10z8vjag6ke6 [2023-04-06] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.24.53.0_x64__v10z8vjag6ke6 [2023-03-29] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2023-04-02] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-11-18] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-02] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10126.517.0_x64__8wekyb3d8bbwe [2023-02-16] (Microsoft Corporation)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Corporation)
ms-resourceisplayName -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-05-31] (McAfee LLC.)
ms-resource:OEMAppName -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.5.0_x64__xbfy0k16fey96 [2022-12-16] (Dropbox Inc.)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4628.0_x64__8j3eq9eme6ctt [2023-03-10] (INTEL CORP) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6 [2023-01-15] (HP Inc.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-11-18] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2022-11-18] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-287006484-2376131663-1300187197-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-10-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-10-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utomik - Play over 1000 games.lnk -> C:\Program Files (x86)\Online Services\Utomik\WizLink.exe () -> hxxps://www.utomik.com/hp_desktop

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-287006484-2376131663-1300187197-1001 -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-03-10] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-03-10] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-287006484-2376131663-1300187197-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rgwis\OneDrive\Desktop\Adventures\byrne.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41501C9534A122FF975ABFAD14D9859D"
HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2A033B8-3099-4BC4-AED7-37B91E61FD12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0BDF4595-A8F8-437B-A162-5911BD1231E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{581B8EB9-DA58-465C-B4B8-CB13E49D6F1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F8CDC55D-B773-4C7B-8CFB-9F9A4F34CC6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB3F4FB9-A52B-4761-A0E7-322C795976DB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{B8CA64AC-A96D-4984-A4D7-950363050553}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{9D75E289-08CB-4A06-8825-BBA66DF4A4E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A61AF0D-3B1D-44EB-AB4F-494AEAD0D7F4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6168F9E0-B330-421C-9B0E-6BA1BAB17057}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C552B641-DAD6-463F-943E-9A1D55F9C331}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A789C3E-CED4-48D8-857B-519FC1EFF8F3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74EC54F9-6784-4F27-907D-30F5A24BCE92}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE5727FB-5050-4FC3-98BE-EC5DE641CFBC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5357A80-6038-4D25-B4C8-94740B83DEAC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FCA6142-71E3-4243-8A5F-C6D5CA22C566}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D448CB4E-C34E-4AF1-8D91-06ABEBE4A775}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EAD11F40-6D04-4E3D-8F5C-B62DD0DF5ED7}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{DB4968FF-6787-41A6-9C50-563B4E671A30}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{421982E9-BAC5-452F-84C8-C2E37E40C597}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D1D7E8F6-B4C3-4C6E-86F1-0CB2554D34C1}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

09-06-2023 11:04:10 AdwCleaner_BeforeCleaning_09/06/2023_11:04:10

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA FE80:0000:0000:0000:EAAA:8C3C:3049:1949

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C1B5:BC98:7D02:36B9

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:3D76:BBA0:54F9:B419

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C1B5:BC98:7D02:36B9

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C3DB:C026:0132:9361

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C1B5:BC98:7D02:36B9

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:0000:0000:0000:0048

Error: (06/04/2023 01:05:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C1B5:BC98:7D02:36B9

System errors:
=============
Error: (06/09/2023 11:10:47 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-M246IQSC)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/09/2023 11:04:26 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the WildTangentHelper service, but this action failed with the following error:
The system cannot find the file specified.

Error: (06/09/2023 11:04:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/09/2023 11:04:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/09/2023 11:04:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/09/2023 11:04:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WildTangentHelper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.

Error: (06/09/2023 11:04:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Network HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/09/2023 11:04:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP App Helper HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2023-06-09 10:57:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 07:04:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-04 07:30:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-03 09:33:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-02 14:07:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-06-09 11:13:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0067181d6d0f8476\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.26 06/17/2022
Motherboard: HP 86C9
Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 67%
Total physical RAM: 11976.83 MB
Available physical RAM: 3879.17 MB
Total Virtual: 23240.83 MB
Available Virtual: 14449.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.57 GB) (Free:127.66 GB) (Model: Intel Optane+238GBSSD) NTFS

\\?\Volume{f44aaaf1-eb53-4d63-a98b-d1749d1dad76}\ () (Fixed) (Total:0.63 GB) (Free:0.08 GB) NTFS
\\?\Volume{232d07ac-0b3f-4140-af58-b07c43f6866c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 39798C71)

Partition: GPT.

==================== End of Addition.txt =======================

Oh My! · Jun 10, 2023

Greetings.

My apologies for the delay.

Can you tell me if you experience the redirects if you use Edge as your browser? Also, do you have other computers connected to your network and if so do they experience the same thing?

There are remnants of McAfee I would like to remove from your computer. Below are instructions to start that process.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Code:

Start::
CreateRestorePoint:
CloseProcesses:
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\elevation_service.exe" [X] 
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] 
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X] 
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] 
Task: {1780D256-2EF0-4C5E-804A-E64F31616EEC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File) 
Task: {47FFDF9C-EF5B-4E87-BAA8-E30311C6C176} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File) 
Task: {4DC28200-81F7-4E30-94B5-BA91353F8DE0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) 
Task: {1780D256-2EF0-4C5E-804A-E64F31616EEC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File) 
Task: {47FFDF9C-EF5B-4E87-BAA8-E30311C6C176} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File) 
Task: {4DC28200-81F7-4E30-94B5-BA91353F8DE0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Copy/paste the following in the Search: box

Code:

SearchAll: McAfee

Click Search Files button
When completed click OK and a Search.txt document will open on your desktop
Copy and paste the report in your reply. If the file is too large please zip and upload the file to GoFile, WeTransfer, or the file hosting site of your choice and post the download link in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Redirects with Edge or other devices?
Fixlog
Search.txt

continuityerror · Jun 10, 2023

Just tried with Edge and it Doesn't happen with Edge. There are no other computers connected to my network.

continuityerror · Jun 10, 2023

This is Fixlog. Not sure what you mean by searching for McAfee -- it searched my files and it showed no results.
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by (10-06-2023 11:12:03) Run:1
Running from
Loaded Profiles:
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\elevation_service.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Task: {1780D256-2EF0-4C5E-804A-E64F31616EEC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {47FFDF9C-EF5B-4E87-BAA8-E30311C6C176} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {4DC28200-81F7-4E30-94B5-BA91353F8DE0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {1780D256-2EF0-4C5E-804A-E64F31616EEC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {47FFDF9C-EF5B-4E87-BAA8-E30311C6C176} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {4DC28200-81F7-4E30-94B5-BA91353F8DE0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=103&RedeemCode=jqcLKNzHiYFATFheVf%2fejPUa2OjgXmKP8EKP0%2bWbTQLsdYAC18oWcA5W1kwHB2yA3wp3xX%2fPJ1a%2bByDpn%2f3dgLVcFWsbngm9nF2RocuY9KhYEUR2MRNnEtKrlDgWphqWYdbrRCqqq5D0CdPGEEQCLIpWJndkjISJxZUput97r7g%3d
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\BraveElevationService => removed successfully
BraveElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\GamesAppService => removed successfully
GamesAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\WildTangentHelper => removed successfully
WildTangentHelper => service removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1780D256-2EF0-4C5E-804A-E64F31616EEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1780D256-2EF0-4C5E-804A-E64F31616EEC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47FFDF9C-EF5B-4E87-BAA8-E30311C6C176}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47FFDF9C-EF5B-4E87-BAA8-E30311C6C176}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DC28200-81F7-4E30-94B5-BA91353F8DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC28200-81F7-4E30-94B5-BA91353F8DE0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1780D256-2EF0-4C5E-804A-E64F31616EEC}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47FFDF9C-EF5B-4E87-BAA8-E30311C6C176}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC28200-81F7-4E30-94B5-BA91353F8DE0}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk => Shortcut argument removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-287006484-2376131663-1300187197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-287006484-2376131663-1300187197-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========

Beginning system scan. This process will take some time.

There is a system repair pending which requires reboot to complete. Restart
Windows and run sfc again.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.1265

[== 3.8% ]

[== 4.8% ]

[=== 5.3% ]

[=== 6.3% ]

[==== 7.2% ]

[==== 8.2% ]

[===== 8.8% ]

[===== 9.8% ]

[====== 10.8% ]

[====== 11.8% ]

[======= 12.8% ]

[======= 13.7% ]

[======== 14.7% ]

[======== 15.5% ]

[========= 16.5% ]

[========= 17.1% ]

[========= 17.2% ]

[========== 17.5% ]

[========== 18.0% ]

[========== 18.2% ]

[========== 18.6% ]

[=========== 19.3% ]

[=========== 19.6% ]

[=========== 19.8% ]

[=========== 20.2% ]

[=========== 20.6% ]

[============ 20.9% ]

[============ 21.3% ]

[============ 21.4% ]

[============ 21.4% ]

[============ 21.5% ]

[============= 22.5% ]

[============= 23.5% ]

[============== 24.5% ]

[============== 25.4% ]

[=============== 26.4% ]

[=============== 27.4% ]

[================ 28.1% ]

[================ 29.1% ]

[================= 30.0% ]

[================= 30.9% ]

[================== 31.9% ]

[================== 32.5% ]

[=================== 32.9% ]

[=================== 33.8% ]

[=================== 34.0% ]

[=================== 34.1% ]

[=================== 34.3% ]

[=================== 34.4% ]

[==================== 34.5% ]

[==================== 34.5% ]

[==================== 34.6% ]

[==================== 34.7% ]

[==================== 35.0% ]

[==================== 35.5% ]

[==================== 35.8% ]

[===================== 36.3% ]

[===================== 37.3% ]

[====================== 38.0% ]

[====================== 38.6% ]

[====================== 38.9% ]

[====================== 39.6% ]

[======================= 40.2% ]

[======================= 40.6% ]

[======================= 41.1% ]

[======================== 41.4% ]

[======================== 41.7% ]

[======================== 41.9% ]

[======================== 42.3% ]

[======================== 42.9% ]

[========================= 43.5% ]

[========================= 43.8% ]

[========================= 43.9% ]

[========================= 44.2% ]

[========================= 44.5% ]

[========================== 44.9% ]

[========================== 45.9% ]

[===========================46.7% ]

[===========================47.7% ]

[===========================48.7% ]

[===========================49.7% ]

[===========================50.5% ]

[===========================51.5% ]

[===========================51.8% ]

[===========================51.8% ]

[===========================51.8% ]

[===========================52.0% ]

[===========================52.1% ]

[===========================52.2% ]

[===========================52.2% ]

[===========================52.3% ]

[===========================52.4% ]

[===========================52.5% ]

[===========================52.5% ]

[===========================52.5% ]

[===========================52.6% ]

[===========================52.7% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================56.8% ]

[===========================56.9%= ]

[===========================57.0%= ]

[===========================57.1%= ]

[===========================57.1%= ]

[===========================57.2%= ]

[===========================57.6%= ]

[===========================58.5%= ]

[===========================59.5%== ]

[===========================59.5%== ]

[===========================59.5%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 137308793 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 133401174 B
Edge => 0 B
Chrome => 281727341 B
Brave => 1283901576 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 314080 B

=> 128488173 B

RecycleBin => 14880807629 B
EmptyTemp: => 15.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:23:15 ====

Oh My! · Jun 10, 2023

Thank you for the report.

Let's hold off on McAfee for now.

Can you confirm you still have an issue with Brave after completing the steps?

Please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST will do it for you
Code:
Start::
cmd: sfc /scannow
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Brave redirects?

Fixlog

continuityerror · Jun 10, 2023

*I'm not sure if this has already been posted -- two Notepad docs appeared. I'll posted the other one in the next message.*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by rgwis (administrator) on LAPTOP-M246IQSC (HP HP Laptop 15t-dy100) (10-06-2023 18:55:45)
Running from C:\Users\rgwis\OneDrive\Desktop\PROGRAMS\FRST64.exe
Loaded Profiles: rgwis
Platform: Microsoft Windows 11 Home Version 22H2 22621.1413 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\HPAudioSwitch.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe <12>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Windows (R) Win 7 DDK provider) C:\Windows\UUS\amd64\MoNotificationUx.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIServiceN.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEMN.exe
(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5bf497d20ce7fee9\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5bf497d20ce7fee9\x64\TouchpointGpuInfo.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\BridgeCommunication.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2304.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5bf497d20ce7fee9\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIServiceN.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0067181d6d0f8476\IntelCpHDCPSvc.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(sihost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee, LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\HP.MyHP.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138976 2020-08-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2023-05-12] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536624 2023-06-10] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\Installer\chrmstp.exe [2023-06-06] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BD04F48-C785-4440-9131-3FBBAFB3B367} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1974F7E0-3E1A-466F-A4E4-EF491C0D7DC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A725E55-E2D3-468F-A470-AAA89DE76E3C} - System32\Tasks\GoogleUpdateTaskMachineUA{2344FDDA-C5DB-46A5-90E6-F333E732C58A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-18] (Google LLC -> Google LLC)
Task: {35C7E13F-0151-4AAD-847F-F1EC63A7D3F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D66942D-1F40-4E6F-8957-640962173B73} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {43D8E114-BBB7-479B-BEBA-FE439CBCF5F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {4EC60CE2-A9F8-43BF-9FAD-1613DF24B4D7} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{DE731537-4025-4445-BDD9-FB6B496A142D} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5E5D0DC7-AF44-400C-82E4-1421E47545FD} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {6428DD9A-EFC7-44A2-9002-024E535CB30F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {80EFD5F4-5E87-4F64-A6FF-EB2B39D70CA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-05-30] (HP Inc. -> HP Inc.)
Task: {9CD75CE3-03B6-4C55-A96B-08FCB6EB63B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DFD6907-104B-49DD-A83A-DD2A0804A66A} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{B32BDC0E-CFC7-415B-9D3C-1DF9B44163D6} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A789F9ED-30AD-41B6-897F-3D81AA7A2BF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFE751DB-97F3-49B5-A731-47B6C173DBBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-05-30] (HP Inc. -> HP Inc.)
Task: {B2FA8A3A-9661-48F7-AA37-8B75CEFF2279} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {B6CC1CAB-CD32-443E-BCF4-4BDC47EAD11E} - System32\Tasks\GoogleUpdateTaskMachineCore{F61CD8C6-9269-4B36-8726-5E83056C23EB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-18] (Google LLC -> Google LLC)
Task: {BAA71BBA-A97E-4B98-BF74-B6970343E40C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C0284ACB-3E87-47A2-8C96-AA78072F6E29} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5E9B4DB-F22D-42D1-A2AB-49E2E837FE1C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA99D91B-A699-4B69-AE72-6EFC56305B59} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {D02CA41A-35F1-4E24-9365-D181FFAFC368} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {D1EA2235-11FB-465D-8542-B3C1F3A5FCC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-05-30] (HP Inc. -> HP Inc.)
Task: {D73EB1C7-ABA4-4496-913B-C80DCF28AC12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-05-30] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b6f0b023-7aac-4125-bc24-fa7f9c9b35a0}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rgwis\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-10]
Edge Extension: (Edge relevant text changes) - C:\Users\rgwis\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-29]

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\rgwis\AppData\Local\Google\Chrome\User Data\Default [2023-06-10]
CHR DownloadDir: C:\Users\rgwis\Downloads
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Docs Offline) - C:\Users\rgwis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rgwis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-18]
CHR Extension: (Save quickly and repost) - C:\Users\rgwis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlphjjfielecalmmjjdhjjninkbjdod [2023-04-23]

Brave:
=======
BRA Profile: C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-06-10]
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Image downloader - Imageye) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\agionbommeaifngbhincahgmoflcikhm [2023-01-30]
BRA Extension: (Youtube Image Downloader) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bjchdihmmgfbfheblpmfpaojmjchdioi [2022-11-27]
BRA Extension: (Foxified) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cldmemdnllncchfahbcnjijheaolemfk [2022-12-03]
BRA Extension: (Image Downloader) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2023-02-03]
BRA Extension: (MP3 Converter) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\flildjghnbmjppbenicihiaaadkpkika [2023-05-01]
BRA Extension: (Screenshot YouTube) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2022-11-27]
BRA Extension: (Download All Images) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ifipmflagepipjokmbdecpmjbibjnakm [2023-02-03]
BRA Extension: (Text to Speech for Google Chrome™) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihjphbgdciilclbpcmagkacpohgokpep [2022-12-30]
BRA Extension: (Imagus) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2022-11-18]
BRA Extension: (Video DownloadHelper) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-12-30]
BRA Extension: (CrossPilot) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\migomhggnppjdijnfkiimcpjgnhmnale [2022-12-03]
BRA Extension: (Download All Images) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nnffbdeachhbpfapjklmpnmjcgamcdmm [2023-04-02]
BRA Extension: (Text Reader (Text to Speech) TTS by Read me) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\npdkkcjlmhcnnaoobfdjndibfkkhhdfn [2023-06-05]
BRA Extension: (Save & Repost for Instagram) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\olmfgbcgfadifpdcompkdbgdifojjdlg [2023-02-27]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-06-10]
BRA Extension: (Brave NTP background images) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-06-09]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-06-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-06-05]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-11]
BRA Extension: (Brave NTP sponsored images) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2023-06-10]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-06-05]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2022-11-18]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-06-10]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-06-09]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\rgwis\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-06-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103264 2023-03-01] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\114.1.52.122\brave_vpn_helper.exe [3055640 2023-06-06] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\AppHelperCap.exe [859072 2023-04-26] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\DiagsCap.exe [857496 2023-04-26] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\NetworkCap.exe [854416 2023-04-26] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_3fe14bedeb9ca7a2\x64\SysInfoCap.exe [858512 2023-04-26] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5bf497d20ce7fee9\x64\TouchpointAnalyticsClientService.exe [496208 2023-03-16] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-07-16] (Alcorlink Corp. -> )
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-06-29] (Intel Corporation -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 MpKsl2a94f50e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5360145D-1AE3-4BEF-8BFD-B9B4BE166FEA}\MpKslDrv.sys [213288 2023-06-10] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2022-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-06-01] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-10 14:24 - 2023-06-10 14:24 - 000000000 ____D C:\Users\rgwis\AppData\Local\SoundResearch
2023-06-10 13:07 - 2023-06-10 13:07 - 000000000 ___HD C:\$WinREAgent
2023-06-09 11:10 - 2023-06-10 18:56 - 000000000 ____D C:\FRST
2023-06-09 11:01 - 2023-06-09 11:04 - 000000000 ____D C:\AdwCleaner
2023-05-28 07:48 - 2023-05-28 07:48 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2023-05-28 07:48 - 2023-05-28 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2023-05-28 07:48 - 2023-05-28 07:48 - 000000000 ____D C:\Program Files\iTunes

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-10 18:41 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-06-10 18:33 - 2022-11-18 16:02 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-10 18:21 - 2022-11-18 13:23 - 000000000 ____D C:\Users\rgwis\AppData\Local\D3DSCache
2023-06-10 18:21 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-10 18:21 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2023-06-10 15:32 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-10 15:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-10 15:11 - 2022-11-25 16:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-10 14:49 - 2022-11-19 11:22 - 000000000 ____D C:\Users\rgwis\AppData\Roaming\HandBrake
2023-06-10 14:28 - 2022-11-18 16:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-06-10 14:22 - 2022-11-18 16:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-10 14:15 - 2022-11-18 16:56 - 159583304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-10 13:14 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-06-10 11:33 - 2022-11-18 13:23 - 000000000 ____D C:\Users\rgwis\AppData\Local\Packages
2023-06-10 11:32 - 2022-11-25 17:02 - 000855930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-06-10 11:31 - 2022-11-18 14:12 - 000000000 ____D C:\ProgramData\Packages
2023-06-10 11:27 - 2022-11-25 16:56 - 000000000 ____D C:\Users\rgwis\AppData\Roaming\Microsoft\Spelling
2023-06-10 11:26 - 2022-11-18 13:23 - 000000000 __SHD C:\Users\rgwis\IntelGraphicsProfiles
2023-06-10 11:25 - 2022-11-25 17:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-06-10 11:25 - 2022-11-25 16:54 - 000493544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-06-10 11:25 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-06-10 11:25 - 2022-05-07 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-06-10 11:25 - 2020-12-22 06:04 - 000000000 ____D C:\Intel
2023-06-10 11:25 - 2020-05-06 04:58 - 000012288 ___SH C:\DumpStack.log.tmp
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-06-10 11:24 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-10 11:14 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-06-10 11:12 - 2022-11-18 14:20 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk
2023-06-10 07:22 - 2022-11-25 17:01 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-287006484-2376131663-1300187197-1001
2023-06-10 07:22 - 2022-11-25 17:01 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-287006484-2376131663-1300187197-1001
2023-06-10 07:22 - 2022-11-18 13:20 - 000002386 _____ C:\Users\rgwis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-09 17:58 - 2022-12-18 12:29 - 000000000 ____D C:\Users\rgwis\OneDrive\Documents\My Kindle Content
2023-06-09 17:18 - 2020-12-22 06:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-09 07:08 - 2020-12-22 07:13 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-06 19:38 - 2022-11-18 15:05 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-06-05 19:49 - 2022-11-18 16:03 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-04 19:37 - 2022-12-04 13:11 - 000000000 ____D C:\Users\rgwis\OneDrive\Documents\Notepad & PDF Documents
2023-06-02 19:28 - 2022-12-12 07:27 - 000000000 ____D C:\Users\rgwis\AppData\Roaming\calibre
2023-06-01 06:19 - 2020-05-06 04:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-31 20:16 - 2022-12-03 17:32 - 000000000 ____D C:\Users\rgwis\OneDrive\Documents\COMICS
2023-05-18 19:28 - 2022-11-25 17:01 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{2344FDDA-C5DB-46A5-90E6-F333E732C58A}
2023-05-18 19:28 - 2022-11-25 17:01 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{F61CD8C6-9269-4B36-8726-5E83056C23EB}
2023-05-17 19:50 - 2022-11-18 13:20 - 000000000 ___SD C:\Users\rgwis\AppData\Roaming\Microsoft\Protect
2023-05-13 04:13 - 2022-11-25 17:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-13 04:13 - 2022-11-25 17:01 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2023-01-01 16:40 - 2023-01-01 16:40 - 000000943 _____ () C:\Users\rgwis\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

continuityerror · Jun 10, 2023

Second Notepad doc:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by rgwis (10-06-2023 18:58:08)
Running from C:\Users\rgwis\OneDrive\Desktop\PROGRAMS
Microsoft Windows 11 Home Version 22H2 22621.1413 (X64) (2022-11-25 21:01:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-287006484-2376131663-1300187197-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-287006484-2376131663-1300187197-503 - Limited - Disabled)
Guest (S-1-5-21-287006484-2376131663-1300187197-501 - Limited - Disabled)
rgwis (S-1-5-21-287006484-2376131663-1300187197-1001 - Administrator - Enabled) => C:\Users\rgwis
WDAGUtilityAccount (S-1-5-21-287006484-2376131663-1300187197-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Kindle (HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\Amazon Kindle) (Version: 1.39.2.65383 - Amazon)
Apple Mobile Device Support (HKLM\...\{CA8EDE78-7A08-4F27-9B31-D6161C095986}) (Version: 16.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 114.1.52.122 - Brave Software Inc)
calibre 64bit (HKLM\...\{FD4283DA-1E54-490D-B836-DD06AA5AB5DC}) (Version: 6.9.0 - Kovid Goyal)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
GIMP 2.10.32-1 (HKLM\...\GIMP-2_is1) (Version: 2.10.32 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}) (Version: 12.12.9.4 - Apple Inc.)
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
PeaZip 8.9.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 8.9.0 - Giorgio Tani)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2023-06-09] (Amazon.com)
Booking.com USA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comUSABigsavingson_2.0.5.0_x64__mgae2k3ys4ra0 [2023-06-10] (Priceline Partner Network)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.54.2.0_x64__6rarf9sa4v8jt [2023-06-10] (Disney)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.15.226.0_x64__v10z8vjag6ke6 [2022-11-18] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.2.0.0_x64__v10z8vjag6ke6 [2023-06-10] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.2.74.0_x64__v10z8vjag6ke6 [2023-06-10] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-11-25] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.1.1082.0_x64__v10z8vjag6ke6 [2023-06-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.26.74.0_x64__v10z8vjag6ke6 [2023-06-10] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6 [2023-06-10] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-06-10] (INTEL CORP)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-02] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-10] (Microsoft Corporation)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-06-10] (Microsoft Corporation) [Startup Task]
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.60961.0_x64__8wekyb3d8bbwe [2023-06-10] (Microsoft Corporation)
ms-resourceisplayName -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-05-31] (McAfee LLC.)
ms-resource:OEMAppName -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.17.0_x64__xbfy0k16fey96 [2023-06-10] (Dropbox Inc.)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-06-10] (INTEL CORP) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6 [2023-06-09] (HP Inc.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-11-18] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-06-10] (Random Salad Games LLC)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-10] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-287006484-2376131663-1300187197-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-10-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b840211aa1b1b9ff\OptaneShellExt.dll [2020-10-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utomik - Play over 1000 games.lnk -> C:\Program Files (x86)\Online Services\Utomik\WizLink.exe () -> hxxps://www.utomik.com/hp_desktop

==================== Loaded Modules (Whitelisted) =============

2023-02-27 20:09 - 2023-02-27 20:09 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\2d30f7ea748931b45f2d69c609d6bc47\Interop.IWshRuntimeLibrary.ni.dll
2023-02-27 20:08 - 2023-02-27 20:08 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\87f74a71a204bf7fde39f622924c4f3f\Hardcodet.Wpf.TaskbarNotification.ni.dll
2023-02-27 20:09 - 2023-02-27 20:09 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9341642fab995e2f3a1c93d48a0e07f6\NAudio.ni.dll
2023-02-27 20:09 - 2023-02-27 20:09 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\2f079fd0a6ce77092bdcbab1ce035231\Newtonsoft.Json.ni.dll
2023-02-27 20:08 - 2023-02-27 20:08 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\8d542123be4595a204d30ab91330deac\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-287006484-2376131663-1300187197-1001 -> {C417F304-CF7F-4B71-BEB5-E549E743C0D3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-05-30] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-05-30] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2023-06-10 11:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-287006484-2376131663-1300187197-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rgwis\OneDrive\Desktop\Adventures\byrne.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41501C9534A122FF975ABFAD14D9859D"
HKU\S-1-5-21-287006484-2376131663-1300187197-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6CEB98A8-41F3-4AB5-9AD4-479A3D1EEF77}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2848D7DF-F7EF-44AE-98AF-F4E7A7C77FC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4936EFC3-C414-44F9-8B78-CD289461FF99}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E053BC5-B34C-4A33-8EF5-B0DFF63642F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

10-06-2023 11:12:04 Restore Point Created by FRST
10-06-2023 13:07:56 Windows Modules Installer
10-06-2023 13:08:32 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-M246IQSC.local already in use; will try LAPTOP-M246IQSC-2.local instead

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 LAPTOP-M246IQSC.local. Addr 192.168.1.68

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:0000:0000:0000:0048

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA FE80:0000:0000:0000:EAAA:8C3C:3049:1949

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:0000:0000:0000:0048

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:81EC:8233:7A2B:62A2

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:0000:0000:0000:0048

Error: (06/10/2023 11:25:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M246IQSC.local. AAAA 2600:1700:EC7F:1000:C3DB:C026:0132:9361

System errors:
=============
Error: (06/10/2023 11:38:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N9PHDT62W94-AD2F1837.myHP.

Error: (06/10/2023 11:33:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (06/10/2023 11:32:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MV0B5HZVK9Z-Microsoft.GamingApp.

Error: (06/10/2023 11:14:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (06/10/2023 11:13:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 213) (User: NT AUTHORITY)
Description: Revert Failure: Windows failed to revert the following update with error 0x80246007: 2023-03 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5023706)

Error: (06/10/2023 11:12:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 2 time(s).

Error: (06/10/2023 11:12:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/10/2023 11:12:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2023-06-10 08:49:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 13:20:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 10:57:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 07:04:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-04 07:30:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-06-10 18:57:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0067181d6d0f8476\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.26 06/17/2022
Motherboard: HP 86C9
Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 43%
Total physical RAM: 11976.83 MB
Available physical RAM: 6815.86 MB
Total Virtual: 25800.83 MB
Available Virtual: 20323.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.57 GB) (Free:127.66 GB) (Model: Intel Optane+238GBSSD) NTFS

\\?\Volume{f44aaaf1-eb53-4d63-a98b-d1749d1dad76}\ () (Fixed) (Total:0.63 GB) (Free:0.08 GB) NTFS
\\?\Volume{232d07ac-0b3f-4140-af58-b07c43f6866c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 39798C71)

Partition: GPT.

==================== End of Addition.txt =======================

continuityerror · Jun 10, 2023

I've been searching from the Brave search bar. The jump to an ad page (always Amazon) didn't happen this time. However, I've noticed the Google results page appears as normal for a second or so, then additional results suddenly pop up on the top of the page. That is still happening, but I haven't seen the "goes to an Amazon page" quirk since running the scans.

Oh My! · Jun 10, 2023

Greetings.

then additional results suddenly pop up on the top of the page
Click to expand...

I'm not exactly sure what this means. Might it be a row of tabs/links like News Downloads Videos etc.? If not, please describe in more detail.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Please download the attached file and save it in the same location as FRST.exe <<< Important

Right click on FRST and select Run as administrator

Click Fix and once completed your computer will reboot

The tool will create a log on the desktop called Fixlog.txt

Copy and paste the contents of the report in your reply. If it is too large please attach it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Describe pop up results

Fixlog

continuityerror · Jun 11, 2023

Oh My! said: ↑

I'm not exactly sure what this means. Might it be a row of tabs/links like News Downloads Videos etc.? If not, please describe in more detail.
Click to expand...

I can't recreate at the moment. Basically it's a different collection of links that doesn't match the initial list that only appears for a second.
Unfortunately, the "'link goes to Amazon" problem JUST happened again, so it's not resolved.
Next message will be the log.

continuityerror · Jun 11, 2023

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by rgwis (11-06-2023 07:54:27) Run:3
Running from C:\Users\rgwis\OneDrive\Desktop\PROGRAMS
Loaded Profiles: rgwis
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sfc /scannow
*****************

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

==== End of Fixlog 07:56:24 ====

Oh My! · Jun 11, 2023

Thank you.

Thank you for the Fixlog, those results look good.

I would like us to reset the Brave browser. Please review What changes when I restore my settings? then complete the reset. Let me know the results.

continuityerror · Jun 11, 2023

Okay -- I reset Brave browser. Reset the search engine to Google. Same thing happened -- this time, I clicked on a Wiki link and it took me to some streaming page with a name like "Lidio" (not to Amazon this time). Also, now some text/images are appearing on the right side of the screen when the search results first appear, then quickly disapper.

Oh My! · Jun 11, 2023

Please do this.

===================================================

Process Monitor Utilizing Customized Import Configuration File

--------------------

Download Process Monitor and save it to your Desktop

Download Brave.pmc and save it to your Desktop

Right click on ProcMon and select Run as administrator

Hit the Ctrl + E keys at the same time to stop capturing events

Hit the Ctrl + X keys at the same time to clear the display

Click Filter, then Reset Filter

Click File, then Import Configuration...

Double click on the Brave.pmc file

On the bottom left hand corner of the Process Monitor screen confirm it says No events (capture disabled)

Hit the Ctrl + E keys at the same time to start capturing events (capture disabled should disappear) although no entries should immediately appear

Launch Brave and monitor for redirects or pop ups

When an event occurs click File, Save, and save the file onto your Desktop using the default file name

Close Process Monitor

Please zip and upload the file to GoFile, WeTransfer, or the file hosting site of your choice. Post the download link in your reply

===================================================

Things I would like to see in your next reply.

Download link

continuityerror · Jun 12, 2023

Okay...is this what you need? https://gofile.io/d/6UEpoJ

Oh My! · Jun 12, 2023

Greetings.

Looks like the wrong file was uploaded. Look for another file with a file extension of .pml

continuityerror · Jun 12, 2023

Sorry. Is this it? https://gofile.io/d/i2VaKI

Oh My! · Jun 12, 2023

Unfortunately that is not it.

Please do this.

===================================================

Farbar Recovery Scan Tool Search

--------------------

Launch FRST

Type the following in the Search: box
Code:
*.pml
Click Search Files button

When completed click OK and a Search.txt document will open on your desktop

Copy and paste the contents of that document your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Search.txt

continuityerror · Jun 13, 2023

I tried with the * and without. Both documents said this:
Farbar Recovery Scan Tool (x64) Version: 12-06-2023
Ran by rgwis (13-06-2023 06:55:13)
Running from C:\Users\rgwis\OneDrive\Desktop\PROGRAMS
Boot Mode: Normal

================== Search Files: ".pml" =============

====== End of Search ======

Oh My! · Jun 13, 2023

Thank you for trying. Apparently for whatever reason we are not capturing the activity I want to monitor.

It is possible what you are experiencing is the result of your wireless router being compromised so I would like to touch on that as well.

Have your connected your laptop to a different network (other than home) and if so do the redirects/pop ups still happen?

Would you be able to turn off wireless connectivity on the laptop and use an Ethernet cable to wire it directly into your modem? (If this doesn't make sense let me know.

Let's try a less complicated program and see if we can gather some information.

===================================================

TcpLogView by Nirsoft

--------------------

Download TcpLogView and save it to your Desktop

Close any open browsers

Right click on the icon, select Extract All... then extract the folder to your Desktop

Right click on TcpLogView (application) and select Run as administrator

Click Options, then select No Local-Host Connections and Write To Log File

Click File, then Clear Log

Launch Brave

Allow the program to monitor computer activity during the time period when suspicious activities have been recorded

Once suspicious activity is viewed click View, then HTML Report - All Items

In the open browser window click File, then Save Page As...

Save the file onto your Desktop using the default TCP Log.htm file name

Please zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Response to questions

Attached zip file

continuityerror · Jun 13, 2023

Thanks for your help. I haven't connected to a different network and have no Ethernet cable.
I've attached the log.
I should note that I accidentally did leave some Brave extensions back ON after shutting them off for a test. After turning them back on, the redirect problem resumed. I suspect one of the Brave extensions is the culprit.

Oh My! · Jun 13, 2023

Thank you for the information.

Resetting Brave should have removed the Extensions.

Please do this.

===================================================

Creating a New Brave Profile

--------------------

Launch Brave

Click on the 3 horizontal bars near the upper right hand corner

Select Create a new profile

Name the profile MGTest

Click Done

Close Brave

Locate and double click on the MGTest icon located on your Desktop to launch the program

Check for redirects

===================================================

Things I would like to see in your next reply.

Results?

continuityerror · Jun 14, 2023

Created a new profile and there were no redirects.

Oh My! · Jun 15, 2023

Thank you for the information.

There are two possibilities. Either the issue is related to an Extension or your User Profile is corrupted. We need to test a bit more to find out which it is.

===================================================

Disabling Brave Extensions

--------------------

Launch Brave and sign into your original profile (not the newly created profile)

Type brave://extensions in the address bar and hit Enter

Enable Developer Mode near the upper right hand corner of the window

Disable all listed Extensions

Close, then relaunch Brave

Check for browser performance and redirects

===================================================

Things I would like to see in your next reply.

Results?

continuityerror · Jun 16, 2023

I only had one extension enabled, as it turns out. This one:
Save & Repost for Instagram
I've disabled it and so far, the issue isn't repeating. So I'm assuming this extension has malware attached.

Oh My! · Jun 16, 2023

Nice work.

I would suggest deleting the Extension then continue to test the browser. Let me know how things go.

Log in or Sign up

Google Result Links Going To Ad Sites

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

Attached Files:

fixlist.txt

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Attached Files:

TCP Log.zip

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

Log in or Sign up

Google Result Links Going To Ad Sites

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

Attached Files:

fixlist.txt

continuityerror Private E-2

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Attached Files:

TCP Log.zip

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

continuityerror Private E-2

Oh My! Malware Expert Staff Member

Useful Searches